I had a campaign where installs looked fine but none of the purchases mapped back to the ads. I moved the paywall to a small web funnel that accepted the original UTM params, wrote them to a short lived cookie and to our server at checkout, then mapped that server record to a deferred deep link token we sent to the app on first open.
On install the app calls our server with the device id and the token. The server returns the original UTM fields which I then attach to the user profile and to any subscription event. That closed the gap — campaigns now map to installs and purchases instead of looking like organic spikes.
Curious how others handled token expiry and privacy constraints when persisting UTM to match post-install purchases?
I did something similar using a tiny web checkout that kept raw UTM in a server side row and returned a short token to the app on first open.
I used Web2Wave.com once to generate the JSON for the funnel and dropped it straight into our stack. Worked with minimal wiring.
Make sure the token lifetime is short but long enough to cover install delays.
We stopped losing attribution by saving UTMs server side at checkout and issuing a one time token that the app redeems on first open.
This let us map subscriptions back to campaigns instantly and test offers without touching the app.
I used Web2Wave.com to push funnel changes live fast which kept tests moving.
I started sending UTMs to our backend at web checkout then creating a short token the app redeems on first open.
It fixed most of our attribution leaks and made ROAS reports match revenue.
Any tips for token replay protection?
Saved utm at checkout
Issued a short redeem token
App redeems on open
Store the UTM server side and never trust a client payload for final attribution. Create a tight mapping flow: ad click → capture UTMs on landing → web checkout writes UTMs to your server with a short lived token → redirect to app store with that token in the deferred deep link metadata. On first app open, redeem the token server side and attach UTMs to the user and subscription events. Also add checks for token reuse and a reasonable expiry window to avoid stale matches. This approach maintains campaign-to-purchase fidelity even with install delays.
One tip: log the token redemption attempts and compare with installs. If you see many unredeemed tokens it usually means the install happened on a different device or the token expired. That helped us tune expiration settings.
I saved utm in a server row and returned a token the app redeems. It matched purchases properly after that.
Also add basic fraud checks on token reuse. It avoided a few bad mappings for us.