Meta Conversions API After iOS 14 — Server-Side Tracking That Works • Meteora Web Agency

Running Meta ads after iOS 14? You already know the Pixel alone is broken. Apple’s tracking restrictions cut up to 40% of conversion data. At Meteora Web, we’ve seen it with our clients: an e‑commerce store lost 30% of attributed purchases overnight. The fix is the Meta Conversions API (CAPI) — server-side event sending that bypasses browser limits. This guide shows you exactly how to implement it, with real PHP code and a no‑fluff checklist.

Why client-side Pixel tracking fails after iOS 14?

The Meta Pixel runs JavaScript in the user’s browser. Since iOS 14 (and now with Android Privacy Sandbox), Apple forces apps and websites to ask for tracking permission via App Tracking Transparency. Most users say “no”. The result: no events, broken attribution, lookalike audiences built on incomplete data. At Meteora Web, we’ve seen campaigns where ROAS dropped 60% overnight. The Pixel is still useful – but it’s no longer enough. You need a second channel: server-side.

How does Conversions API work compared to the Pixel?

Conversions API sends events directly from your server to Meta. It’s not blocked by ad blockers or iOS restrictions. Events arrive via HTTPS with hashed user data for privacy. A key feature is deduplication: if you send the same event from both Pixel and CAPI, Meta compares a unique event_id and counts it once. Clean data, no double counting. You can also send offline events like in‑store purchases or phone leads.

Which events should you send and how to structure them?

Start with the conversions that matter: Purchase, Lead, AddToCart, CompleteRegistration. Each event must include:

event_name (string, e.g. "Purchase")
event_time (Unix timestamp)
event_id (unique string for deduplication)
user_data (hashed email, phone, name – all SHA‑256)
custom_data (value, currency, content IDs)

Hash user data client‑side or server‑side before sending. Meta requires SHA‑256. Normalize first: lowercase, trim. A common mistake: sending raw emails – Meta discards them. In our projects, we built a simple PHP helper to automate hashing.

function meta_hash_user_data($data) {
    $data = strtolower(trim($data));
    return hash('sha256', $data);
}

How to implement CAPI with a practical PHP example?

You need your Pixel ID and an Access Token from Business Manager (Events Manager > Settings > Generate token). Here’s a working PHP function to send a Purchase event:

function sendMetaCAPIEvent($pixel_id, $access_token, $event) {
    $url = "https://graph.facebook.com/v21.0/{$pixel_id}/events";
    $data = array(
        "data" => array($event),
        "access_token" => $access_token
    );
    $ch = curl_init($url);
    curl_setopt($ch, CURLOPT_POST, true);
    curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data));
    curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: application/json'));
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    $response = curl_exec($ch);
    curl_close($ch);
    return $response;
}

$event = array(
    "event_name" => "Purchase",
    "event_time" => time(),
    "event_id" => uniqid("purchase_", true),
    "user_data" => array(
        "em" => meta_hash_user_data($customer_email),
        "ph" => meta_hash_user_data($customer_phone)
    ),
    "custom_data" => array(
        "currency" => "EUR",
        "value" => 59.99,
        "content_ids" => array("SKU123"),
        "content_type" => "product"
    ),
    "event_source_url" => "https://www.yourstore.com/checkout/success"
);

$response = sendMetaCAPIEvent(YOUR_PIXEL_ID, YOUR_ACCESS_TOKEN, $event);

Check the JSON response: "events_received": 1 means success. Common errors: expired token, wrong pixel ID, malformed JSON.

How to avoid duplicate events and test CAPI?

Duplication is the #1 issue. If you send the same event via Pixel and CAPI without event_id, Meta counts it twice. Use the same event_id in both channels – typically the order ID or lead ID. Meta deduplicates automatically. To test: use Meta’s Events Testing Tool in Events Manager. You can also install the Meta Pixel Helper Chrome extension to check browser events. But the real validation is server‑side logs: expect HTTP 200 with events_received: 1.

What to do now — CAPI activation checklist

Follow these steps. We’ve tested them with every client at Meteora Web.

Get Pixel ID and Access Token – Go to Business Manager > Events Manager > Settings > Generate token.
Choose your setup – CAPI only (if you block Pixel for GDPR) or dual with deduplication. We recommend both for maximum coverage.
Implement server‑side sending for key events – Start with Purchase and Lead. Adapt the PHP code above to your stack.
Hash user data – Normalize and SHA‑256. Never send plaintext emails or phone numbers.
Deduplicate with event_id – Use your order/lead ID as event_id in both Pixel and CAPI.
Test in Events Manager – Send a test event from your server and check the “Test” section of your pixel.
Monitor for 7 days – Compare conversion data before and after. You’ll see the recovered attributions.