CapiFlow – Conversions API (CAPI) Tracking for WooCommerce

CapiFlow sends supported WooCommerce events from your server to Meta’s Conversions API (CAPI) — helping reduce the impact of browser-side tracking limitations like ad blockers, Safari ITP, and Firefox ETP.

Why Server-Side Tracking Matters

When the Meta pixel is blocked, event data may not reach Meta — affecting ad optimization. CapiFlow complements the browser pixel by sending events server-side with a matching event_id for deduplication.

How It Works

1. Install & Activate — Setup wizard launches automatically
2. Enter Pixel ID + Access Token — From Meta Events Manager
3. Click Test Connection — Events start flowing

No theme edits. No GTM server container required. No separate server-container subscription needed for the built-in Meta CAPI workflow.

Core Features

Server-Side Event Tracking

• 🎯 7 Standard Events — Purchase, InitiateCheckout, AddPaymentInfo, AddToCart, ViewContent, Search, PageView
• 🔄 Deduplication — Browser pixel and server events share the same event_id to support Meta’s deduplication
• 🛡️ First-Party Event Endpoint — Browser events can be delivered through your own domain where configured
• 🔐 SHA-256 PII Hashing — Email, phone, name hashed before leaving your server

Event Match Quality Support — fbc, fbp, external_id, client IP, user agent, and hashed customer data (email, phone, name) for logged-in users.

Analytics & Monitoring

• 📈 Dashboard — event breakdown and source attribution
• 🔍 Debug console — payloads and Meta API responses
• 🏥 System health — token, queue, connection test
• 🛒 Cart monitor — abandoned cart summary

Data Quality & Control

• 📞 Phone validation at checkout
• 🔒 COD Purchase gate — hold events until admin confirms
• 📋 Order metabox and columns — per-order CAPI status

Developer Tools

• 🔧 Code injection — GTM, analytics, chat widgets (admin-only)
• 🪝 Filter hooks — capiflow_proxy_url, capiflow_has_tracking_consent
• 📦 HPOS compatible — WooCommerce High-Performance Order Storage support
• ⏱️ Action Scheduler queue — async event delivery with retry logic

CapiFlow Pro

CapiFlow Pro is a separate addon that extends the free plugin with:

• Phone reputation scoring and fraud detection
• Negative Purchase events for cancelled/refunded orders
• Multi-pixel and category-based pixel routing
• COD auto-confirm with courier integration
• Real-time EMQ score display from Meta API
• Blacklist management for known fraud patterns
• Advanced order quality tools

Learn more on the CapiFlow website.

Compatibility

• Gateways: bKash, Nagad, SSLCommerz, Stripe, PayPal, COD, and all standard WooCommerce gateways
• Themes: Any theme — Classic, Block (FSE), page builders
• WooCommerce: HPOS and legacy post-based orders
• Consent: CookieYes, Complianz, CookieBot, GDPR Cookie Consent, custom filter hook

Requirements

• WordPress 6.0+
• WooCommerce 7.0+
• PHP 7.4+
• OpenSSL PHP extension
• Meta Pixel ID and System User Access Token

External Services

This plugin connects to the following third-party services:

Meta (Facebook) Conversions API

CapiFlow sends WooCommerce event data to the Meta Conversions API via: https://graph.facebook.com/

This connection is made from your server to Meta’s servers when a configured tracking event occurs. No data is sent until a valid Pixel ID and Access Token are configured.

Data transmitted includes:

• Hashed email, phone, first and last name (SHA-256)
• Client IP address and Browser User Agent
• Meta Click ID (_fbc) and Browser ID (_fbp) cookies
• Order total, currency, and event metadata

All personal data is SHA-256 hashed before transmission.

• Meta Terms of Service
• Meta Privacy Policy
• Meta Platform Terms

Meta Pixel JavaScript SDK

This plugin loads the Meta Pixel SDK from: https://connect.facebook.net/en_US/fbevents.js

Loaded on frontend pages when a Pixel ID is configured. The SDK is hosted by Meta.

• Meta Terms of Service
• Meta Privacy Policy

Privacy

For server-side events, all personal data is SHA-256 hashed before transmission. For browser events, the Meta Pixel SDK handles hashing via Advanced Matching. This plugin does not store raw PII in its own tables. See Meta’s privacy policy.

Cookies

• cs_uid — Random visitor identifier for external_id deduplication. 180 days. No PII.
• _fbc — Meta Click ID. Set by Meta SDK on ad click. CapiFlow reads/extends server-side. 180 days.
• _fbp — Meta Browser ID. Set by Meta SDK. CapiFlow reads/extends server-side. 180 days.

All cookies are first-party and contain no personally identifiable information.

Data Storage

• {prefix}_capiflow_events — Queued/sent event payloads. Auto-purged after delivery.
• {prefix}_capiflow_analytics — Daily aggregated analytics. Auto-purged by retention settings.
• Order metadata with _capiflow_ prefix. Removed on uninstall if “Keep Data” is disabled.
• Logs in wp-content/uploads/capiflow-logs/ with .htaccess protection. Auto-cleaned daily.

Consent

By default, events fire once configured. Enable “Consent Enforcement” in Settings to respect CMP signals for both browser and server events.

Supported CMPs: CookieYes, Complianz, CookieBot, GDPR Cookie Consent. Custom integration via capiflow_has_tracking_consent filter.

When Consent Enforcement is enabled, browser and server-side events are blocked until valid tracking consent is detected.

Store owners are responsible for lawful consent configuration where required by privacy regulations.