A referral tracker on AWS for a few dollars a month
Word of mouth is the cheapest customer a small business ever gets, and almost nobody tracks it. This post walks through the design of a small serverless system that gives every customer their own referral link, follows the friend they send from click to sign-up to first purchase, and — only then — credits both sides exactly once, with the self-referrals and dupes quietly filtered out.
Key takeaways
- A customer asks for a referral link; the system mints a unique code and one Bedrock call writes a shareable invite in your voice.
- A tap on the link is logged behind a fast redirect, so word of mouth becomes something you can actually see and credit.
- A sign-up is attributed to the referrer on a last-touch window; the reward stays pending until the friend genuinely converts.
- On conversion, both sides are credited exactly once and thanked — self-referrals, dupes, and empty codes are filtered out first.
- Designed on AWS for about $1.70/month at roughly 200 clicks and 20 conversions. Every decision is plain Python; the model only writes words.
The whole system on one page
Before any code, here’s the shape of what we’re designing. Nearly every small business has customers who’d happily recommend them — the meal-prep subscriber who won’t shut up about it at work, the regular at the barber’s, the neighbour who watched the window cleaner do next door. The trouble is that goodwill vanishes the moment it’s spoken: there’s no link, no record, no way to say thank you to the person who actually sent someone. The system below catches that moment and makes it trackable. A customer asks for their link, a friend they send taps it, and if that friend becomes a real customer, both of them are rewarded — automatically, and only once.
What you set up once (the outside)
- Your store and checkout. Wherever a new customer signs up and makes their first purchase — a subscription app, a booking page, a shop. It needs to do three things: send a sign-up event when someone creates an account (carrying whatever referral token they arrived with), fire a conversion webhook when that account makes its first real purchase, and accept a reward back — a credit, a discount code, a free box — so the system can fulfil what it promises. You point these at one AWS URL and store the signing key in Secrets Manager. This is the trigger for attribution and reward, and it’s covered in Parts 3 and 4.
- The reward terms and voice. A small settings doc: what each side gets (say £10 credit for the referrer and £10 off the friend’s first box), how long the last-touch window runs, the daily velocity limits, and the business’s voice for the invite and thank-you copy. This is where you decide the shape of the offer; the system just enforces it. The reward catalogue — the actual codes or credits it hands out — lives with the store.
- Your team. The person who looks at anything the system deliberately won’t pay on its own — a referral held by the fraud screen, usually because it looks like a self-referral or a code behaving like a bot. They get an email with the referrer, the referred customer, and exactly why it was held, and they approve or reject it. The system never pays a held referral automatically; a human makes that call.
What runs on every referral (the inside)
- Mint & invite. A customer asks for their link — a tap in the app, a click on the account page. One Lambda mints a short, unique, collision-proof code, records who it belongs to and the reward terms in force, and makes a single Bedrock Haiku 4.5 call to write a shareable invite in the business’s voice. The link goes back to the customer to share. This is Part 2.
- Attribute. When a friend taps the link, the request hits a Lambda Function URL that logs the click and redirects them straight to the sign-up page in a few milliseconds. If that friend signs up, the system credits the most recent referrer inside the last-touch window and opens a pending referral. A click and a sign-up on their own pay nothing. This is Part 3.
- Reward. When the referred person makes a genuine first purchase, the checkout fires a conversion webhook. The system confirms the referral is pending and eligible, credits both sides exactly once with a conditional write, fulfils the reward through the store, and makes one Bedrock call to write two short thank-you notes. This is Part 4.
- Screen. The fraud lane that everything a payout depends on runs through: is the referred person really the referrer wearing a different hat? Has this friend already been rewarded once? Is one code suddenly spraying clicks and sign-ups like a script? Self-referrals and dupes are blocked outright; anything merely suspicious is held for a person. This is Part 5.
In plain words
Dan has had a FreshBox meal-prep subscription for a few months and keeps recommending it. He taps “refer a friend” in the app; a second later he has a link — refer.freshbox.uk/r/7QK2A — and a ready-written message: “I’ve been getting FreshBox for a while and it’s genuinely saved my weeknights. Here’s £10 off your first box if you fancy trying it.” He sends it to his friend Mara. On Tuesday she taps the link out of curiosity; the redirect logs the click and drops her on the sign-up page. On Thursday she comes back and signs up — the system looks over the last-touch window, sees Dan’s was the most recent link she touched, and opens a pending referral crediting him. Nothing is paid yet. The following week her first box ships and the checkout fires a conversion. Now both sides are credited exactly once: Dan gets £10 off next month, Mara’s £10 welcome discount is confirmed, and each gets a warm thank-you. Nobody at FreshBox touched a thing.
A week later a different account tries the same code from Dan’s own phone, on the same card he pays with, under a new email. That isn’t a referral — it’s Dan trying to refer himself for a second £10. The system matches the new sign-up’s payment fingerprint and device to Dan’s existing account, recognises a self-referral, and blocks it before a penny moves. It doesn’t email Dan an accusation; it simply declines to pay and records why, and if anything about the case is genuinely ambiguous it lands in front of a person rather than being guessed at. The honest referral pays instantly; the self-referral quietly doesn’t.
Design rules that shaped every decision
- Pay on conversion, not on hope. A click or a sign-up earns nothing; only a genuine first purchase triggers a reward.
- Both sides, exactly once. Each referred customer credits the referrer and themselves a single time — a repeat webhook never double-pays.
- Last touch wins, inside a window. The most recent referrer within the window gets the credit; stale clicks expire and pay nobody.
- The model only writes words. The invite and the thank-you are phrased by Bedrock; every attribution and fraud decision is deterministic.
- Assume it’ll be gamed. Self-referrals and dupes are blocked, and anything spraying like a bot is held for a human, not paid.
- The redirect stays instant. Logging a click never slows the link down; the visitor is on their way in milliseconds.
Why this shape
Most small businesses handle referrals one of three ways: they don’t — goodwill evaporates unrecorded; they run an honesty-box “mention my name” scheme that nobody remembers to apply; or they buy a full referral SaaS with a monthly seat price that only makes sense at real scale. The first leaves money on the table every week. The second is untrackable and unfair — the customer who actually sent three people gets nothing. The third is a fixed bill for something a barber or a window cleaner uses a dozen times a month. The gap is a cheap, honest way to mint a link, follow it, and pay out fairly — and nothing in a typical small shop fills it.
The shape above fills exactly that gap and nothing more. It leans on the store you already run for the sign-up and conversion events, keeps the reward terms as a setting you control, and adds a small system that turns each customer’s recommendation into a trackable link and a fair payout. The common case — a real friend who really subscribes — runs end to end with no human involved. The few that are dubious are pulled out before any money moves and put in front of a person, with the whole story attached.
The next four posts walk through each piece in turn: how a referral link gets minted, how a referral gets attributed, how a reward gets issued, and how referral fraud gets caught. One diagram per post. A cost breakdown and a final engineering reference at the end.
All posts