Conversion API Setup Across All Major Platforms

I'm going to tell you something I see in roughly seven out of ten ad accounts that come to Ngital for an audit. The pixel is firing. The tag manager shows green checkmarks. The platform dashboards report conversions. The client believes their tracking is working.

And then we open the diagnostics tab in Events Manager, or pull a Google Ads conversion verification report, and the numbers tell a completely different story. Event Match Quality scores sitting at 4.2 out of 10. Deduplication failures between browser and server events running at 38%. Customer information being sent to Meta that's just an email address with no phone, no IP, no user agent, no fbp cookie. iOS users showing up as 12% of conversions when they're 40% of the site's traffic.

The tracking isn't broken in the way most people understand "broken." Events are firing. Numbers are showing up. The platforms are reporting back. But the signal those platforms are using to optimize against — the signal that determines who sees the ads, when, at what cost, with what creative — is corrupted. And every campaign dollar spent against corrupted signal is, by definition, suboptimal spend.

This is what server-side Conversion API setup actually fixes. Not the visible tracking that anyone can see in a dashboard. The invisible signal quality that determines whether your campaigns get smarter over time or just keep paying more for the same results.

What I'm going to walk through in this post is the actual technical implementation of Conversion API across every major platform — Meta, Google, TikTok, LinkedIn, Snap, Pinterest, and X. Not the marketing-pitch version where everything sounds easy. The real version where you understand the parameters that matter, the user data signals that drive match quality, the deduplication mechanics that prevent double-counting, and the platform-specific quirks that catch most implementations off guard.

If you're a brand owner or marketer in Bangladesh trying to evaluate whether your current setup is solid, this guide gives you the diagnostic framework. If you're a developer or in-house analytics person actually building this stuff, this gives you the parameter-level detail to do it right the first time.

Fair warning: this is the most technical post on the Ngital blog. There's no way to make Conversion API genuinely useful without the technical depth. Skip the parts that don't apply to your platforms and read the rest carefully.

Why this matters more than it did three years ago

Let me set the context briefly before going platform by platform.

Up to around 2020, browser-based pixel tracking worked acceptably well. A snippet of JavaScript on your site fired events, the browser sent those events to ad platforms, and the platforms used that data to optimize campaigns and report attribution. The whole system depended on third-party cookies, predictable cross-site tracking, and minimal user consent constraints.

Then several things happened in rapid succession.

Apple shipped iOS 14.5 in April 2021, requiring apps to ask users for permission to track. The opt-in rate landed around 25% globally. For Meta specifically, this destroyed roughly 30-50% of the conversion signal they were receiving from iOS users — depending on the vertical, the audience, and how aggressive the brand's previous attribution had been.

Safari aggressively expanded its Intelligent Tracking Prevention. Firefox shipped Enhanced Tracking Protection by default. Chrome announced and then repeatedly delayed third-party cookie deprecation, but did ship Privacy Sandbox components that limit cross-site signal.

Ad blockers, which were already at 30-40% penetration in many markets, became standard on mobile through built-in browser features. Brave shipped with blocking enabled by default. Even Edge added tracking prevention.

The EU's GDPR enforcement intensified. Bangladesh's data protection landscape stayed relatively undefined, but international clients started demanding consent frameworks that further restricted browser-side tracking.

The cumulative effect: the browser-based pixel that worked beautifully in 2019 was, by 2022, missing somewhere between 25% and 60% of actual conversions depending on platform and audience. And the platforms, optimizing against this incomplete data, were making progressively worse decisions about who to show ads to.

Conversion API solves this by moving the conversion signal from the browser to the server. When someone buys something on your site, instead of relying on a pixel firing in their browser (which may be blocked, restricted, or stripped of identifiers), your server directly tells Meta, Google, TikTok, or wherever — "this person, with these identifying signals, just completed this conversion, for this amount, at this time."

The platforms then match this server-side event to their user base using the identifying signals you sent, and use it to optimize campaigns. Match quality depends on how many identifying signals you send and how clean those signals are. This is where most implementations fall apart, and it's where this guide spends most of its time.

What "good" actually looks like before we go platform by platform

A few principles cut across every platform's Conversion API, so let's establish them upfront rather than repeating them seven times.

Dual tracking is the standard, not server-only. You almost always want browser-based pixel tracking AND server-side Conversion API both running. Browser events catch things like add-to-cart actions, page views, and engagement signals that don't necessarily have server-side equivalents. Server events catch the conversions that browsers miss. The platforms deduplicate the two streams using event IDs.

Event IDs are the bridge. Every event you send needs a unique event ID that matches between browser and server. If you fire a Purchase event from the browser pixel with event ID purchase_2026_05_27_abc123, your server-side Conversion API event for the same purchase must use the exact same event ID. This is how the platform knows not to count it twice.

User data matching parameters are what determine quality. Email, phone number, first name, last name, city, state, country, zip, IP address, user agent, click ID (fbc), browser ID (fbp), external ID. The more of these you send for each event, the higher the match rate. Each parameter must be hashed (SHA-256) before sending, except for the IDs that platforms specifically want unhashed. This is where most agencies cut corners — sending only email when they could be sending eight or nine signals.

Hashing must be done correctly. Lowercase the value, trim whitespace, normalize the format (e.g., remove formatting from phone numbers, keep only digits with country code), then SHA-256. A common implementation bug: hashing John@Example.com instead of john@example.com. The resulting hash doesn't match what the platform has on file, and match quality drops.

The browser pixel still feeds critical signals. Don't pull out the browser pixel when you implement Conversion API. The fbp cookie (Facebook browser ID), fbc parameter (click ID from ads), and similar identifiers from other platforms are set by the browser pixel and then sent through the server-side event. Without those, server-side match quality drops significantly.

Latency matters but not as much as people think. Platforms generally want events delivered within an hour of the actual action. Real-time is ideal. Batched delivery every 15 minutes is fine. Once-daily batches start hurting optimization but won't kill it. Anything over 24 hours becomes problematic for some platforms' optimization windows.

Test mode is mandatory before going live. Every platform has a test or sandbox mode for Conversion API. Use it. The number of implementations I've seen go live with broken hashing, wrong event names, or malformed payloads — all of which would have caught in test mode — is genuinely depressing.

With those principles established, let's go platform by platform.

Meta Conversion API

This is the one most Bangladeshi brands need first, and the one most worth getting right. Meta's CAPI is also the most mature and best-documented of the platforms covered here, which is good news for implementation but creates a paradox: precisely because the documentation is comprehensive, the implementation surface area is larger and more places to mess up exist.

What you need before starting

A Meta Business Manager account with the Pixel already installed and firing browser events. The Pixel ID. Admin access to the ad account. Either a Conversions API access token (generated in Events Manager under Settings) or a configured integration through Google Tag Manager Server-Side, Segment, Stape, or one of the partner integrations.

The implementation path most Bangladeshi brands should take

You have three realistic options.

Option one: native server implementation. Your developers write code that calls Meta's Graph API directly, posting events to https://graph.facebook.com/v18.0/{pixel-id}/events with the access token. This gives full control, lowest ongoing cost, but requires actual development capacity and ongoing maintenance.

Option two: GTM Server-Side. You set up Google Tag Manager Server Container, route conversion events through it, and use Meta's GTM Server tag to forward events. This is the option I recommend most often — it gives you a single server-side container handling all your platforms, the implementation is more accessible than raw code, and you can manage it through GTM's interface. Cost: roughly $120/month for Google Cloud Run hosting plus initial setup time.

Option three: managed integrations like Stape, Segment, or RudderStack. These platforms handle the server infrastructure and provide pre-built connectors. Faster to deploy, no hosting management, but ongoing costs that grow with traffic volume.

For a brand sending under 50,000 conversions monthly, GTM Server-Side is almost always the right choice. For higher-volume operations, native implementation becomes more cost-effective. For brands without internal technical resources, managed integrations are the path of least resistance even at higher cost.

The user data parameters that matter, ranked by impact

When you send a Meta CAPI event, the user_data object can contain a substantial list of fields. Not all of them affect match quality equally. Here's my working ranking based on what actually moves Event Match Quality scores:

The two strongest signals are email (em) and phone (ph). Each must be lowercased, trimmed, and SHA-256 hashed before sending. Phone numbers must include country code and contain only digits — +8801601-654800 becomes 8801601654800 before hashing.

The next tier is the browser identifiers: fbp (Facebook browser cookie, captured automatically by the pixel and passed to your server) and fbc (Facebook click ID, captured from URL parameters when users click your ads). Always send these unhashed. They're set by the pixel; your server-side event reads them from the request and forwards them.

Third tier: client IP address (client_ip_address) and client user agent (client_user_agent). Both unhashed. These help Meta match events to user sessions, especially for users whose email or phone you don't have but who clicked an ad recently.

Fourth tier: first name (fn), last name (ln), city (ct), state (st), country (country), zip (zp), gender (ge), date of birth (db), external ID (external_id). All hashed except external_id, which is your own internal user ID.

For a Bangladeshi e-commerce checkout where you collect name, email, phone, and delivery address, you should be sending: hashed email, hashed phone, hashed first name, hashed last name, hashed city, hashed country code (bd), hashed zip if collected, the fbp and fbc from the cookies, client IP, and client user agent. If you're sending only hashed email plus IP, you're leaving substantial match quality on the table.

Event Match Quality — what the numbers actually mean

Meta scores your Event Match Quality on a 0-10 scale visible in Events Manager. The score is calculated per event type (Purchase, Lead, Add to Cart, etc.) and aggregated across your pixel.

Below 4.0 means you're sending so little identifying information that Meta can't reliably match your events to users. Optimization will be poor.

4.0 to 6.0 is the range where many Bangladeshi accounts sit. Acceptable but leaving optimization performance on the table.

6.0 to 8.0 is the range competent implementations achieve. Most events are matching, optimization is working reasonably.

8.0 to 10.0 is the range that requires deliberate effort — comprehensive user data parameters, clean hashing, fbp/fbc properly captured, IP and user agent included. Hitting 8.5+ on Purchase events should be the target for any serious account.

The diagnostic flow when scores are low: check what user data parameters you're sending per event type, verify the hashing is correct (Meta provides a diagnostic that flags hashing errors), confirm fbp and fbc are being captured and forwarded, ensure event deduplication is working.

Deduplication — the silent killer

When you run both browser pixel and server CAPI for the same conversion, Meta deduplicates using a combination of event ID and event timestamp. If deduplication fails, the same conversion gets counted twice, inflating reported conversions and breaking optimization.

The correct setup: when a Purchase happens, your browser pixel fires fbq('track', 'Purchase', {value: 1500, currency: 'BDT'}, {eventID: 'purchase_5829473'}) and your server simultaneously sends an event to CAPI with event_id: 'purchase_5829473'. Same event ID. Same event name. Within 48 hours of each other (ideally same second). Meta sees both arrive with matching event IDs and counts only one.

Diagnostic check: in Events Manager, look at your deduplication rate. It should be approaching 100% for events you're firing both ways. If it's 60%, you're double-counting 40% of conversions in some sense — though Meta's internal deduplication will often catch what your event IDs miss, the reported numbers become unreliable.

Test event sending before going live

Meta provides a test event code you can include in your CAPI events. Events sent with this code show up in real-time in the Test Events tab of Events Manager, where you can verify event names, parameters, hashing, and matching before you start sending real production data. Use it for at least a full day of testing before going live. Fix every warning that appears. Then remove the test event code.

Google Ads Enhanced Conversions and the Conversion API

Google's server-side conversion infrastructure works differently from Meta's, both conceptually and operationally. Understanding the differences prevents implementation mistakes that come from assuming the platforms work the same way.

Google has two related but distinct server-side conversion mechanisms: Enhanced Conversions for Web (which is essentially server-augmented browser tracking) and Enhanced Conversions for Leads (which handles offline conversion data). For most Bangladeshi e-commerce and lead generation use cases, Enhanced Conversions for Web is what you'll implement.

What Enhanced Conversions actually does

When a conversion happens on your site, Google's standard conversion tracking captures the gclid (Google Click ID) from the URL parameter set when the user clicked your ad. Enhanced Conversions augments this with first-party customer data — hashed email, phone, name, address — that Google uses to match the conversion to a Google account, even when the gclid is missing or expired.

This matters for several scenarios. Users who clicked your ad on one device and converted on another. Users whose gclid was stripped by browser privacy features. Users converting through long sales cycles where the gclid has aged out. Conversions completed in Incognito mode where the click attribution chain is broken.

The implementation lifts attribution accuracy substantially — typically recovering 5-15% of conversions that would otherwise be unattributed, with corresponding improvements in Smart Bidding performance because the auto-bidder is now optimizing against more complete data.

Implementation paths

Google offers more implementation flexibility than Meta does, partly because Google Ads has been pushed to integrate with everything.

Through Google Tag Manager: the easiest path. You install the Google Ads Conversion Tracking tag, then enable Enhanced Conversions in the tag configuration, and tell GTM which user data variables to capture from the conversion page. GTM handles the hashing and sends the augmented data.

Through Google Tag (gtag.js): direct implementation in your site's JavaScript. You configure the Google Tag with allow_enhanced_conversions: true and pass user data with each conversion event. Requires more developer work than GTM but gives finer control.

Through the Google Ads API: pure server-side implementation where your server posts conversion data directly to Google. Required for offline conversion uploads. Possible for online conversions but less common because GTM and gtag.js handle online conversions adequately.

Through a CRM integration: if your conversions happen in a CRM (HubSpot, Salesforce, Zoho), Google offers direct integrations that pull conversion data through APIs the CRM exposes. Best for lead generation businesses where the conversion is "deal closed" rather than "form submitted."

The Google-specific quirks

Google requires you to specifically opt into Enhanced Conversions in the Google Ads UI under the conversion action settings. Just sending user data without enabling the feature does nothing. This catches a surprising number of implementations.

Google's hashing requirements are nearly identical to Meta's (SHA-256, lowercased, trimmed) but with one important difference: Google can also accept unhashed data and hash it itself if you set the appropriate parameter. This is convenient but requires HTTPS and is generally less robust than client-side hashing. I recommend always hashing before sending.

Google uses a slightly different set of priority signals than Meta. Email is the strongest signal (Google has massive Gmail-based identity coverage). Phone is second. Address components are third. Click ID (gclid) augments these but isn't the primary signal.

Google's diagnostic interface for Enhanced Conversions is less mature than Meta's Event Match Quality. You'll find diagnostics in Google Ads under Conversions > the specific conversion action > Diagnostics. The information is less granular than Meta's but adequate for verifying basic correctness.

The Google Analytics 4 connection

GA4 has its own server-side data import via the Measurement Protocol API. This is conceptually similar to a Conversion API but feeds GA4 rather than Google Ads directly. For most Bangladeshi brands running both Google Ads and GA4, the right architecture is: server-side events go to GA4 via Measurement Protocol, GA4 conversions get imported into Google Ads as conversion actions, Enhanced Conversions runs on top to augment match rates.

This three-layer architecture is more complex than it sounds when you write it out, but each piece does specific work. Skipping the GA4 layer means you lose the analytics depth GA4 provides. Skipping Enhanced Conversions means lower match rates. Skipping the Measurement Protocol means you can't capture conversions that don't happen in the browser.

TikTok Events API

TikTok's Events API is the youngest of the major server-side conversion implementations and shows it. The documentation is improving but still less comprehensive than Meta's or Google's. The error messages are less helpful when things go wrong. The diagnostic tooling is thinner.

That said, for any Bangladeshi brand running TikTok Ads at meaningful scale, Events API is non-optional. TikTok's algorithm is unusually aggressive about optimizing on signal quality — campaigns with poor conversion data feedback degrade faster on TikTok than on Meta or Google.

The basic flow

TikTok requires a TikTok Pixel installed on your site (creates the ttclid cookie when users click ads, fires browser-side events) and a separate Events API integration that fires server-side events. Like Meta, the two streams deduplicate using event IDs.

The server-side endpoint is https://business-api.tiktok.com/open_api/v1.3/event/track/. Authentication uses an Access Token generated in TikTok Ads Manager under Tools > Events. Each event posts JSON with the pixel code, event name, timestamp, user data, and properties.

Identifying signals TikTok wants

The strongest TikTok signal is ttclid — the TikTok click ID, captured from URL parameters when users click ads. Always send this unhashed.

Second tier: hashed email, hashed phone, IP address (unhashed), user agent (unhashed), ttp cookie (TikTok's browser identifier, set by the pixel, equivalent to Meta's fbp).

Third tier: hashed first name, hashed last name, hashed city, hashed country code, hashed zip, hashed external ID (your internal user ID).

TikTok's hashing rules: lowercase, trim whitespace, SHA-256. Same as Meta and Google.

Event names matter more on TikTok

TikTok uses standardized event names for its optimization model: CompletePayment, Purchase, PlaceAnOrder, InitiateCheckout, AddToCart, AddPaymentInfo, Search, ViewContent, Contact, SubmitForm, Subscribe, Download, CompleteRegistration. Use these exact names. Custom event names exist but optimize poorly compared to standard events.

I see this mistake constantly: a Bangladeshi developer firing a "PurchaseComplete" or "OrderSuccess" event because that's what their site code already used. TikTok's algorithm doesn't recognize these as conversion events for optimization purposes. The campaigns then optimize toward other available signals — usually page views or add-to-carts — and conversion volume suffers dramatically.

The TikTok testing process

TikTok provides a test event tool in Events Manager that shows incoming events in real time. Test thoroughly before going live. The documentation specifically recommends running test events for 24 hours before activating server-side tracking in optimization.

TikTok also requires you to configure event mappings in the Events Manager UI — telling TikTok which events from your pixel and Events API correspond to your conversion goals. This is separate from sending the events themselves and is required for the events to count toward campaign optimization.

LinkedIn Conversions API

LinkedIn's Conversions API is purpose-built for B2B lead generation tracking. If your business runs LinkedIn campaigns for high-value lead generation, this is essential. If you're running B2C consumer campaigns, you probably don't need LinkedIn at all, so this section may not apply to your stack.

LinkedIn's implementation differs from the consumer platforms in a few important ways.

Conversion model is different

LinkedIn's optimization model is built around B2B lead quality more than B2C conversion volume. The conversion events that matter are weighted differently — a qualified lead from a SaaS sales team carries different significance than a B2C purchase event.

The Conversions API allows you to send not just the conversion event but also lead status updates over time. A user submits a form (lead event), gets qualified by sales (qualified lead event), books a demo (booked demo event), becomes a customer (closed-won event). Each subsequent event updates LinkedIn's understanding of lead quality and feeds back into campaign optimization.

For Bangladeshi B2B businesses — SaaS companies, agencies selling enterprise services, technology vendors — this multi-stage event tracking is the entire point of using LinkedIn's Conversions API. Without it, LinkedIn optimizes toward form submissions, which produces high volume of poor-quality leads. With it, LinkedIn learns which leads actually convert downstream and optimizes accordingly.

Implementation specifics

The endpoint is https://api.linkedin.com/rest/conversionEvents. Authentication uses OAuth 2.0 with a token generated for your LinkedIn marketing developer platform application. Each event includes the conversion type ID, event timestamp, user identifying data, and conversion value.

LinkedIn user data parameters include hashed email, hashed first name, hashed last name, hashed company, hashed title, LinkedIn member ID if available, and standard browser data (IP, user agent). LinkedIn's strongest signal is hashed email matched against LinkedIn member emails.

CRM integration is usually the right path

Most LinkedIn Conversions API implementations are best done through CRM integration rather than custom code. HubSpot, Salesforce, and Zoho all offer LinkedIn Conversions API connectors that automatically forward lead status changes from your CRM to LinkedIn. For Bangladeshi B2B businesses already operating on these CRMs, this integration is essentially turnkey.

For businesses without CRM infrastructure, the right answer is usually "set up the CRM first, then integrate to LinkedIn" rather than "build custom Conversions API integration without a CRM." LinkedIn campaigns without proper downstream tracking are essentially throwing money at a B2B platform without learning who converts.

Snap Conversions API

Snap's Conversions API serves Snapchat advertisers. In the Bangladesh market, Snapchat advertising is meaningful primarily for consumer brands targeting younger demographics — fashion, FMCG, food and beverage, entertainment. If you're not running Snap ads, skip this section.

Implementation overview

Snap's CAPI endpoint is https://tr.snapchat.com/v2/conversion. Authentication uses a long-lived API token generated in Snap Ads Manager. The pixel ID (Snap calls it the Snap Pixel ID) gets included in each event payload.

User data parameters Snap accepts: hashed email, hashed phone, hashed IP, hashed user agent, click ID (sccid, set by Snap Pixel when users click ads), Snap user identifier (sc_cookie1, set by the pixel).

Notice that Snap requires hashing of IP and user agent, which most other platforms don't. This is a Snap-specific implementation detail that catches developers who assume platforms work the same way.

Snap also accepts standard event names: PURCHASE, SAVE, START_CHECKOUT, ADD_CART, VIEW_CONTENT, ADD_BILLING, SIGN_UP, SEARCH, PAGE_VIEW, SUBSCRIBE, AD_CLICK, AD_VIEW, COMPLETE_TUTORIAL, INVITE, LOGIN, SHARE, RESERVE, ACHIEVEMENT_UNLOCKED, ADD_TO_WISHLIST, SPENT_CREDITS, RATE, START_TRIAL, LIST_VIEW, APP_OPEN, APP_INSTALL. Custom events exist but optimize less effectively.

Snap's documentation is among the better ones

Compared to TikTok's documentation, Snap's CAPI documentation is unusually clear and includes working examples in multiple languages. If you're implementing across multiple platforms, Snap is often the easiest after Meta.

Pinterest Conversions API

Pinterest's Conversions API matters for Bangladeshi brands in specific niches — home decor, fashion, wedding services, food and recipes, beauty. Outside these verticals, Pinterest advertising is rarely significant enough to justify CAPI implementation effort.

For brands where Pinterest is a meaningful channel, the implementation is straightforward.

Endpoint and authentication

Pinterest's API uses https://api.pinterest.com/v5/ad_accounts/{ad_account_id}/events. Authentication through Pinterest Ads Manager OAuth tokens. The Pinterest tag (their pixel equivalent) handles browser events and sets the _epik cookie.

User data parameters

Hashed email, hashed phone, hashed first name, hashed last name, hashed city, hashed state, hashed country, hashed zip, hashed external_id (your user ID), click ID (epik from cookies), IP address, user agent.

Standard event names: page_visit, sign_up, checkout, add_to_cart, watch_video, lead, search, view_category, custom.

Pinterest's diagnostic tooling is thinner than Meta's. You verify events through the Events tab in Ads Manager. Test mode exists but is less prominent in the UI than competitors offer.

X (Twitter) Conversion API

X's Conversion API is the newest of the major platforms and currently the least mature. If you're running ads on X, the implementation is worth doing, but expect rougher edges than the established platforms.

Implementation specifics

The endpoint is https://ads-api.twitter.com/12/measurement/conversions/{pixel_id}. Authentication uses OAuth 1.0a — yes, the old protocol — with consumer keys and tokens from your X developer application. This is more complex than the OAuth 2.0 implementations used by other platforms and trips up many developers.

User data fields X accepts include hashed email, hashed phone, X user ID (twclid from cookies), conversion ID, conversion time, conversion value.

Event names follow X's taxonomy: Purchase, AddToCart, ContentView, CheckoutInitiated, Subscribe, AddToWishlist, SignUp, Search, Custom.

The state of X advertising in 2026

X's advertising platform has been in transition since the ownership change in 2022. Implementation reliability has been inconsistent. The platform's user data quality has fluctuated. Several Bangladeshi brands that previously invested in X advertising have shifted budget to more stable platforms.

I include X for completeness, but in client recommendations I generally suggest treating X CAPI as a lower priority than the other platforms covered here unless you have specific strategic reasons for X investment.

Cross-platform architecture decisions

Now that we've walked through each platform individually, let's talk about architecture for brands running ads across multiple platforms simultaneously — which describes most serious Bangladeshi advertisers.

You have three architectural choices.

Option A: Independent integrations per platform

You implement Meta CAPI, Google Enhanced Conversions, TikTok Events API, and so on as separate integrations, each connected directly to your application code. When a conversion happens, your application fires events to each platform independently.

Pros: simple to reason about. Each platform's integration is isolated. Debugging is straightforward.

Cons: substantial code duplication. Every platform's data formatting, hashing, and authentication is implemented separately. Maintenance scales linearly with platform count. Changes to your conversion data model require updating every platform integration.

When this makes sense: small operations with one or two platforms and no plans to add more.

Option B: Server-side tag management (GTM Server-Side, Stape, etc.)

You implement a single server-side tag manager that receives conversion events from your site, then forwards them to each platform using pre-built tags. Your application code only needs to send events to one endpoint (the server-side container).

Pros: significantly less custom code. Pre-built tags for each platform. Centralized management. Easy to add new platforms.

Cons: requires understanding of tag management concepts. Monthly hosting cost (GTM Server-Side runs on Google Cloud Run, typically $50-200/month depending on traffic). Some advanced platform features require workarounds in the tag manager environment.

When this makes sense: most brands running 3+ platforms. This is my default recommendation for Ngital clients.

Option C: Customer Data Platform (Segment, RudderStack, mParticle)

A full CDP receives events from your applications, enriches them with customer data, and routes to dozens of destinations including all major ad platforms.

Pros: most powerful architecture. Unified customer data. Enrichment capabilities. Compliance and consent management built in. Works for analytics, advertising, and operational tools.

Cons: substantial cost (Segment pricing starts around $120/month for small operations and scales to four-figure monthly costs for larger operations). Implementation complexity. Overkill if your only use case is ad platform tracking.

When this makes sense: brands operating at scale with sophisticated data needs beyond just advertising — typically organizations with full product analytics, lifecycle marketing, and operational data flows.

For Bangladesh-context advice: most brands at our scale do best with Option B. The hosting cost of GTM Server-Side is trivial compared to ad budget waste from poor tracking, and the flexibility to add platforms as needed compounds value over time.

The implementation order I recommend

If you're starting from scratch and need to prioritize, here's the sequence I'd suggest for most Bangladeshi brands.

First week: get your existing browser pixels healthy. Don't implement server-side anything until your browser-side tracking is firing correctly. Audit which events fire, what parameters they include, whether deduplication IDs are present. Fix obvious gaps. This often improves performance even before any server-side work.

Weeks 2-3: implement Meta CAPI. Almost every Bangladeshi advertiser runs Meta as their largest paid channel. The highest-leverage server-side investment is here. Target Event Match Quality of 8.0+ on Purchase events within the first month.

Weeks 3-4: implement Google Enhanced Conversions. Generally simpler than Meta CAPI, especially through GTM. The match quality lift compounds with Smart Bidding to produce noticeable improvements over a 4-8 week observation window.

Weeks 5-6: add TikTok Events API if you're running meaningful TikTok ad spend. The platform punishes accounts with poor signal quality more than others do, so the implementation pays back faster.

Beyond week 6: add other platforms as needed — LinkedIn for B2B operations, Snap for youth-targeting consumer brands, Pinterest for visual commerce, X if it's strategic for you.

The mistake I see most often in Bangladesh

Brands trying to implement everything simultaneously. The Conversion API setup gets rushed across five platforms, every implementation has minor errors that nobody catches because attention is split, and three months later the brand is convinced "CAPI doesn't work" because their match quality is sitting at 4.5 across the board.

Better approach: do Meta thoroughly first. Verify Event Match Quality climbs to 8.0+. See the campaign performance improvements that result. Use that as the reference for what good implementation looks like. Then replicate the pattern on other platforms.

How to know your implementation is actually working

The biggest gap I see between "we implemented CAPI" and "CAPI is delivering value" is brands who don't actually verify the implementation post-launch. Here's the diagnostic framework I use.

For Meta: Event Match Quality scores in Events Manager. Target 8.0+ on Purchase events, 7.0+ on Leads, 6.0+ on engagement events like Add to Cart. Deduplication rate approaching 100% for dual-tracked events. Server events showing in Events Manager with rich user data parameters. Test events validating before going live.

For Google: Enhanced Conversions diagnostic in Google Ads showing successful match rates. Smart Bidding performance over 4-8 weeks post-implementation showing improvement (lower CPA, higher conversion volume at similar spend). GA4 events flowing through Measurement Protocol if you implemented that layer.

For TikTok: Events Manager showing both browser and server events firing. Conversion events using standard event names. Test events validating before activation. Diagnostics tab showing no errors. Cost per acquisition trending down over 4-6 weeks post-implementation.

Universal indicators across platforms: campaigns running 4-8 weeks post-implementation with deliberate measurement should show meaningful CPA improvements, not marginal ones. If you've implemented CAPI properly and your CPA hasn't moved measurably after two months, something is wrong with the implementation regardless of what dashboards report.

The investigation flow when results aren't matching expectations: re-audit user data parameters being sent (probably you're sending less than you think), verify hashing correctness (probably some parameter isn't hashing right), check deduplication setup (probably event IDs aren't matching), confirm test events validated cleanly before going live (probably they didn't).

The privacy and consent layer most implementations skip

A final topic that's becoming increasingly important. Conversion API moves conversion data to your server before sending to ad platforms, which means your server is now handling customer personal data — email, phone, IP — for advertising purposes.

This has legal implications that depend on your jurisdiction and your customers' jurisdictions. Bangladeshi data protection law is still evolving. EU customers are covered by GDPR. California customers by CCPA. Brazilian customers by LGPD. International e-commerce makes this a real concern even for Bangladesh-headquartered brands.

The principles to implement: explicit consent management before firing any tracking events (a proper consent management platform like Cookiebot, OneTrust, or Usercentrics). Clear privacy policy disclosure of what data is collected and where it's sent. Honoring user opt-outs server-side, not just browser-side (this is where most implementations fail — they suppress the browser pixel for opt-out users but still fire server events). Data minimization (only sending the user parameters actually needed for matching, not everything you have).

For Bangladeshi brands selling primarily domestically, the immediate legal exposure is lower than for brands selling internationally — but the privacy practices that matter to international expansion are worth building correctly from the start rather than retrofitting later.

What this looks like in production for a typical Bangladeshi e-commerce brand

Let me make this concrete with a realistic example.

A mid-sized Bangladeshi e-commerce brand sells across categories, runs Meta and Google ads as primary channels with TikTok as a third channel, has a Shopify or custom e-commerce stack, processes around 8,000 orders monthly with average order value around BDT 2,500.

Their proper Conversion API architecture looks like this.

The website has Meta Pixel, Google Tag (gtag.js), and TikTok Pixel installed for browser-side tracking. Events fire on PageView, ViewContent, AddToCart, InitiateCheckout, Purchase. Each event includes a unique event ID and standard event parameters.

A GTM Server-Side container runs on Google Cloud Run, receiving events from the browser through a server-side endpoint on a subdomain (events.brandname.com pointing to the GTM Server container). The container has tags configured for Meta CAPI, Google Ads Enhanced Conversions, TikTok Events API, and GA4 Measurement Protocol.

When a purchase happens: browser pixels fire client-side events with event IDs. Simultaneously, the checkout completion page sends a server-side event through the GTM Server endpoint with full user data — hashed email, hashed phone, hashed name, hashed address fields, IP, user agent, fbp, fbc, ttclid, gclid, event ID matching the browser event. The Server Container processes this single inbound event and fans it out to Meta CAPI, Google Enhanced Conversions, TikTok Events API, and GA4 — each with platform-specific formatting and authentication.

Meta receives the event, deduplicates against the browser pixel event using the matching event ID, calculates Event Match Quality based on the rich user data, and updates campaign optimization. Google receives Enhanced Conversion data augmenting the standard gtag conversion. TikTok receives the server event for deduplication and optimization. GA4 receives the conversion for analytics.

Implementation effort: roughly 40-80 hours of work from a competent developer plus 8-15 hours of testing across all platforms. Ongoing monthly cost: $50-150 for Cloud Run hosting depending on traffic volume. Ongoing maintenance: minimal once stable, perhaps 2-5 hours monthly for monitoring and adjustments.

The performance impact for a brand at this scale: typically 15-30% improvement in attributed conversions within Meta and Google reporting, 20-40% improvement in iOS conversion visibility specifically, measurable CPA reduction over 60-90 days as campaign optimization improves on the cleaner signal. For a brand spending BDT 30 lakh monthly on ads, this implementation typically pays back in the first month and compounds value indefinitely afterward.

This is what a properly engineered tracking stack looks like in production. The components aren't exotic. The implementation isn't beyond reach for any agency or in-house team that's willing to do it properly. The reason most Bangladeshi brands don't have this is that the work is invisible from outside, the benefits show up gradually over weeks rather than immediately, and most agencies sell campaign management rather than the underlying tracking infrastructure that determines whether campaign management actually works.

If you're running paid acquisition at any meaningful scale and your tracking architecture doesn't look something like this, that's where your performance improvement opportunity lies — not in another creative refresh or audience experiment, but in fixing the signal foundation that everything else runs on.