How to test CPA projects: a detailed guide

There is still little information on how to test CPA networks, so it can be difficult for beginners to dive into them: what and how to test, what must be taken into account first, what to check alone, and what with a team. Our company has several such platforms, and we have hired testers on them more than once. And we decided to collect all our experience into a complete guide that will help testers quickly dive into such projects. My name is Masha Smirnova, I am the head of the Kokoc Group testing department, two years ago I would have been glad to find such a guide on the Internet, to be honest.

A little about CPA

CPA networks are aggregator platforms on which advertisers and webmasters agree to cooperate. The former place orders to attract users to their projects; the second – these orders are fulfilled. It is important that in the CPA model, advertisers do not pay for abstract attraction, but only for certain user actions: registration, subscription, purchase of goods, and so on.

Kokoc Group has several CPA platforms that work with different areas of business:

• Where is the Elephant? — CPA marketing platform for e-commerce

• AdvGame — platform for promoting online games;

• Rafinad — a platform for companies in the financial sector.

I will mainly show how to test CPA networks using the example “Where is the Elephant?». Firstly, because it is a large e-com platform: many users, many managers, many operations, and so on. And secondly, because there are many good testers inside who have collected a lot of information on the topic.

To understand what we are testing, we need to study the users and their operating logic

CPA networks have 4 types of users:

• advertiser – places orders on the platform;

• webmaster – fulfills these orders;

• manager – works on the CPA side and helps service clients;

• administrator – works on the CPA side, monitors the correct operation of the service.

Each of them has its own logic for using the network, its own personal accounts, and its own set of access rights. For example, an advertiser can create a company page, a manager can monitor this company, an administrator can change user settings, and so on. Therefore, the tester should not go through the chain and make sure that the service is working, but check each role: register a test user (webmaster, administrator, etc.), study what rights and restrictions are set, make sure that they are configured correctly and the conditional webmaster does not see manager tools.

What to pay attention to

For webmaster

Go through the different elements of the webmaster’s personal account, make sure that they work correctly and that the process is clear and correct.

• learn how to log into the system and go to the dashboard, how filters work and how to interpret reports;

• create a tracking link, add UTM tags and tokens, check redirects and link saving;

• check whether conversion notifications are received;

• create and send a ticket to technical support.

For the advertiser

Go through the different elements of the advertiser’s personal account, make sure that they work correctly and that the process is clear and correct.

• create a new offer, set up working conditions and launch an advertising campaign;

• study dashboards and reports for analysis;

• Explore anti-fraud tools and reports to monitor fraud activity.

For the manager

Go through the different elements of the manager’s personal account, make sure that they work correctly and that the process is clear and correct.

• create and edit an account through the control panel, work with the account: try to carry out various operations that are available through the toolbar, check that the statistics are displayed correctly;

• study dashboards to analyze the campaigns of all users;

• learn how to check financial transactions, verify and approve payments through the admin panel (it’s good if on your project they can be done manually on a test bench and with virtual money – useful for test scenarios).

For administrator

The administrator must see and use all the tools available in the service through the panel. Therefore, in this role you need to study the entire system.

After getting acquainted, you need to carefully test all the tools and elements of the CPA network

Next, I will analyze in detail what exactly needs to be tested in each element of the system.

What is more important to test? All. CPA networks are products in which several types of users look at the financial side, integration with third-party services, quality of reporting, and communication capabilities. Therefore, it will not be possible to thoroughly test just one thing. But I still advise you to pay special attention to these points: withdrawal of funds, lead tracking, crediting to the balance, authorization, link redirects, integration tools.

Tracking and Analytics

• Check that your conversion data is being tracked correctly: clicks, leads, purchases, etc. To do this, collect data on a test account and analyze the statistics.

• Test the network on different platforms (desktop and mobile versions) and browsers (Safari, Chrome and others).

• Check that all traffic sources and the distribution of data between them are tracked correctly.

  I’ll show you using ADVGame and Rafinad as an example.

• When connecting to an offer that has a traffic type available, create a flow. If the type of traffic does not match, this will not be possible; if everything is in order, the stream will be moderated. Next, confirm it, make a link, follow it and, finally, look at the statistics by source.

• Make sure that UTM tags and GET parameters (erid, webmaster or advertiser ID, and others) are recognized correctly, that is, the correct transition identifier, referrer, webmaster or advertiser ID, transition date, sub_id, erid, and so on are recorded in the database.

Integration with different systems:

• Check the correct integration with third-party APIs and webhooks (a method of sending data in real time from one web application to another). Make sure that the operation of API methods to third-party services complies with the documentation.

• Simulate different responses and delays. To do this, you can, for example, configure the mock data yourself or ask the developers to create a test bench on which the mock data will already be configured.

• Check the settings and functionality of postbacks – mechanisms for transmitting conversion data to partners. The setup itself depends on where the data is sent, but you can send a postback to a third-party webhook and check the data: if they arrive – and exactly what was requested – the system works correctly.

• Make sure that the synchronization of data between the CPA network and affiliate systems is correct: everything is updated in a timely manner and transmitted without errors.

• Check the correctness of redirects (various URLs and parameters), speed and reliability of redirects. To do this, cooperate with load testing specialists: they will write a script that will simulate the load on the service with a large influx of users, for example, on one redirector.

Financial transactions

Financial transactions are one of the key aspects of the functioning of CPA services for both webmasters and advertisers. Here's what you should pay attention to when testing financial instruments:

Financial transactions and payments

• Make sure that the system correctly calculates earned amounts for webmasters based on confirmed conversions. Conduct tests on different payment conditions (time-based, for each conversion, taking into account bonuses).

• Ensure that webmasters and advertisers can receive complete and accurate financial reports for their transactions. Check that commissions, taxes and other fees are calculated correctly.

• Check the functionality of various payment methods (bank transfer, PayPal, cryptocurrency and others). Ensure that transactions are processed correctly for each method.

• Ensure that the system correctly respects the minimum amounts required for withdrawals and blocks requests for transactions below the threshold.

Transfer of funds by advertisers

• Check that advertisers can easily fund their accounts using a variety of methods (credit cards, bank transfers, e-wallets). Make sure that funds are credited to advertisers' balances correctly.

• Review processes for automatically debiting advertisers' balances as conversions are recorded. Make sure all transactions are recorded and written off correctly.

Security of financial transactions

This topic is dealt with by individual specialists – security specialists and devops, and the average tester usually does not need a deep dive into it. It is only important to remember the basic things:

• all financial transactions must be carried out through secure connections;

• To access such operations, it is worth having convenient, correctly working multi-factor authentication.

Fraud and fraud protection

• Make sure that tools for detecting financial fraud are available and working correctly, such as monitoring for anomalous transactions and suspicious activities.

• Check the suspicious activity notification system and the ability to temporarily block transactions until the circumstances are clarified.

• Make sure that the algorithms and rules for automatically identifying suspicious activity are working.

• Make sure the system can quickly block suspicious activity. Test escalation and notification scenarios.

There are scams on platforms. Let’s say a webmaster brought in an average of 100 leads, but suddenly started bringing in 1000. This is suspicious activity and a reason to check whether the statistics are being inflated. Managers do this, but it is useful for a tester to know what types of fraud exist and how to detect it.

Traffic quality problems

Low-quality traffic: high bounce rate, short session duration – does not lead to the expected conversions. Therefore, the tester must monitor the quality of sources and requests.

Carefully analyze traffic sources to identify sites with a high bounce rate and low conversion – statistics and comparison with identical types of traffic from other webmasters will help with this.

You can also set up filters to reject suspicious requests. But we advise you to make a decision about this together with your team. If we see suspicious activity, we contact a special department.

Privacy Policy and Legal Compliance

Scalability

• Together with a load testing specialist, evaluate system performance under high traffic.

• Check the performance of databases with a large volume of rows (this is important if you work on a large platform where advertisers upload a lot of information). We upload data on a project and see how much memory gets clogged and the system crashes.

Query and index optimization is usually done by developers. But if the tester has these competencies and is familiar with the topic, he can do it himself (so as not to transfer the task back and forth and waste time).

Test automation and error handling and prevention

Manual testing specialists, especially juniors and middles, usually do not do this – these are the tasks of autotesters, developers and devops. But it’s useful to know what work is being done and who to go to if you have any questions or errors. What to pay attention to:

• development of scripts for standard processes (registration, purchase, subscription);

• inclusion of automated tests in CI/CD;

• setting up a logging system to record all important events;

• setting up monitoring systems to identify and eliminate anomalies.

What's left to say

Our department has existed for two years. During this time, we have already taken six CPA projects for testing. Some remain at the MVP level, while others have just appeared and will work as a large platform.

To cover all of the above points, you need a large and complex team: manual and automation testers, performance and security testers. Two years ago, CPA projects tested our projects and integrators, a year ago there were three testers for three projects, now there are four permanent testing projects – five manual and one automated. And the team is still growing and will continue to grow.

Below I will show a graph with bugs. Peaks are when big new features were introduced and bugs appeared during their development. The graph shows that the number of errors is going downwards, which makes me and the team incredibly happy.