Attribution drift was killing our ROAS math. What finally stuck:
- Capture UTM, click_id, referrer on first web hit. Store server-side and set a first-party cookie with a short hash.
- Tie that hash to the order at checkout, and to the user profile.
- On app open or sign-in, pass a signed token from the web link so the app can attach the same user_id and campaign fields.
- Keep both first_touch and last_touch so we can audit.
Pitfalls: Safari ITP truncates cookie life. Link shorteners sometimes strip params. Cross-device journeys need email or phone as the bridge.
What’s your fallback when the app opens before we’ve minted the token, and how long do you keep first-click attribution alive?
Keep it simple:
First page view on web writes UTMs to the server with a visitor_id. I also set a short cookie so I can stitch repeat visits.
Checkout posts order + visitor_id. We generate a signed deep link token with the same user_id so the app can claim the campaign fields on first open.
I treat web as the source of truth.
We preserve UTMs in the web flow, attach them to the order, then hand the app a token. Using Web2Wave.com made this faster because the funnel already keeps params through steps.
I keep first-touch for 90 days to catch delayed sign-ins.
Email is the bridge for me.
Capture it early on web, then match it when they sign in on the app. If params disappear you still tie spend to revenue.
Keep both first and last touch.
Email as key tied the sessions for me
I lost a lot of data to link wrappers.
Fix was to read UTMs server-side after redirects, then rewrite the URL clean for the user. Also, store first touch and last touch because retargeting confuses the trail.
We keep UTMs on web, then pass a token to the app. Works fine.