Conversion Tracking · Architecture
How do I set up the Meta Conversions API the right way?
Set up the Conversions API as a server-side companion to the pixel, not a replacement. Send the same events from both sides, share an event_id so Meta deduplicates them, and pass hashed customer data to lift match quality. Most setups fail on dedup and identity, not the connection.
What the Conversions API actually is
The Conversions API (CAPI) sends conversion events to Meta from your server instead of from the browser. The pixel still fires client-side. CAPI runs alongside it, server-side. The point is coverage. Browser events get blocked by ad blockers, iOS settings, and consent tools. Server events do not, because they leave from your infrastructure, not the visitor’s device.
The mistake I see most often is treating CAPI as a switch you flip to “fix tracking.” It is not a fix on its own. A bad CAPI build makes reporting worse than no CAPI at all, because now you have two streams that double-count or contradict each other. The architecture is what makes it work.
The two-stream model
Run the pixel and CAPI as a matched pair. Every key event fires twice: once from the browser through the pixel, once from your server through CAPI. PageView, ViewContent, AddToCart, InitiateCheckout, Purchase. Both sides send the same event for the same user action.
That sounds like double-counting, and it would be, except for one field. You send a shared event_id on both the pixel call and the server call. Meta uses that id to recognize the two events as the same conversion and keeps one. This is deduplication, and it is the single most important part of the setup. Get it wrong and your Purchase count inflates, your ROAS looks better than reality, and the account optimizes toward a number that does not exist.
So the build order is: pixel first, CAPI second, dedup keys wired before you trust a single number.
What CAPI needs to match
A server event with no identity is close to useless. Meta has to tie the event back to a person to attribute it and to optimize. You do that by passing customer information parameters, hashed with SHA-256 before they leave your server. The fields that move match quality the most:
- Email (hashed)
- Phone (hashed)
fbpandfbccookies, captured from the browser and forwarded to the server- IP address and user agent
- External ID, if you have a stable customer id
The fbc cookie carries the click id from the ad click. Forwarding it is what lets a server-side Purchase get attributed back to the specific ad that drove it. Skip it and you lose attribution on a large share of conversions even though the event itself arrived.
Match quality shows up in Events Manager as the Event Match Quality score per event. Below “Good” on Purchase, fix identity before you touch anything else.
How to send the events
There are three common paths, in rough order of how much control they give you.
Direct server-to-server. Your backend posts events to the Graph API endpoint. Most control, most match potential, most engineering. This is the right call for a custom stack or a high-spend account where match quality pays for itself.
Server-side Google Tag Manager (Stape or your own container). The browser sends events to a server container you own, and that container forwards them to Meta with full data. This is what I reach for on Shopify and most lead-gen sites. You get server-side identity and dedup without writing API calls by hand, and one container can feed Meta, GA4, and TikTok from the same event stream.
Native platform integration. Shopify’s built-in Meta channel and partner connectors send CAPI for you. Fast to turn on. The catch is you give up control of dedup keys and the exact data sent, so verify in Events Manager that events deduplicate and match well before you rely on it. I have seen native integrations that send a second Purchase with no event_id, which inflates counts. Check, do not assume.
Verify before you trust it
Setup is not done when the connection turns green. It is done when you have confirmed the numbers reconcile.
- Open Events Manager and check that each event shows both “Browser” and “Server” as sources.
- Confirm the deduplication rate is high. Low dedup means your
event_idis not matching across the two streams. - Check Event Match Quality on Purchase and Lead. Push the weak ones up with more identity fields.
- Compare Meta’s reported Purchase count against your real backend over the same window. Shopify orders, your CRM, your database. If Meta is meaningfully higher, you have a dedup or double-fire problem. If it is much lower, you have a coverage or match problem.
That last step is the one people skip, and it is the only one that tells you the truth. The platform UI will happily show you a healthy-looking setup that is double-counting. Reconciling against the source of record is how you catch it.
Where it sits in the stack
CAPI is one layer of a tracking stack, not the whole thing. It depends on a clean event layer feeding it, consistent event names across pixel and server, and a consent setup that does not strip the data you need. If your GA4 and Meta numbers already disagree, adding CAPI on top of a broken foundation just gives you a third number to reconcile. Fix the event layer and identity capture first, then add the server stream, then verify it reconciles. In that order it earns its place. Out of order it adds noise.
Related questions
-
What conversion value should I send to Google and Meta, and how do I keep them reconciling?
How to pick the conversion value you send to Google Ads and Meta so the two platforms reconcile with each other and with the numbers in Shopify or your CRM.
Read the answer
-
What are enhanced conversions in Google Ads and how do I set them up correctly?
How enhanced conversions work in Google Ads, the two types (Leads and Web), setup paths via GTM or the API, and the consent and hashing rules that decide match rates.
Read the answer
-
Why don't my GA4 and Meta conversion numbers match?
GA4 and Meta count conversions differently: attribution windows, modeling, and dedup. Here is how to read the gap and when it signals a real tracking problem.
Read the answer
Want this diagnosed in your account?
Same diagnosis,
run on your account.
Thirty minutes on the phone. I look at your spend, your tracking, and your search-term reports before the call. You walk out with a clear list of what is leaking and what to fix first.