Skip to main content
Server-side events let your backend report conversions directly to the Scanova Tracking API using an API key. Unlike browser events, server events cannot be blocked by ad blockers, are not affected by browser restrictions, and can carry sensitive attribution data securely.

When to use server events

Use browser eventsUse server events
Page views and navigationPurchase confirmations
Clicks and scroll depthSubscription activations
Form field interactionsLead creation in your CRM
Any action visible in the browserSign-up email verifications
Any action that happens server-side
Use both together for the fullest picture: the browser SDK tracks the journey, and your server reports when a conversion actually happened.

How attribution works server-side

The scan_session_id is the attribution link between a QR scan and a server event. Here is the typical flow: 
User scans QR Code

Lands on yoursite.com/?scnv=7ad26d4f-...

SDK saves scan_session_id to localStorage

User completes a purchase form

Browser sends scan_session_id to your checkout API

Your server sends a purchase event with that scan_session_id

Scanova attributes the purchase to the QR scan
Your responsibility: pass the scan_session_id from the browser to your server. Common ways to do this:
  • Include it in a hidden form field
  • Send it in the API request body from your frontend JavaScript
  • Store it in the user’s session on your server (read it from the URL parameter when the page loads)
// Read from SDK (browser-side)
// Note: _scnv is the SDK's internal storage key — structure may change.
// Use this pattern only if no higher-level SDK method is available.
const scanSessionId = localStorage.getItem('_scnv')
  ? JSON.parse(localStorage.getItem('_scnv')).sid
  : null;

// Include in your API call to your backend
await fetch('/api/checkout', {
  method: 'POST',
  body: JSON.stringify({ ...orderData, scan_session_id: scanSessionId })
});

Requirements

  • A tracking site created in Integrations → Conversion Tracking
  • A site-scoped API key (generated in the tracking site’s API Keys tab)
  • Your server can make outbound HTTPS POST requests
  • You have a way to receive the scan_session_id from the user’s browser

Security requirements

  • Never expose your API key in frontend code or client-side JavaScript
  • Store the key in an environment variable or secrets manager
  • Rotate keys periodically from the dashboard

Next steps

Generate an API Key

Create a site-scoped API key from the dashboard.

Send Events

Code examples in cURL, Node.js, Python, and PHP.

Idempotency & Retries

How to safely retry failed requests.

Verify Delivery

Confirm your events are being received.