Server Implementation Checklist

• [x] Verify signature (HMAC-SHA256 of payload, keyed with your signature_secret)
• [x] Confirm transaction_id has not been processed before
• [x] Grant reward_amount × reward_item to user_id
• [x] Return 200 (Simula retries up to 2× on failure or timeout)

Grant rewards only after SSV succeeds

In the app, only grant rewards inside the SDK's EARNED_REWARD event — it fires after SSV succeeds and is the only trusted client signal.