'%3e%3cpath%20d='M150.127%20195.325C233.04%20195.325%20300.255%20168.696%20300.255%20135.848C300.255%20103%20233.04%2076.3709%20150.127%2076.3709C67.2143%2076.3709%200%20103%200%20135.848C0%20168.696%2067.2143%20195.325%20150.127%20195.325Z'%20fill='white'/%3e%3cpath%20d='M231.093%20118.256L150.117%20-0.000183105L69.1527%20118.256C68.1365%20119.748%2067.5967%20121.294%2067.5967%20122.871C67.5967%20136.017%20104.538%20146.666%20150.117%20146.666C195.697%20146.666%20232.638%20136.007%20232.638%20122.871C232.638%20121.294%20232.098%20119.748%20231.082%20118.256H231.093Z'%20fill='%2301A9F2'/%3e%3cpath%20d='M150.106%20356.844L98.7265%20281.5L62.3035%20311.117L25.4253%20257.017L50.787%20239.721L68.8556%20266.226L105.279%20236.62L150.106%20302.363L194.934%20236.62L231.357%20266.226L270.045%20209.48L295.407%20226.776L237.898%20311.117L201.475%20281.5L150.106%20356.844Z'%20fill='white'/%3e%3cpath%20d='M592.168%20165.22V237.908H561.482V171.825C561.482%20153.884%20551.807%20143.034%20535.051%20143.034C516.644%20143.034%20505.318%20156.011%20505.318%20175.604V237.908H474.875V171.349C474.875%20153.407%20464.968%20142.791%20448.445%20142.791C429.804%20142.791%20418.711%20156.011%20418.711%20176.07V237.908H388.025V118.964H418.711V134.301C426.502%20122.033%20440.421%20115.418%20458.13%20115.418C477.014%20115.418%20490.7%20122.975%20498.247%20135.953C506.747%20123.208%20521.608%20115.418%20540.725%20115.418C572.819%20115.418%20592.179%20135.476%20592.179%20165.22H592.168Z'%20fill='white'/%3e%3cpath%20d='M899.48%2080.2534C899.48%2068.2182%20909.388%2059.4856%20920.248%2059.4856C931.574%2059.4856%20941.248%2068.9274%20941.248%2080.2534C941.248%2091.3465%20931.574%20100.788%20920.248%20100.788C909.155%20100.788%20899.48%2092.0557%20899.48%2080.2534Z'%20fill='white'/%3e%3cpath%20d='M935.832%20118.955H905.146V237.899H935.832V118.955Z'%20fill='white'/%3e%3cpath%20d='M1140.2%20118.955H1173L1099.84%20288.644H1067.5L1090.6%20237.666L1043.42%20118.955H1076.45L1107.37%20204.81L1140.18%20118.955H1140.2Z'%20fill='white'/%3e%3cpath%20d='M883.182%20115.418H815.904C781.45%20115.418%20755.008%20137.837%20755.008%20171.825C755.008%20206.756%20778.846%20228.466%20815.904%20228.466C831.951%20228.699%20847.288%20231.059%20847.288%20246.64C847.288%20259.617%20835.962%20267.175%20817.555%20267.175C799.148%20267.175%20784.985%20254.664%20781.915%20239.326L756.66%20246.873C763.741%20274.722%20787.346%20292.188%20817.312%20292.188C856.963%20292.188%20876.313%20272.838%20876.313%20249.233C876.313%20234.605%20869.231%20223.036%20855.545%20215.721C868.522%20206.047%20877.022%20190.709%20877.022%20171.825C877.022%20160.986%20871.412%20149.3%20863.145%20140.674H883.182V115.418ZM815.904%20203.919C797.264%20203.919%20782.392%20192.117%20782.392%20171.825C782.392%20151.534%20799.148%20139.964%20815.904%20139.964C832.66%20139.964%20849.416%20151.29%20849.416%20171.825C849.416%20188.814%20835.497%20203.919%20815.904%20203.919Z'%20fill='white'/%3e%3cpath%20d='M737.426%20237.906V118.962H708.158V136.088C698.685%20121.481%20682.796%20115.426%20668.983%20115.426C633.587%20115.426%20608.087%20143.509%20608.087%20179.148C608.087%20214.788%20633.1%20241.452%20668.03%20241.452C682.426%20241.452%20698.24%20235.08%20708.148%20220.917V237.906H737.415H737.426ZM673.471%20213.835C653.645%20213.835%20638.308%20199.207%20638.308%20178.429C638.308%20157.65%20653.889%20143.032%20673.704%20143.032C694.705%20143.032%20709.1%20160.021%20709.1%20178.429C709.1%20196.836%20694.472%20213.835%20673.46%20213.835H673.471Z'%20fill='white'/%3e%3cpath%20d='M1003.29%20111.085C1003.29%2098.5315%201011.17%2091.8842%201023.98%2091.8842C1028.9%2091.8842%201033.83%2092.6251%201037.77%2093.853L1042.2%2068.0043C1038.02%2066.7765%201027.43%2064.7971%201021.27%2064.7971C994.18%2064.7971%20972.607%2081.786%20972.607%20110.355V118.961H956.889V144.216H972.607V164.519V237.915H1003.29V144.216H1038.46V118.961H1003.29V111.096V111.085Z'%20fill='white'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='clip0_1_3'%3e%3crect%20width='1173'%20height='356.842'%20fill='white'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e)
S2S Transaction Validator
Setting Up the S2S Transaction Validator
Use Server-to-Server (S2S) validation when your backend (or a third-party service other than RevenueCat) already validates in-app purchases with Apple App Store and Google Play. In this mode, Magify trusts the purchase data delivered from your server and skips its own store-side validation.
Step 1: Request S2S Access in Magify
Server-to-Server access is provisioned only through Magify technical support. Contact support to request S2S access for your application; they will provide the S2S endpoint URL and the Authorization Code required to authenticate your server requests.
Step 2: Configure Your Server
On your server, after a purchase has been validated with Apple App Store or Google Play, build the payload described below and deliver it to Magify. The full request — method, URL, and required headers — is covered in the Sending the payload subsection after the example.
Request fields
Identity
client_id(string, required) — Magify client identifier. By default it is generated by the SDK and exposed throughMagifyService.Instance.ClientId. If your application assigns its ownclient_idand passes it toMagifyManager, you must send exactly the same identifier in the S2S payload — otherwise the purchase will be attributed to a different user.app_version(string, required) — application version at the time of purchase.country(string, required) — two-letter device/user country code.
Transaction
product_id(string, required) — store product identifier.transaction_id(string, required) — store transaction identifier. Normalized to a lowercase UUID server-side.original_transaction_id(string, required) — original store transaction identifier. For renewals/restores this matches the first transaction in the chain. Normalized to a lowercase UUID server-side.purchased_at(number, required) — purchase timestamp as Unix epoch seconds. Fractional values are accepted.store_name(string, required) — store identifier. For purchases made through the native stores (Apple App Store, Google Play), sendNATIVE. For purchases made through any other store or payment provider, contact Magify technical support to request a dedicatedstore_namecode for your store and use it in the payload.storefront(string, optional) — store region code reported by the native store.environment(string, optional, defaultPRODUCTION) — one of:PRODUCTIONSANDBOX
Money
price(decimal, required) — transaction amount. Must be≥ 0; up to 8 decimal places.currency(string, optional) — ISO 4217 currency code (e.g.USD). Defaults toUSDif omitted.commission_amount(decimal, optional, default0) — store/processor commission deducted from the price. Must be≥ 0; up to 8 decimal places.commission_currency(string, optional) — ISO 4217 currency code for the commission.
Classification
type(string, optional) — purchase type. One of:TEST— test transaction (never counted as revenue);INITIAL_PURCHASE— first purchase of a subscription;NON_RENEWING_PURCHASE— one-off / consumable / non-renewing purchase;RENEWAL— subscription renewal;CANCELLATION— subscription cancellation / refund.
period_type(string, optional) — subscription period type. One of:TRIALNORMAL
is_trial_conversion(boolean, optional, defaultfalse) —trueif this transaction converts a trial into a paid subscription.product_id_type(string, optional) — product kind. One of:consumable_product_idnon_consumable_product_idsubscription_product_idcross_promo_product_iddeeplink_product_idbonus_product_idinfo_product_idrewarded_product_idexternal_product_id
Example payload
{
"app_version": "1.0",
"client_id": "00000000-0000-0000-0000-000000000001",
"country": "US",
"product_id": "com.example.coins_pack_small",
"transaction_id": "2000000812345678",
"original_transaction_id": "2000000812345678",
"purchased_at": 1747310000.22,
"price": 9.99,
"currency": "USD",
"storefront": "US",
"store_name": "NATIVE",
"type": "INITIAL_PURCHASE",
"period_type": "NORMAL",
"is_trial_conversion": false,
"product_id_type": "consumable_product_id",
"environment": "PRODUCTION"
}
Sending the payload
Send the JSON payload above as the body of an HTTP POST request to the S2S endpoint URL for your application. The URL has the following shape:
https://webhook.magify.com/v1/s2s/{app_slug}
{app_slug} is the slug name of your application in Magify — a short, URL-safe identifier assigned to the app (for example, my-game), not a UUID. The same URL is used for both sandbox and production traffic — the environment is distinguished only by the environment field inside the payload. The URL and the bearer token are issued by Magify technical support in Step 1.
The request must include:
- Method:
POST - URL:
https://webhook.magify.com/v1/s2s/{app_slug} Content-Type: application/jsonAuthorization: Bearer <token>— use the bearer token issued by Magify technical support. Requests without this header, or with an invalid token, are rejected.
Example curl:
curl -X POST "https://webhook.magify.com/v1/s2s/{app_slug}" \
-H "Content-Type: application/json" \
-H "Authorization: Bearer {bearer_token}" \
-d '{ "app_version": "1.0", "client_id": "00000000-0000-0000-0000-000000000001", ... }'
Use "environment": "SANDBOX" in the payload while testing and "environment": "PRODUCTION" for live traffic. The URL stays the same — Magify routes the request based on the environment field.
Step 3: Update the Client SDK
Although the validated purchase reaches Magify over S2S, the client SDK still has to emit analytics events (purchase started, purchase finished, subscription events). To complete the S2S setup you must set SkipVerification to true on every PurchaseInfo you create. In this case the Magify SDK will not request validation through its own services and will rely entirely on the payload your server sends.
How to set the flag
PurchaseInfo is typically created in your purchase callback — most commonly inside the method that implements Unity IAP's IStoreListener.ProcessPurchase, or inside the Magify store wrappers IMinimalInAppStore / IInAppStore. Pass the flag through the constructor:
PurchaseProcessingResult IStoreListener.ProcessPurchase(PurchaseEventArgs e)
{
var product = e.purchasedProduct;
// skipVerification: true — Magify will NOT call its validation service.
// Your server is responsible for sending the validated purchase via S2S.
var purchaseInfo = new PurchaseInfo(
product,
LoadSubscriptionInfo(product.definition.id),
skipVerification: true);
if (purchaseInfo.SubscriptionInfo != null)
OnSubscriptionPurchaseFinished?.Invoke(product.definition.id, purchaseInfo);
OnPurchaseFinished?.Invoke(product.definition.id, purchaseInfo);
return PurchaseProcessingResult.Complete;
}
If only some products use S2S (for example, external shop only), set the flag only for those products and leave the default for everything else.
Aligning client events with the S2S payload
Whatever identifiers reach Magify through the S2S call must match what the client sends for analytics, regardless of whether SkipVerification is set:
client_id— if your app assigns its own client identifier toMagifyManager, send exactly that value in the S2S payload. Otherwise read the SDK default viaMagifyService.Instance.ClientIdand forward it to your backend.transaction_id/original_transaction_id— use the identifiers emitted by the native store (AppletransactionIdentifier/ GoogleorderId) and forward the same values server-side.product_id— match the store product identifier used on the client.
Mismatches will split a purchase across users or duplicate it in reporting.
Hybrid setup
If only some of your purchases are validated externally (for example, a proprietary web shop in addition to Apple/Google), you can keep Magify validation for native flows and use the trusted-purchase path for external ones by filling a TrustedPurchaseRecord on PurchaseInfo. See External Validation for the full client-side patterns (trusted purchases, server-to-server, and mixed setups).
Step 4: Send a Test Transaction
- From your server, send a test purchase payload to the S2S endpoint with
"environment": "SANDBOX"using a sandbox transaction. - In Magify, open Transaction Validator → your application and confirm the test transaction appears in the validation log.
- Once verified, change
"environment"to"PRODUCTION"in the payload for live traffic — the URL and bearer token stay the same.
Notes
- Magify does not re-validate S2S purchases with the native stores — ensure your server performs full Apple/Google receipt validation before forwarding the purchase.
- Duplicate purchases are de-duplicated by
transaction_id. Re-sending the same transaction is safe. - If you later migrate to RevenueCat, switch the integration via Transaction Validator → RevenueCat and stop sending S2S payloads for the affected application.