Spot risks early
Conversions that land seconds after a click can be coupon sites grabbing last-touch credit, a review-tool double-check, or fraud. This is how you spot the pattern before you pay the wrong partner.
Medium
Click-to-conversion timing is one of the few fraud signals most platforms never see. Everflow tracks it on every conversion. Two prompts surface the anomalies, group them by affiliate, and post a Slack digest so you know exactly where to look. Runs on your Everflow data alone, no new tools.
A partner's traffic can look fine on volume while the click-to-conversion timing tells a different story.
Conversions that land within seconds of a click show up across e-commerce, lead-gen, fintech, iGaming, and mobile. Many teams already run a manual version of this check, flagging anything that converts within a window of roughly 30 seconds to a few minutes.
You might expect a traffic-quality or fraud tool to flag this already. Most of them watch infrastructure signals, like domain reputation, IP, and threat intelligence, rather than how long it takes a click to convert. That timing is a separate signal, and it is the one this recipe surfaces so you can take a closer look.
All of those conversions came within eight seconds of the click. So I set up a rule in Everflow: anything that converts in under three minutes doesn't get paid out.
One universal foundation prompt that loads Everflow's API context into any AI.
# Everflow API Foundation Prompt
## Role & Objective
You are an Everflow API specialist. Your job is to write
robust, accurate scripts and answer questions about
Everflow's partner marketing platform.
## Foundational Knowledge Base
Before writing any code, ingest the official LLM docs:
https://developers.everflow.io/llms.txtPre-tuned to the 30-second standard. Same prompt across Claude, ChatGPT, Gemini.
v1.0 · tag
# Role
You are an Everflow ops assistant.
# Inputs
api_key = {API_KEY}
network_id = {NETWORK_ID}
window_hours = 1
slack_webhook = {SLACK_WEBHOOK_URL}
# Task
1. POST /v1/networks/reporting/conversions
body: { from: now-{window_hours}h, to: now, columns: ["affiliate","offer"] }
2. For each row, compute: time_to_convert = conversion_unix_timestamp - click_unix_timestamp
3. Flag rows with short click-to-conversion times by time band:
band_under_5s = time_to_convert < 5
band_5s_to_10s = 5 <= time_to_convert < 10
band_10s_to_30s = 10 <= time_to_convert < 30
4. Group by affiliate_id. Per group: count, band breakdown (report each band as a time
range only — e.g. "11 in 10–30s band", not a label like "likely coupon" or "bot"),
avg time-to-convert, 3 sample conversion_ids.
5. POST a Slack digest to {slack_webhook}.
# Guardrails (skip these rows)
- is_view_through = true (no click event)
- click_unix_timestamp = 0 / null (clickless coupon, intentional)
- time_to_convert < 0 (server-postback skew)
Think through edge cases carefully before drafting code. Show the request payloads and the final Slack message structure separately.Hi! I need you to run a fast-conversion fraud check on my Everflow account.
INPUTS (I'll paste these in):
- API key
- Network ID
- Slack webhook URL
- Time window (default: last 1 hour)
WHAT TO DO:
1. Call POST /v1/networks/reporting/conversions for the last {window_hours} hours, grouped by affiliate and offer.
2. For each row, calculate time_to_convert = conversion_unix_timestamp - click_unix_timestamp.
3. Sort suspicious rows into 3 buckets:
- Under 5 seconds = likely bot
- 5 to 10 seconds = needs review
- 10 to 30 seconds = likely coupon poaching
4. Group by affiliate_id. For each affiliate, show: total count, bucket breakdown, average time-to-convert, 3 sample conversion IDs.
5. POST the digest to my Slack webhook.
IMPORTANT - skip these rows entirely (they aren't fraud):
- View-through conversions (is_view_through = true)
- Clickless coupon conversions (click_unix_timestamp = 0 or null)
- Negative time_to_convert (server clock skew)
Return the runnable code, the expected Slack message format, and any assumptions you made.**Goal:** Catch fast-conversion fraud in last {window_hours} hours and post a Slack alert.
**Credentials**
- `api_key`: {API_KEY}
- `network_id`: {NETWORK_ID}
- `slack_webhook`: {SLACK_WEBHOOK_URL}
- `window_hours`: 1
**Steps**
1. **Fetch conversions**
- `POST /v1/networks/reporting/conversions`
- body: `{ from: now-{window_hours}h, to: now, columns: ["affiliate","offer"] }`
2. **Calculate time-to-convert**
- `time_to_convert = conversion_unix_timestamp - click_unix_timestamp`
3. **Classify into bands**
| Band | Range | Likely cause |
|---|---|---|
| `band_bot` | < 5s | Bot traffic |
| `band_review` | 5-10s | Needs manual review |
| `band_coupon` | 10-30s | Coupon poaching |
4. **Group by affiliate_id**, output:
- Total flagged count
- Per-band breakdown
- Average time-to-convert
- 3 sample `conversion_id`s
5. **Post to Slack** at `{slack_webhook}` as a formatted digest.
**Guardrails - drop these rows:**
- `is_view_through == true` (no click event exists)
- `click_unix_timestamp == 0` or `null` (clickless coupon by design)
- `time_to_convert < 0` (postback clock skew)
Use markdown formatting in the Slack message. Show me your reasoning, then the code, then a sample output.curl -X POST https://api.everflow.io/v1/networks/reporting/conversions \
-H "X-Eflow-API-Key: {API_KEY}" \
-H "Content-Type: application/json" \
-d '{"from":"now-1h","to":"now","columns":["affiliate","offer"]}'Generate API key
Core Platform → Control Center → Security → API Keys → click the + API key button. Read-only on Reporting is enough.
Add Slack webhook
Pick the channel where alerts should land (e.g. #partner-review) and copy the webhook URL.
Paste keys into the prompt
Replace {API_KEY}, {NETWORK_ID}, and {SLACK_WEBHOOK_URL} in the block above. The agent does the rest.
Run in Claude, ChatGPT, or Gemini
First run gives you a snapshot of the last hour. The Slack digest lands in 30 to 90 seconds, grouped by affiliate with the band breakdown.
Schedule hourly
Drop the prompt into Make, Zapier, or Apps Script. Get an inbox alert whenever anything trips.
What short click-to-conversion windows can indicate: The most common cause is a coupon or cashback publisher claiming last-click attribution right before a purchase completes. Fraud tactics are another common source. Last-second review site checks are possible but less likely. Most shoppers browse for longer before completing a purchase. Review the partner details and conversion IDs to determine which applies.
Some, yes. That's why we sub-classify. Repeat customers logged into a brand they already trust can convert in 5 to 10 seconds, especially on consumer staples (coffee subscriptions, app installs). The band_review bucket is for those: investigate, don't auto-block.
Skipped. View-through (is_view_through=true) has no click event and a click_unix_timestamp of 0. The prompt drops them.
Also skipped. Everflow has a documented clickless coupon tracking pattern where click_unix_timestamp is 0 by design. Those conversions aren't fraud, they're working as intended.
Repeat customers logged into a brand they already trust can convert legitimately in 5 to 10 seconds (coffee subs, app installs). The band_review bucket exists for those: investigate, don't auto-block.
Mobile-heavy programs may want a 10s cutoff instead of 30s for click-injection detection.
Drop us the question you wish had a prompt. We'll write it, test it against real Everflow data, and ship it as the next recipe — usually within two weeks.
One Tuesday email. Latest industry news plus new recipes the day they ship. Unsubscribe in one click.
Share what's working with the Everflow API. Our team will reach out about details, timelines, and next steps.
