Server-to-Server - Fundamentals

Server-to-Server - Fundamentals

Implement Singular's REST API for complete server-side tracking as an alternative to SDK integration, enabling full control over data collection, transmission, and attribution workflows.

Choosing your integration: SDK or S2S? If you can embed a client SDK, start with the SDK integration docs . Use Server-to-Server when you need server-side event delivery, are on a platform without an SDK, or want full control over data collection. This suite covers the S2S path and is the shared reference for the Mobile, Web, and PC/Console S2S guides.


Overview

Server-to-Server Use Case

Server-to-server (S2S) integration provides REST API endpoints for building complete attribution and analytics solutions running from your backend infrastructure without embedding Singular SDK in client applications.

Integration Approaches:

  • Pure S2S: 100% server-side implementation handling both session and event tracking
  • Hybrid: Singular SDK manages sessions while server-side handles event tracking

Hybrid Integration Pattern

Hybrid integration combines Singular SDK for session management with server-side EVENT API for backend event tracking, balancing ease of implementation with server-side flexibility.

Hybrid Benefits:

  • SDK handles complex session logic, deep linking, and device data collection automatically
  • Server sends events for transactions processed in backend systems
  • Reduced client-side implementation complexity
  • SESSION endpoint not required—SDK manages session lifecycle

Hybrid S2S Data Flow

Device Data Retrieval Methods:

  1. Client-Managed Flow: Capture required data points on client and forward to server via internal API for use with Singular EVENT endpoint
  2. Internal BI Postback: Configure Singular Internal BI postback to receive real-time JSON payload with device identifiers after install, re-engagement, or events ( Setup Guide )

Device Graph Maintenance: Both methods require server-side logic to maintain device graph. When SDK detects device identifier changes, update server accordingly to ensure accurate tracking.

Implementation Resources:


Key Integration Principles

Principle Description
Flexibility Full control over data collection and transmission timing
Feature Parity Supports all SDK functionality when proper data provided
Integration Path Client → Your Server → Singular API
Real-time Processing One request at a time—no batch processing support
Sequential Flow Events must be processed chronologically
No Deduplication Singular does not deduplicate—implement server-side deduplication
Data Permanence Device-level data cannot be deleted after ingestion—validate before sending

Integration Requirements

Pure S2S integration requires comprehensive data pipeline implementation for session and event tracking.

  1. Data Collection: Collect required data points from client applications
  2. Device Graph: Forward data to server and maintain device identifier storage
  3. Session Requests: Send session notifications via SESSION API
  4. Response Handling: Process and relay Singular responses back to client app
  5. Event Requests: Forward events via EVENT API

Related S2S Guides

This article is the shared reference for the S2S suite. Use the guide that matches your platform, and the endpoint references for full parameter detail.

Platform guides

Endpoint references

Feature guides


REST API Endpoints

Singular provides two primary REST API endpoints for server-to-server session and event tracking.

Session Endpoint

Session Tracking API

SESSION endpoint notifies Singular of app open events to initialize user sessions for attribution and retention tracking.

GET https://s2s.singular.net/api/v1/launch

Complete reference: SESSION Endpoint API Reference


Event Endpoint

Event Tracking API

EVENT endpoint tracks in-app events and revenue for attribution analysis and campaign optimization.

GET https://s2s.singular.net/api/v1/evt

Complete reference: EVENT Endpoint API Reference


Common Parameters

These parameters are shared across the SESSION and EVENT endpoints of Singular's S2S REST API. This section holds their canonical definitions; other S2S articles link here rather than redefining them.


Authentication

Parameter Details
a

string

Singular SDK Key for API authentication.

Retrieve from: Singular UI → Main Menu → Developer Tools .

Important: Do not use the Reporting API Key. Requests will be rejected.

Example: sdkKey_afdadsf7asf56


Device Identifiers

Device identifiers vary by platform and availability. Include all applicable identifiers for your platform. Omit any identifier that is unavailable—never pass NULL or an empty string.

Parameter Details
idfa

Platform: iOS

Identifier for Advertisers (IDFA) enables ad tracking and campaign attribution.

ATT requirement: iOS 14.5+ requires user opt-in via the App Tracking Transparency framework.

  • Omit parameter if IDFA unavailable (user denied ATT prompt).
  • Never pass NULL or empty string.
  • Retrieve IDFA

Example: DFC5A647-9043-4699-B2A5-76F03A97064B

idfv

Platform: iOS

Identifier for Vendors (IDFV) remains consistent across all apps from the same vendor.

Always required: Must be included regardless of ATT status or IDFA availability.

Example: 21DB6612-09B3-4ECC-84AC-B353B0AF1334

aifa

Platform: Android
(Google Play)

Google Advertising ID (GAID) enables user-resettable advertising tracking on Android.

  • Required on Google Play devices.
  • Omit on non-Google Play devices.
  • Omit if unavailable—never pass NULL or empty string.
  • Retrieve AIFA

Example: 8ecd7512-2864-440c-93f3-a3cabe62525b

asid

Platform: Android
(Google Play)

Android App Set ID provides privacy-conscious cross-app tracking for the same developer.

Always required: Must be included on Google Play devices regardless of GAID availability.

Example: edee92a2-7b2f-45f4-a509-840f170fc6d9

amid

Platform: Android
(Amazon)

Amazon Advertising ID for Amazon devices without Google Play Services.

Example: df07c7dc-cea7-4a89-b328-810ff5acb15d

oaid

Platform: Android
(Chinese OEMs)

Open Advertising Identifier (OAID) for Chinese-manufactured devices without Google Play Services (Huawei, Xiaomi, OPPO, etc.).

  • Required for Chinese OEM devices without Google Play.
  • Omit if unavailable.
  • Retrieve OAID

Example: 01234567-89abc-defe-dcba-987654321012

andi

Platform: Android
(Non-Google Play)

Android ID is a device-generated 64-bit identifier.

Restricted use: Prohibited on Google Play devices—use AIFA and ASID instead. Only send if no other identifiers are available and the app is not distributed via Google Play.

Example: fc8d449516de0dfb

sdid

Platform: iOS, Android, PC, Xbox, PlayStation, Nintendo, MetaQuest, CTV

Singular Device ID is a client-generated anonymized UUIDv4 representing a unique app install.

Primary identifier: Only device identifier relevant for PC and console applications.

Example: 40009df0-d618-4d81-9da1-cbb3337b8dec


Device Parameters

Parameter Details
p

string

Platform of the application.

Allowed values (case-sensitive):

  • Android
  • iOS
  • PC
  • Xbox
  • Playstation
  • Nintendo
  • MetaQuest
  • CTV

Example: Android

ip

string

Public IPv4 address of the device. IPv6 is supported, but IPv4 is recommended for attribution compatibility with ad networks.

Example: 172.58.29.235

ve

string

OS version of the device at session time.

Example: 9.2

ma
iOS, Android

string

Device make (manufacturer name). Must be used with mo (model).

Retrieve Device Make

Example: Samsung , LG , Apple

mo
iOS, Android

string

Device model. Must be used with ma (make).

Retrieve Device Model

Example: iPhone 4S , Galaxy SIII

lc
iOS, Android

string

IETF locale tag—two-letter language and country code separated by an underscore.

Retrieve Device Locale

Example: en_US

bd
iOS, Android

string

Device build identifier, URL-encoded.

Retrieve Device Build

Example: Build%2F13D15


Application Parameters

Parameter Details
i

string

App identifier (case-sensitive).

  • Android: Package Name (e.g., com.singular.app )
  • iOS: Bundle ID (e.g., com.singular.app )
  • PC/Console: Your designated identifier

Example: com.singular.app

app_v

string

Application version.

Example: 1.2.3

att_authorization_status
iOS

integer

App Tracking Transparency (ATT) status code (iOS 14.5+).

Status values:

  • 0 - Undetermined (prompt not shown)
  • 1 - Restricted (device-level tracking disabled)
  • 2 - Denied (user denied authorization)
  • 3 - Authorized (user granted authorization)

Always required: Even if ATT is not implemented, pass 0 (undetermined).

Example: 3


Network and Location Parameters

Parameter Details
use_ip

boolean

Instructs Singular to extract the IP address from the HTTP request instead of the ip parameter.

Limitations:

  • Prevents IP-based geolocation by Singular.
  • Supply a two-letter country code via the country parameter.
  • Mutually exclusive with the ip parameter—do not use both.
  • Must supply either ip or use_ip to avoid data rejection.

Example: true

country

string

ISO 3166-1 alpha-2 two-letter country code.

Required when: IP address is not available or use_ip=true .

Example: US

ua

string

URL-encoded User Agent string.

Raw: Mozilla/5.0 (iPhone; CPU iPhone OS 14_0 like Mac OS X) AppleWebKit/605.1.15...

Example: Mozilla%2F5.0%20(iPhone%3B%20CPU%20iPhone%20OS%2014_0...

c
iOS, Android

string

Network connection type.

Allowed values: wifi , carrier

Example: wifi

cn
iOS, Android

string

Carrier name of the internet provider.

Example: Comcast


Data Privacy Parameters

Parameter Details
data_sharing_options

JSON

JSON URL-encoded end-user consent for data sharing. Must persist and be passed on all subsequent SESSION and EVENT requests.

User consented (opted-in):

{"limit_data_sharing":false}

User refused (opted-out):

{"limit_data_sharing":true}

Example: %7B%22limit_data_sharing%22%3Atrue%7D

dnt
iOS, Android

integer

Do Not Track status.

  • 1 - Do Not Track enabled
  • 0 - Do Not Track disabled

Example: 0

dntoff
iOS, Android

integer

Indicates if Do Not Track is OFF.

  • 0 - Do Not Track enabled (OFF=false)
  • 1 - Do Not Track disabled (OFF=true)

Example: 1


Cross-Device Support

Parameter Details
custom_user_id

string

Your internal user ID for cross-device tracking.

No PII: Do not pass personally identifiable information. Use a hashed or otherwise anonymized internal identifier, not raw email addresses, phone numbers, or names.

Example: 123456789abcd


Implementation Phases

Successful S2S integration requires four key implementation phases executed sequentially for optimal data quality and attribution accuracy.

Phase 1: Data Collection

Required Data Points

Establish robust data collection strategy capturing all required parameters for Singular platform functionality.

All Required Parameters Mandatory: Omitting required parameters results in data discrepancies and attribution errors. No parameters are optional.

Async Function Handling: When collecting client-side data for server transmission, wait for asynchronous functions to complete and handle edge cases. Common issue causing missing data and partial attribution.

Implementation Resources:


Phase 2: Real-Time Streaming

Critical Timing Requirements

Real-time data streaming maintains attribution accuracy and enables time-sensitive features like SKAdNetwork conversion value updates.

Attribution Impact:

  • Delayed Sessions: Severely impact attribution accuracy—system requires precise temporal data for campaign association
  • SKAdNetwork Timer: Strict on-device timer window for conversion values makes real-time streaming critical. Delays cause missed conversion value updates and incomplete campaign data

Best Practices:

  • Implement server-side event listeners for app session starts
  • Forward session data immediately with all required parameters
  • Implement server-side event listeners for in-app events
  • Forward event data immediately with all required parameters
  • Use webhook architecture for reliable data transmission
  • Implement retry mechanisms for failed requests
  • Monitor data flow for quality assurance

Phase 3: Response Handling

Bidirectional Communication

Response handling bridges server-side API interactions with client-side functionality, enabling deferred deep linking and conversion value updates.

Key Response Types:

  • Deferred Deep Links: API response contains pending deep link data requiring immediate relay to app for user routing and personalization
  • Conversion Values: iOS SKAdNetwork conversion values must be promptly forwarded to app for accurate campaign measurement

Best Practices:

  • Implement response handling on server infrastructure
  • Parse and validate Singular API responses
  • Forward relevant response data to client app (essential for iOS SKAdNetwork)
  • Implement client-side response processing
  • Handle errors gracefully with proper HTTP status codes
  • Log failed responses for retry mechanisms

Phase 4: Testing & Validation

Data Flow Verification

Testing phase validates complete data pipeline functionality and attribution accuracy before production deployment.

Session Attribution Processes:

  • First Session (New Install): Singular recognizes new install and triggers install attribution process
  • Re-engagement Qualified: Singular triggers re-engagement attribution process ( Re-engagement FAQ )
  • Standard Session: Singular records session for user activity and retention metrics

Critical Timing Requirements:

  1. Session Before Events: Single SESSION must be received before any events. SDK triggers session on app open, then sends in-app events. After 1+ minute background, session times out. New session sent when app returns to foreground. Use app lifecycle events and timers for session management
  2. Real-Time Events: Events occurring in app must be sent real-time after their respective session

Validation Checklist:

  • Test session data flow—validate first and subsequent sessions have correct data points and values
  • Confirm events received only after session reported to Singular (events before session create organic attribution)
  • Confirm session response handled and passed to client app (critical for deferred deep links)

Integration Complete:

  • ✓ Data collection and storage validated
  • ✓ Real-time streaming to Singular validated
  • ✓ Response handling and logging validated
  • ✓ All testing data flows validated

Testing guide: S2S Integration Testing Guide


Additional Features

Implement cross-device tracking, revenue tracking, uninstall monitoring, and data privacy compliance for comprehensive analytics.

Cross-Device Tracking

Custom User ID Implementation

Leverage custom_user_id parameter to associate users with device-level sessions for cross-device reporting and user-level analytics.

Privacy Compliance: Adhere to data privacy policies by avoiding personally identifiable information (PII) in custom_user_id . Use hashed username, email, or randomly generated string as unique user identifier.

Enables comprehensive cross-device reporting, user-level data exports, and Internal BI postbacks while maintaining user privacy.

More info: Custom User ID Parameter


Revenue Tracking

In-App Purchase Reporting

Track revenue from in-app purchases for ROI analysis, campaign performance measurement, and export/postback enrichment.

Use EVENT endpoint with revenue parameters :

  • is_revenue_event : Marks event as revenue event (skip if event name is __iap__ or amount > 0)
  • purchase_receipt : Android/iOS In-App Purchase object—highly recommended for transaction details and report enrichment
  • receipt_signature (Android): Highly recommended for transaction validation and fraud prevention
  • amt : Revenue amount as Double (e.g., "amt=1.99")
  • cur : ISO 4217 currency code (e.g., "cur=USD")

Implementation guide: Subscription State Management


Data Privacy Compliance

User Consent Handling

Notify Singular of end-user consent for data sharing to comply with GDPR, CCPA, and other privacy regulations.

Use data_sharing_options parameter to communicate user choice:

  • {"limit_data_sharing":false} : User consented (opted-in) to share information
  • {"limit_data_sharing":true} : User refused to share information

Singular uses limit_data_sharing in User Privacy Postbacks and passes information to partners requiring compliance.

Optional but Recommended: Parameter optional, but some attribution information only shared by partners when user explicitly opted-in.

More info: User Privacy and Limit Data Sharing