Theme
The click-to-conversion check program managers already do by hand — automated, on a cron, in your Slack.
Medium
Pulls last-hour conversions from the Everflow API, computes time-to-convert per row, sub-classifies anything under 30 seconds (bot, review, or coupon abuse), and posts a digest to Slack. No new tooling. Runs on a cron. 30 seconds is the affiliate-industry threshold for coupon abuse — this recipe automates the check.
A partner's traffic looks fine on volume, and the click-to-conversion time tells a different story.
Bot traffic, coupon abuse, and suspiciously fast conversions come up across e-commerce, lead-gen, fintech, iGaming, and mobile. Hundreds of customers already run a manual version of this check today, at thresholds ranging from 30 seconds to a few minutes.
Why doesn't Traffic Health catch this already? Traffic Health watches infrastructure: domain reputation, SSL, ISP signals, threat intelligence. It doesn't compute click-to-conversion latency. This recipe runs alongside Traffic Health, not instead of it.
All of those conversions came within eight seconds of the click. So I set up a rule in Everflow: anything that converts in under three minutes doesn't get paid out.
One universal foundation prompt that loads Everflow's API context into any AI. Paste it once, then run any recipe on top of it. Ask your AI to save it however it works best, whether that's a Gemini Gem, a Claude Skill, a ChatGPT custom GPT, or a notebook system prompt. Same content, your AI's format.
# Everflow API Foundation Prompt
## Role & Objective
You are an Everflow API specialist. Your job is to write
robust, accurate scripts and answer questions about
Everflow's partner marketing platform.
## Foundational Knowledge Base
Before writing any code, ingest the official LLM docs:
https://developers.everflow.io/llms.txtPre-tuned to the 30-second standard. Same prompt across Claude, ChatGPT, Gemini.
v1.0 · tag
# Role
You are an Everflow ops assistant.
# Inputs
api_key = {API_KEY}
network_id = {NETWORK_ID}
window_hours = 1
slack_webhook = {SLACK_WEBHOOK_URL}
# Task
1. POST /v1/networks/reporting/conversions
body: { from: now-{window_hours}h, to: now, columns: ["affiliate","offer"] }
2. For each row, compute: time_to_convert = conversion_unix_timestamp - click_unix_timestamp
3. Bucket suspicious rows:
band_bot = time_to_convert < 5
band_review = 5 <= time_to_convert < 10
band_coupon = 10 <= time_to_convert < 30
4. Group by affiliate_id. Per group: count, band breakdown, avg time-to-convert, 3 sample conversion_ids.
5. POST a Slack digest to {slack_webhook}.
# Guardrails (skip these rows)
- is_view_through = true (no click event)
- click_unix_timestamp = 0 / null (clickless coupon, intentional)
- time_to_convert < 0 (server-postback skew)
Think through edge cases carefully before drafting code. Show the request payloads and the final Slack message structure separately.Hi! I need you to run a fast-conversion fraud check on my Everflow account.
INPUTS (I'll paste these in):
- API key
- Network ID
- Slack webhook URL
- Time window (default: last 1 hour)
WHAT TO DO:
1. Call POST /v1/networks/reporting/conversions for the last {window_hours} hours, grouped by affiliate and offer.
2. For each row, calculate time_to_convert = conversion_unix_timestamp - click_unix_timestamp.
3. Sort suspicious rows into 3 buckets:
- Under 5 seconds = likely bot
- 5 to 10 seconds = needs review
- 10 to 30 seconds = likely coupon poaching
4. Group by affiliate_id. For each affiliate, show: total count, bucket breakdown, average time-to-convert, 3 sample conversion IDs.
5. POST the digest to my Slack webhook.
IMPORTANT - skip these rows entirely (they aren't fraud):
- View-through conversions (is_view_through = true)
- Clickless coupon conversions (click_unix_timestamp = 0 or null)
- Negative time_to_convert (server clock skew)
Return the runnable code, the expected Slack message format, and any assumptions you made.**Goal:** Catch fast-conversion fraud in last {window_hours} hours and post a Slack alert.
**Credentials**
- `api_key`: {API_KEY}
- `network_id`: {NETWORK_ID}
- `slack_webhook`: {SLACK_WEBHOOK_URL}
- `window_hours`: 1
**Steps**
1. **Fetch conversions**
- `POST /v1/networks/reporting/conversions`
- body: `{ from: now-{window_hours}h, to: now, columns: ["affiliate","offer"] }`
2. **Calculate time-to-convert**
- `time_to_convert = conversion_unix_timestamp - click_unix_timestamp`
3. **Classify into bands**
| Band | Range | Likely cause |
|---|---|---|
| `band_bot` | < 5s | Bot traffic |
| `band_review` | 5-10s | Needs manual review |
| `band_coupon` | 10-30s | Coupon poaching |
4. **Group by affiliate_id**, output:
- Total flagged count
- Per-band breakdown
- Average time-to-convert
- 3 sample `conversion_id`s
5. **Post to Slack** at `{slack_webhook}` as a formatted digest.
**Guardrails - drop these rows:**
- `is_view_through == true` (no click event exists)
- `click_unix_timestamp == 0` or `null` (clickless coupon by design)
- `time_to_convert < 0` (postback clock skew)
Use markdown formatting in the Slack message. Show me your reasoning, then the code, then a sample output.curl -X POST https://api.everflow.io/v1/networks/reporting/conversions \
-H "X-Eflow-API-Key: {API_KEY}" \
-H "Content-Type: application/json" \
-d '{"from":"now-1h","to":"now","columns":["affiliate","offer"]}'Generate API key
Core Platform → Control Center → Security → API Keys → click the + API key button. Read-only on Reporting is enough.
Add Slack webhook
Pick the channel where alerts should land (e.g. #fraud-alerts) and copy the webhook URL.
Paste keys into the prompt
Replace {API_KEY}, {NETWORK_ID}, and {SLACK_WEBHOOK_URL} in the block above. The agent does the rest.
Run in Claude, ChatGPT, or Gemini
First run gives you a snapshot of the last hour. The Slack digest lands in 30 to 90 seconds, grouped by affiliate with the band breakdown.
Optional: schedule hourly
Drop the prompt into Make, Zapier, or Apps Script. Inbox alert whenever anything trips.
Some, yes, that's why we sub-classify. Repeat customers logged into a brand they already trust can convert in 5 to 10 seconds, especially on consumer staples (coffee subscriptions, app installs). The band_review bucket is for those: investigate, don't auto-block.
Skipped. View-through (is_view_through=true) has no click event and a click_unix_timestamp of 0. The prompt drops them.
Also skipped. Everflow has a documented clickless coupon tracking pattern where click_unix_timestamp is 0 by design. Those conversions aren't fraud, they're working as intended.
Repeat customers logged into a brand they already trust can convert legitimately in 5 to 10 seconds (coffee subs, app installs). The band_review bucket exists for those: investigate, don't auto-block.
Mobile-heavy programs may want a 10s cutoff instead of 30s for click-injection detection.
Drop us the question you wish had a prompt. We'll write it, test it against real Everflow data, and ship it as the next recipe — usually within two weeks.
One Tuesday email. Latest industry news plus new recipes the day they ship. Unsubscribe in one click.
Share what's working with the Everflow API. Our team will reach out about details, timelines, and next steps.
