Your Meta Pixel is missing conversions. Not because Meta's tracking is broken — but because the Pixel runs in the browser, and browsers are increasingly hostile to third-party tracking scripts. iOS users, Safari visitors, and anyone with an ad blocker installed are invisible to a Pixel-only setup.
The Meta Conversions API (CAPI) fixes this by moving the conversion signal off the browser entirely. This guide explains what CAPI is, how it works, what event match quality means, how deduplication works, and how to implement it via server-side GTM.
What Is the Meta Conversions API?
The Meta Conversions API (also called Facebook CAPI or Facebook Conversions API) is a server-to-server interface that lets you send conversion event data directly from your server to Meta's advertising platform — without going through the user's browser.
When a customer completes a purchase on your site, instead of your browser pixel attempting to fire a Purchase event from the visitor's browser to Meta's servers, your own server sends that event directly to Meta via an HTTPS API call. The visitor's browser is not involved in that transmission at all.
This matters because:
- Ad blockers block requests from the browser to Meta's domains. They cannot block a request your server makes to Meta's API.
- iOS privacy restrictions limit what the Meta Pixel can observe in Safari. They have no effect on server-side API calls.
- Third-party cookies are being deprecated. CAPI does not depend on cookies — it uses other match identifiers (hashed email, phone, order ID).
CAPI is not a replacement for the Meta Pixel. Meta explicitly recommends running both together. The Pixel handles real-time browser signals and behavioural events (page views, scroll depth, micro-interactions). CAPI handles critical conversion events — purchases, qualified leads, sign-ups — where data completeness is most important.
How Does the Meta Conversions API Work?
When a conversion event occurs on your site, your server sends an HTTPS POST request to Meta's API endpoint:
POST https://graph.facebook.com/v18.0/{pixel_id}/events
The request payload includes:
- event_name —
Purchase,Lead,CompleteRegistration, etc. - event_time — Unix timestamp of when the event occurred
- user_data — Hashed identifiers for matching:
em(hashed email),ph(hashed phone),fbc(click ID from fbclid),fbp(browser cookie),client_ip_address,client_user_agent - custom_data — Event-specific parameters:
value,currency,order_id,contents - event_id — A unique identifier used for deduplication when the Pixel also fires the same event
Meta receives the event, matches it against its user database using the identifiers you provided, and attributes it to the ad campaign that drove the visit (using the fbc click ID or probabilistic matching).
The quality of that matching process is what Meta calls the Event Match Quality score.
What Is Event Match Quality?
Event Match Quality (EMQ) is Meta's score (out of 10) indicating how well the identifiers in your CAPI events match to actual Meta user accounts. A higher EMQ means more of your events are successfully attributed to the users who triggered them, which directly improves your campaign's targeting and reported conversions.
EMQ is affected by which user data fields you send:
- Email (
em) — the single highest-impact identifier. Hash it with SHA-256 before sending. Sending hashed email typically adds 2–3 points to EMQ. - Phone (
ph) — the second-most powerful identifier, especially for mobile-first users. Hash with SHA-256. - fbclid (
fbc) — the Facebook Click ID appended to your landing page URL when a user clicks a Meta ad. Capturing and passing this is critical — it creates a direct link between the CAPI event and the specific ad click. - fbp — the Meta browser cookie value. Capture this from the browser and pass it in your CAPI event.
- IP address and User-Agent — sent from your server, these help with probabilistic matching for users without other identifiers.
A typical EMQ target is 6.0 or above. Scores below 4 indicate that most events are not being attributed, and your CAPI setup is not providing useful signal to Meta's algorithm.
To achieve a score above 7, you generally need to send email and/or phone alongside the click ID. For an e-commerce store where customers create accounts or check out with an email address, email is almost always available — the main issue is capturing and passing it correctly in your CAPI event.
What Is Event Deduplication and Why Does It Matter?
When you run the Meta Pixel and CAPI simultaneously (which Meta recommends), the same purchase event will arrive at Meta twice: once from the browser Pixel and once from your server CAPI tag. Without deduplication, Meta counts two conversions where only one occurred.
Meta's deduplication mechanism works using the event_id parameter. When both the Pixel event and the CAPI event carry the same event_id, Meta deduplicates them and counts only one event.
The rules are:
- Both events must have the same
event_name - Both events must have the same
event_id - Both events must arrive within 48 hours of each other
Your event_id must be unique per event occurrence. The simplest approach is to use the order ID for purchase events, since it is unique per transaction and available in both the browser (at checkout confirmation) and on the server (in your order management system).
If you are not deduplicating, you will see inflated conversion counts in Meta Events Manager — which makes your ads look more efficient than they are and trains the algorithm on false signals.
CAPI vs. Meta Pixel: When Each Fires
| Situation | Meta Pixel | CAPI |
|---|---|---|
| User has ad blocker | Blocked | Delivered |
| Safari with ITP | Cookie capped at 7 days | No cookie dependency |
| iOS with ATT opt-out | Severely limited | Unaffected |
| User has JavaScript disabled | Blocked | Delivered |
| Offline conversion (in-store, phone sale) | Cannot capture | Can capture |
| Page view / scroll depth | Fires natively | Not typically used |
| Real-time engagement data | Available | Not ideal |
The practical implication: use both. The Pixel gives Meta real-time behavioural signals. CAPI gives Meta reliable conversion signals. Together, they give the algorithm the most complete picture of your funnel.
How to Implement CAPI via Server-Side GTM
The most practical implementation for most marketers is server-side Google Tag Manager (sGTM). You set up a server container, add a Meta Conversions API tag, and configure it with your Pixel ID and access token.
Here is the high-level process:
Step 1: Get your CAPI access token. In Meta Events Manager, navigate to your Pixel, click Settings, and generate a system user access token. This token authenticates your server's API calls to Meta.
Step 2: Set up your sGTM server container. You need a running server-side GTM container on a custom subdomain of your website. This is where the CAPI tag will live. Platforms like Firstag provision this in under 15 minutes with no GCP setup required.
Step 3: Add the Meta CAPI tag. In your server container, add a Facebook Conversions API tag (available as a community template or built-in depending on your setup). Configure it with your Pixel ID, access token, and parameter mapping.
Step 4: Map your parameters. Ensure your tag sends: event name, event time, event ID (for deduplication), user data (hashed email, phone, fbclid, fbp, IP, user agent), and custom data (value, currency, order ID for purchases).
Step 5: Capture the fbclid. This is the most commonly missed step. When a user clicks a Meta ad and lands on your site, Meta appends ?fbclid=... to the URL. You must capture this value in the browser and pass it through to the server container so the CAPI event can include it. In web GTM, capture the fbclid URL parameter and push it to the data layer.
Step 6: Test and verify in Events Manager. Use Meta's Test Events tool in Events Manager to confirm your CAPI events are arriving. Check the Event Match Quality score and the deduplication count.
What About the Meta Conversions API Gateway?
Meta offers its own managed solution called the Conversions API Gateway — a self-hosted container that sends events to CAPI without requiring custom code. It is simpler than sGTM but less flexible: you cannot enrich events with CRM data, route events to multiple platforms, or customise the data flow.
For advertisers who only need Meta CAPI and nothing else, the Gateway is a reasonable starting point. For anyone who also wants to send data to Google Ads, GA4, TikTok, or LinkedIn from the same server, sGTM is the more capable solution.
FAQ
Do I need to remove the Meta Pixel if I set up CAPI? No. Meta recommends running both. The Pixel captures browser-side behavioural signals that CAPI does not. CAPI ensures your conversion events arrive reliably regardless of browser conditions. Use both with proper deduplication via event_id.
What hashing algorithm does Meta require for user data? SHA-256. Before sending email, phone, or other PII to Meta's API, you must hash the values using SHA-256. Do not send raw email addresses or phone numbers. Most sGTM tag templates handle this automatically.
Why is my Event Match Quality score low? The most common reasons are: not sending hashed email (em), not capturing and passing the fbclid, or not sending fbp (the Meta browser cookie). Add these parameters to your CAPI tag configuration and your EMQ score will typically improve significantly.
Can CAPI track offline conversions? Yes. CAPI can receive events from any server-side source — not just your website. If a customer purchases by phone or in-store, you can send a Purchase event to CAPI from your CRM or order management system. These offline conversions will be attributed back to Meta ad campaigns via the match identifiers.
Is CAPI the same as the Facebook Conversions API? Yes. Meta renamed Facebook to Meta in 2021, and the Facebook Conversions API became the Meta Conversions API. The technology and endpoint are the same.
Conclusion
The Meta Conversions API is the solution to the data gap that browser-based pixel tracking creates. It sends your critical conversion events server-to-server, bypassing ad blockers, iOS restrictions, and cookie deprecation entirely. Running it alongside the Pixel — with proper deduplication and strong user data matching — gives Meta's algorithm the complete signal it needs to optimise your campaigns effectively.
The practical path to setting this up is a server-side GTM container. If you want to skip the GCP infrastructure, Firstag gives you a running sGTM server in under 15 minutes with INR pricing and no DevOps required.
Start your Firstag container free for 14 days at firstag.io.