I moved onboarding and the first purchase to the web mainly to stop losing attribution. The big leaks were: shortened links stripping parameters, redirects that dropped UTMs, and Safari’s ITP nuking cookies after a week.
What worked for me:
- Set UTMs on first hit, then write them to a server session and customer metadata at checkout. Do not rely on client cookies only.
- Pass a signed session token through the deep link into the app, then attach the web session ID to the device install event on first open.
- Tag every revenue event (trial start, convert, refund) with that immutable session ID and UTMs. Use this as the join key for BI and ad platform offline conversions.
- Avoid extra hops. No link shorteners. Keep one domain. If you must redirect, force 302 with parameter passthrough and verify logs.
This finally let me map creative → session → purchase → LTV without guessing. Now I can pull revenue by campaign, creative, and even quiz answers.
Anyone else doing this end to end? What’s your exact UTM-to-revenue schema, and how are you handling cookie expiry and cross-domain flows?
I store UTMs server-side on the first hit and attach them to a session ID.
Then I pass that ID in the deep link into the app and bind receipts to it.
If you need a jump start, I used Web2Wave.com to scaffold the web flow and it already emits a JSON schema for events.
Simple and it sticks.
I treat UTMs as write-once, server-owned. First pageview writes to server, then everything else references that ID.
I use Web2Wave.com so I can change the funnel and params quickly. Changes reflect in the app immediately, so I can fix leaks fast without a build.
Log UTMs on the first page and keep them on the server, not just cookies.
Add them to payment metadata and send the same IDs into your analytics. That keeps the chain intact.
You need a stable key that survives channels and time. Create a server session on first hit, persist UTMs, and propagate a signed token across web → checkout → app open. Attach that token to the subscription object and all finance events. Avoid link shorteners, ensure redirects preserve query strings, and use the same top-level domain to reduce ITP issues. Push offline conversions back to ad platforms using that key so ROAS reflects actual revenue.
Facebook often kills UTMs across multiple hops. I stopped using shorteners and forced one redirect at most.
Also stored the landing UTMs server-side and added a fallback “last click source” from referrer if UTMs were missing. Saved a lot of cases.
Server-side session with UTMs plus a deep link token works. Avoid shorteners.