Principles
- Register credentials from the project
Credentialspage in Console. - Unity clients send only values they should receive, such as provider tokens, purchase tokens, and device tokens.
- Do not include service account private keys, APNs
.p8keys, Facebook app secrets, or webhook secrets in client builds. - If one project has multiple apps for the same provider, pass
appIdentifierorreceipt_payload.app_identifier.
Common Credential Fields
| Field | Description |
|---|---|
| Type | Social login, Purchase, or Push. |
| Provider | google, apple, facebook, google_play, app_store, one_store, fcm, or apns. |
| App identifier | Android package name, iOS bundle ID, or provider app ID. |
| Public config JSON | Non-secret identifiers such as client ID or package name. |
| Secret payload JSON | Private key, client secret, or webhook secret. |
Social Login
After signing in with a provider SDK, pass the token to HyperX.Apple
client_id. The Unity client passes the Apple identity token.
identityToken. HyperX checks token validity and app ID.
Store Purchase Validation
After a purchase succeeds, callplayer.ValidatePurchase. HyperX validates the receipt through the provider API using Console credentials.
Google Play
receipt_payload.purchase_token or receipt_payload.token.
App Store
transaction_id.
ONE Store
receipt_payload.purchase_token or receipt_payload.token.
Refund and Cancellation Webhooks
Providers send refund, cancel, and revoke events to the HyperX webhook URL. HyperX deduplicates events and marks matched purchases asrefunded.
x-hyperx-webhook-secret header. If the provider console does not support custom headers, use the webhook_secret query parameter.
| Provider | Setup Location |
|---|---|
| Google Play | Real-time developer notifications and Cloud Pub/Sub push subscription |
| App Store | App Store Server Notifications V2 production server URL |
| ONE Store | PNS Notification URL in Developer Center |
Push Providers
Push requires provider console setup, HyperX credentials, and Unity device token registration.FCM
APNs
Campaign Delivery
Operators create and send push campaigns from Console. A campaign target can includeplatform, environment, app_identifier, limit, max_attempts, and validate_only. HyperX sends Android devices through FCM and iOS devices through APNs, retries retryable provider failures up to the campaign max_attempts boundary, and records one delivery result per device.
Console shows delivery status, attempts, provider message IDs, provider errors, and invalid-token cleanup. When FCM or APNs reports an invalid device token, HyperX marks that device as opted out so future campaigns do not keep retrying a stale token.
Checklist
- Provider secrets are not included in Unity builds.
- Package name, bundle ID, and client ID match the released app.
- Social tokens are fresh short-lived tokens from provider SDKs.
- Purchase requests use real store
transaction_idand purchase token values. - Call
RegisterDeviceagain when the push token changes. - Check Console campaign delivery diagnostics after production sends.