Attribloom
All articles

App Store attribution

How to attribute App Store subscriptions to an affiliate

Tie an iOS subscription back to the affiliate who drove it using StoreKit 2 and App Store Server Notifications, with no receipt-validation SDK.

The problem

An affiliate sends a user to your App Store listing. The user installs, then subscribes a few days later. You want to credit that subscription to the affiliate and pay a commission on it. The catch: the purchase happens inside Apple's system, where web affiliate cookies and pixels never fire, and device fingerprinting for attribution has been against Apple's rules since iOS 14.5.

The mechanism

StoreKit 2 lets your app attach an appAccountToken, a UUID you generate, to a purchase. Apple echoes that UUID back in the signed transaction and in every App Store Server Notification about it. That gives you a deterministic, privacy-safe key that ties a specific purchase to whatever you associated the UUID with, such as an affiliate referral.

App Store Server Notifications v2 then confirm the subscription server side. Each notification is a signed JWS you verify against Apple's certificate chain, so it cannot be forged. Renewals, refunds, and cancellations arrive the same way, which is what lets a commission reverse automatically when a subscription is refunded.

The steps

First, when a referred user is about to purchase, set the appAccountToken on the StoreKit 2 purchase option. With Attribloom you fetch that token from its bind endpoint, which mints it against the specific affiliate, so your app never invents its own UUID. If you build your own attribution instead, you generate the UUID and record which affiliate it belongs to. Second, configure your App Store Server Notifications v2 URL and forward each signed notification to your attribution endpoint. Third, on each verified notification, read the appAccountToken, look up the affiliate, and record the conversion at the real transaction value, excluding trials and refunds.

Attribloom implements the hard part of this for you: it verifies the JWS, matches the token to an affiliate, applies the commission, and reverses it on refund or cancellation.

Frequently asked

Do I need shared-secret receipt validation?

No. The StoreKit 2 appAccountToken plus App Store Server Notifications v2 confirm the subscription server side without the older shared-secret receipt-validation flow.

What happens when a subscription is refunded?

Apple sends a refund notification through App Store Server Notifications v2. The commission tied to that transaction is reversed automatically.

In the glossary

Continue reading

Get startedSee pricingMore articles