One Bit

How to Set Up Facebook CAPI for WooCommerce and Shopify (2026)

Written by

khaled

in

Engineering

How to Set Up Facebook CAPI for WooCommerce and Shopify (2026)

One Bit  ·  April 2026  ·  10 min read

TL;DR: Facebook’s Conversions API (CAPI) sends purchase events directly from your server to Meta, bypassing iOS privacy restrictions and ad blockers. Without it, you are flying blind on 30-40% of your conversions. This guide covers the complete setup for both WooCommerce and Shopify, including the deduplication step most tutorials skip.

iOS 14.5 shipped in April 2021 and changed e-commerce advertising permanently. Before it, the Meta Pixel tracked almost every purchase. After it, browser-side tracking dropped 30-40% on iOS devices — and that number has only grown as Safari, Firefox, and ad blockers have tightened further.

The Meta Conversions API solves this by sending events from your server instead of the visitor’s browser. The server does not care about iOS privacy settings or ad blockers. It sends the Purchase event directly to Meta with hashed customer data, and Meta matches it to an ad click.

We run CAPI across both zamani and Coloring Palestine. Here is exactly how we set it up — and the deduplication mistake most guides do not mention.

30-40%
iOS conversion signal lost without CAPI
6+
Target Event Match Quality score
3 hours
Typical setup time

Step 1: Generate a Conversions API Access Token

Go to Meta Business Suite, then Events Manager. Select the pixel attached to your store. Click the Settings tab. Scroll down to the “Conversions API” section and click Generate Access Token.

Copy this token and store it somewhere secure — you will need it in the next step. Do not put it in your theme’s functions.php or anywhere that gets committed to version control.

Which pixel to use: If you have multiple Meta pixels, use the one attached to your ad account. Events Manager shows which ad account each pixel is linked to. Using the wrong pixel means your CAPI events land in a different dataset from your browser pixel events — and deduplication breaks.

Step 2: Install Server-Side Tracking on Your Store

WooCommerce

You have two paths:

Option A — Plugin (easiest): PixelYourSite Pro has native CAPI support. Install it, paste your access token, and it handles Purchase, AddToCart, and InitiateCheckout server-side events automatically. It also handles event deduplication using its own event ID system.

Option B — Custom n8n workflow (full control): This is what we use at One Bit. A WooCommerce webhook fires on woocommerce_payment_complete, sends order data to n8n, and n8n forwards a hashed CAPI Purchase event to Meta’s Graph API. More setup work, but you control exactly what data is sent and can add custom parameters.

The Graph API endpoint for CAPI events is:

POST https://graph.facebook.com/v21.0/{PIXEL_ID}/events
Content-Type: application/json

{
  "data": [{
    "event_name": "Purchase",
    "event_time": 1711929600,
    "event_id": "unique-uuid-here",
    "action_source": "website",
    "user_data": {
      "em": ["sha256_hashed_email"],
      "ph": ["sha256_hashed_phone"],
      "fn": ["sha256_hashed_first_name"],
      "ln": ["sha256_hashed_last_name"],
      "country": ["ae"],
      "zp": ["00000"]
    },
    "custom_data": {
      "currency": "AED",
      "value": 149.00,
      "content_ids": ["product-sku-123"],
      "content_type": "product"
    }
  }],
  "access_token": "YOUR_TOKEN_HERE"
}

Shopify

Shopify has a native CAPI integration. Go to Settings > Customer events, click Add connection, and select Facebook. Choose your pixel. Enable “Send server events” and paste your access token.

Shopify’s native integration covers the main purchase funnel: PageView, ViewContent, AddToCart, InitiateCheckout, Purchase. It handles hashing automatically.

Shopify gotcha: The native integration only fires events for orders processed through Shopify Checkout. If you use a third-party checkout or headless commerce setup, you need a custom implementation.

Step 3: Implement Event Deduplication

This is the step most tutorials skip, and it causes real problems if you miss it.

When you have both a browser pixel and CAPI running, every Purchase event fires twice — once in the browser, once from the server. Meta sees two Purchase events and counts them as two conversions. Your reported ROAS doubles. Your campaign data becomes useless.

The fix is a unique event_id. Here is how it works:

  1. When a customer lands on your order confirmation page, generate a UUID: crypto.randomUUID() in JavaScript works fine.
  2. Fire the browser pixel with that UUID: fbq('track', 'Purchase', purchaseData, {eventID: 'your-uuid-here'});
  3. Send the same UUID in your server-side CAPI call in the event_id field.
  4. Meta receives both events with the same event_id and counts them as one.

For WooCommerce with PixelYourSite: it handles this automatically. For custom n8n setups: generate the UUID on the thank-you page (JavaScript), store it in a session variable or pass it via a WooCommerce order meta field, then include it in the n8n CAPI call when the woocommerce_payment_complete hook fires.

Step 4: Hash Customer Data Correctly

CAPI matches events to Meta users using hashed PII. The matching happens on Meta’s side — you never send plain-text personal data. The fields Meta uses:

  • em — email (SHA-256, lowercase, trimmed)
  • ph — phone (SHA-256, E.164 format: +971501234567)
  • fn — first name (SHA-256, lowercase)
  • ln — last name (SHA-256, lowercase)
  • country — 2-letter ISO code (SHA-256, lowercase)
  • ct — city (SHA-256, lowercase, no spaces)
  • zp — zip/postal code (SHA-256)

In PHP:

$hashed_email = hash('sha256', strtolower(trim($customer_email)));
$hashed_phone = hash('sha256', preg_replace('/[^0-9+]/', '', $phone));
More fields = better match quality. Every additional hashed field improves your Event Match Quality score. For Middle East stores: always include country (ae, sa, kw, etc.) and phone. Phone matching is strong in this region since most customers use WhatsApp-linked numbers.

Step 5: Test and Verify in Events Manager

Before going live, use Meta’s test tool:

  1. In Events Manager, open your pixel and click Test Events.
  2. Copy the test event code (looks like TEST12345).
  3. Pass this code as test_event_code in your CAPI API call (remove it before going to production).
  4. Run a test purchase on your store.
  5. Confirm the event appears in Events Manager with source “Server” alongside the browser pixel event with source “Browser”.
  6. Verify both show the same event_id — this confirms deduplication is working.

After you go live, check your Event Match Quality score (shown in Events Manager for each event type). A score below 6 means Meta cannot reliably match the event to a user — your CAPI data is underperforming. Common causes: missing phone field, not sending country, or email not trimmed/lowercased before hashing.

Common Mistakes We See

  • No deduplication: Running browser pixel and CAPI without event IDs — ROAS appears doubled.
  • Wrong pixel ID: CAPI events land in a different dataset from browser pixel events — no deduplication possible.
  • Phone number format: Sending 0501234567 instead of +971501234567 — E.164 format is required for phone matching.
  • Test event code left in production: All production events land in test mode and are not counted in campaigns.
  • Missing currency: Always include currency and value in custom_data for Purchase events — without them, Meta cannot optimize for purchase value.

Not sure if your CAPI is set up correctly?

Get a free automated audit of your store’s ad tracking setup — we check for Facebook Pixel, GTM, GA4, and flag common configuration issues.

Get Free Audit

Related

Engineering

WooCommerce Speed Optimization: How We Got from 4 Seconds to 0.3 Seconds

Engineering

How We Run Multiple Brands With a Small Team: Our Automation-First Approach

E-commerce ops, once a month.

Automation workflows, ad setups, and store optimizations from building two brands across 26 countries. No fluff.

More posts