How we built a referral system without touching a single line of client code
How we created a platform-agnostic referral tracking system that increased organizer acquisition by 40%
A ticketing startup came to us with a growth challenge: they wanted to launch a referral program to acquire new event organizers, but their engineering team was already stretched thin. They couldn’t afford to build referral infrastructure into their core platform.
Most referral solutions—Rewardful, FirstPromoter, PartnerStack—require deep integration with your billing and user systems. That wasn’t an option here.
So we built something different.
The Challenge
The client needed a complete referral system: tracking links, attribution, analytics, and a polished landing page experience. But they had strict constraints.
First, zero modifications to their existing codebase. Their engineering team had a product roadmap to deliver, and embedding third-party tracking code wasn’t on it. Second, they wanted accurate attribution without relying on cookies or requiring users to take extra steps. Third, they needed the system live quickly—weeks, not months.
Traditional referral platforms couldn’t work. They all assume you can integrate with the target platform’s signup flow. We needed to track referrals to a destination we didn’t control.
Why Existing SaaS Solutions Failed
We evaluated every major player in the referral space:
| Solution | Monthly Cost | Problem |
|---|---|---|
| PartnerStack | $500+ | Requires billing integration |
| Rewardful | $49-99 | Needs Stripe/Paddle connection |
| FirstPromoter | $49-99 | Caps affiliates, needs integration |
| Post Affiliate Pro | $129+ | Heavy setup, enterprise-focused |
| Refgrow, LeadDyno | $29-49 | Limited attribution, basic features |
Every single one required access to the client’s signup and payment systems. Without that integration, they simply don’t work.
Our Solution: Independent Tracking Layer
We built a tracking system that sits between the referrer and the destination, capturing attribution data without touching the client’s codebase.
Architecture Overview
┌─────────────────┐ ┌──────────────────┐ ┌─────────────────┐
│ Organizer │ │ HuSig Tracker │ │ Client Signup │
│ Dashboard │────▶│ Page │────▶│ Page │
└─────────────────┘ └──────────────────┘ └─────────────────┘
│ │ │
▼ ▼ ▼
┌─────────────────┐ ┌──────────────────┐ ┌─────────────────┐
│ Generate unique │ │ Capture: │ │ User signs up │
│ referral link │ │ • Fingerprint │ │ with UTM params │
│ │ │ • IP + Timestamp │ │ │
│ │ │ • Device data │ │ │
└─────────────────┘ └──────────────────┘ └─────────────────┘
│
▼
┌──────────────────┐
│ Attribution │
│ Engine matches │
│ conversion back │
│ to original click│
└──────────────────┘
The key innovation: we never need to touch the client’s code. The tracking happens entirely in our layer.
Multi-Method Attribution
We implemented three attribution methods to maximize accuracy, each with different tradeoffs:
Method 1: UTM Parameters (90%+ accuracy)
When a user clicks a referral link like refer.tixfix.ai/r/ABC123, our tracker redirects them to the signup page with UTM parameters appended:
https://app.tixfix.ai/signup?utm_source=husig&utm_campaign=ABC123&husig_click_id=click_789
If the client’s system passes these parameters back via webhook when a conversion happens, we get near-perfect attribution.
Method 2: Browser Fingerprinting (70% accuracy)
For cases where UTM data isn’t available, we fall back to device fingerprinting. On every click, we capture:
- IP address (with geo-location)
- User agent string
- Screen resolution
- Timezone offset
- Browser language
- Canvas fingerprint hash
We combine these into a fingerprint hash and store it with a timestamp. When a conversion comes in, we search for matching fingerprints within a configurable time window (default: 7 days).
def generate_fingerprint(request_data):
components = [
request_data['ip'],
request_data['user_agent'],
request_data['screen_resolution'],
request_data['timezone'],
request_data['language']
]
return hashlib.sha256('|'.join(components).encode()).hexdigest()[:16]
Method 3: Email Bridge (95% accuracy)
For high-value referrals, we optionally capture the user’s email before redirecting. This creates a direct match when they sign up with the same email—no fingerprinting required.
The Matching Algorithm
When a conversion event arrives (via webhook or manual import), the attribution engine runs through the methods in priority order:
def attribute_conversion(conversion_data):
# Method 1: Direct UTM match
if conversion_data.get('husig_click_id'):
click = db.clicks.find_one({'click_id': conversion_data['husig_click_id']})
if click:
return {'method': 'utm', 'confidence': 0.95, 'click': click}
# Method 2: Email match
if conversion_data.get('email'):
click = db.clicks.find_one({
'captured_email': conversion_data['email'],
'timestamp': {'$gte': conversion_data['timestamp'] - timedelta(days=30)}
})
if click:
return {'method': 'email', 'confidence': 0.95, 'click': click}
# Method 3: Fingerprint match
fingerprint = generate_fingerprint(conversion_data)
clicks = db.clicks.find({
'fingerprint': fingerprint,
'timestamp': {'$gte': conversion_data['timestamp'] - timedelta(days=7)}
}).sort('timestamp', -1)
if clicks:
# Score by recency
best_match = score_matches(clicks, conversion_data['timestamp'])
return {'method': 'fingerprint', 'confidence': 0.70, 'click': best_match}
return {'method': 'none', 'confidence': 0, 'click': None}
The Landing Page Experience
A referral program is only as good as its conversion rate. We designed a landing page at refer.tixfix.ai that clearly communicated the value proposition.
Design Principles
Clear reward structure: Users see exactly what they’ll earn. We made the math visible, 25 dollars for the first referral, scaling up to 100 dollars per referral at higher tiers.
Single call-to-action: The page does one thing: get users to submit their referral. No distractions, no competing links.
Mobile-first: 60%+ of referral link clicks come from mobile (shared via text, social). The page had to work perfectly on phones.
Technical Implementation
We separated concerns for maintainability:
- External CSS instead of inline styles—easier to update branding
- Responsive breakpoints tested on actual devices, not just browser resize
- Fixed navbar with clear branding that doesn’t scroll away
- Smooth scroll to the form section when CTA is clicked
<!-- Hero CTA that scrolls to form -->
<a href="#referral-form" class="cta-button">
Refer an Organizer →
</a>
<style>
html {
scroll-behavior: smooth;
}
.cta-button {
background: linear-gradient(135deg, #4F46E5, #7C3AED);
padding: 16px 32px;
border-radius: 8px;
font-weight: 600;
}
</style>
The Email Confirmation System
When someone submits a referral, they get an immediate confirmation email. Email design has its own constraints—we couldn’t rely on web techniques.
What we avoided:
- Images for branding (often blocked by email clients)
- Complex layouts that break in Outlook
- Dark-only designs that fail in light mode clients
What we built:
- Text-based TixFix branding
- Dark header/footer matching the website aesthetic
- Mobile-friendly single-column layout
- Clear next steps and reward information
<!-- Email-safe header -->
<table width="100%" bgcolor="#1a1a2e">
<tr>
<td style="padding: 24px; text-align: center;">
<span style="color: #ffffff; font-size: 24px; font-weight: bold;">
📧 TixFix Referral Rewards
</span>
</td>
</tr>
</table>
Backend Infrastructure
Tech Stack
- FastAPI — Lightweight, fast, async-native Python framework
- MongoDB — Flexible schema for click/conversion data
- Redis — Rate limiting and caching
- AWS EC2 — Hosting with CloudFront CDN for the tracking page
Data Models
# Click tracking document
{
"_id": ObjectId("..."),
"click_id": "click_abc123",
"referrer_code": "ORG_456",
"referrer_id": "organizer_789",
"fingerprint": "a1b2c3d4e5f6g7h8",
"ip_address": "192.168.1.1",
"user_agent": "Mozilla/5.0...",
"screen_resolution": "1920x1080",
"timezone": "America/Los_Angeles",
"utm_params": {
"source": "husig",
"campaign": "ORG_456",
"medium": "referral"
},
"captured_email": null,
"timestamp": ISODate("2025-01-15T10:30:00Z"),
"converted": false,
"conversion_id": null
}
# Conversion document
{
"_id": ObjectId("..."),
"conversion_id": "conv_xyz789",
"attributed_click_id": "click_abc123",
"attribution_method": "utm",
"attribution_confidence": 0.95,
"referrer_code": "ORG_456",
"converted_user_email": "[email protected]",
"reward_status": "pending",
"reward_amount": 25.00,
"timestamp": ISODate("2025-01-15T11:45:00Z")
}
API Endpoints
@app.post("/api/clicks")
async def track_click(click_data: ClickData):
"""Record a referral link click"""
click_id = generate_click_id()
fingerprint = generate_fingerprint(click_data)
await db.clicks.insert_one({
"click_id": click_id,
"referrer_code": click_data.referrer_code,
"fingerprint": fingerprint,
"ip_address": click_data.ip,
"user_agent": click_data.user_agent,
"timestamp": datetime.utcnow()
})
return {"click_id": click_id, "redirect_url": build_redirect_url(click_data)}
@app.post("/api/conversions")
async def record_conversion(conversion_data: ConversionData):
"""Record and attribute a conversion"""
attribution = await attribute_conversion(conversion_data)
if attribution['click']:
await db.clicks.update_one(
{"click_id": attribution['click']['click_id']},
{"$set": {"converted": True, "conversion_id": conversion_data.id}}
)
await db.conversions.insert_one({
"conversion_id": conversion_data.id,
"attributed_click_id": attribution['click']['click_id'],
"attribution_method": attribution['method'],
"attribution_confidence": attribution['confidence'],
"timestamp": datetime.utcnow()
})
return attribution
@app.get("/api/referrers/{referrer_id}/stats")
async def get_referrer_stats(referrer_id: str):
"""Get performance stats for a referrer"""
pipeline = [
{"$match": {"referrer_id": referrer_id}},
{"$group": {
"_id": None,
"total_clicks": {"$sum": 1},
"total_conversions": {"$sum": {"$cond": ["$converted", 1, 0]}},
"conversion_rate": {"$avg": {"$cond": ["$converted", 1, 0]}}
}}
]
return await db.clicks.aggregate(pipeline).to_list(1)
Fraud Protection
Referral systems attract abuse. We implemented several protections:
Rate limiting: Max 100 clicks per IP per hour, max 10 conversions per referrer per day
Fingerprint velocity: Flag referrers with suspiciously similar fingerprints across clicks
Conversion timing: Flag conversions that happen within seconds of clicks (bot behavior)
Email domain analysis: Flag conversions from disposable email domains
async def check_fraud_signals(click_data, conversion_data):
signals = []
# Check click-to-conversion time
time_delta = conversion_data.timestamp - click_data.timestamp
if time_delta < timedelta(seconds=30):
signals.append("suspicious_timing")
# Check for disposable email
if is_disposable_email(conversion_data.email):
signals.append("disposable_email")
# Check fingerprint velocity
similar_clicks = await db.clicks.count_documents({
"fingerprint": click_data.fingerprint,
"timestamp": {"$gte": datetime.utcnow() - timedelta(hours=1)}
})
if similar_clicks > 5:
signals.append("fingerprint_velocity")
return signals
Analytics Dashboard
Referrers need to see their performance. We built a real-time dashboard showing:
- Total clicks with daily/weekly/monthly breakdowns
- Conversion rate compared to platform average
- Pending vs. paid rewards
- Top performing referral channels (where clicks originate)
The dashboard updates in real-time via WebSocket connections, so referrers see conversions the moment they happen.
The Results
The system went live at refer.tixfix.ai within three weeks of starting development.
Acquisition Impact
- 40% of new organizer signups came through referrals in the first two months
- 2.3 average referrals per active referrer — the reward tiers motivated continued sharing
- Customer acquisition cost dropped 60% compared to paid advertising channels
- Referral users had 25% higher retention at 90 days vs. organic signups
Operational Efficiency
- 70% faster setup compared to integrated solutions — no engineering coordination required
- 85% attribution accuracy across all methods combined
- Zero client engineering time — their team stayed focused on product
- 3-week delivery from kickoff to production launch
Technical Performance
- < 100ms redirect latency — users don’t notice the tracking hop
- 99.9% uptime since launch
- 50,000+ clicks tracked without performance degradation
Key Takeaways
Platform-Agnostic Tracking is Underserved
The referral SaaS market assumes you can integrate with your target platform. When you can’t—or don’t want to—the options disappear. There’s a real gap here for businesses working with partners, affiliates, or any scenario where you’re driving traffic to systems you don’t control.
Browser Fingerprinting Works Better Than Expected
Combined with timing windows and IP data, device fingerprints provide surprisingly accurate attribution without requiring cookies or consent flows. It’s not perfect, but 70% accuracy on a fallback method is valuable.
Simple Landing Pages Convert
We resisted the urge to over-design. Clear value proposition, visible reward math, prominent call-to-action, mobile-first layout. The page does one thing and does it well. Conversion rate on the landing page exceeded 30%.
Fraud Protection is Non-Negotiable
Every referral system attracts gaming attempts. Building fraud detection from day one saved significant manual review time later. The velocity checks alone caught 90%+ of suspicious activity automatically.
What’s Next
The independent tracking approach we built has applications beyond this single client:
- B2B partnerships where code integration isn’t feasible
- Cross-platform referrals spanning multiple destinations
- Agency management of referrals across multiple clients
- Affiliate networks without heavy technical requirements
We’re exploring productizing this as a standalone SaaS—a platform-agnostic referral tracker for teams who can’t or won’t integrate traditional solutions.
Looking to build growth infrastructure without heavy engineering lift? Get in touch to discuss how we can help.