.svg)
Your Facebook ads were crushing it last week. This week? Conversions have vanished from Events Manager, your cost per acquisition doubled overnight, and you're staring at a plummeting Event Match Quality score wondering what just broke. The culprit is usually your Facebook Conversion API—and the worst part is that CAPI issues rarely announce themselves with obvious errors. They just quietly stop sending accurate data to Meta's algorithm, leaving your campaigns to optimize on incomplete information while your budget drains away.
Facebook Conversion API problems manifest in frustrating ways. You might see conversions happening in your CRM but not appearing in Events Manager. Your Event Match Quality might drop from 8.5 to 3.2 with no explanation. Sometimes you'll notice duplicate events inflating your conversion counts, making your campaigns look more successful than they actually are. Other times, your server-side events simply stop flowing altogether, and you won't realize it until you check your tracking setup days later.
The technical complexity of CAPI makes troubleshooting feel overwhelming. You're dealing with access tokens, SHA-256 hashing, Unix timestamps, event deduplication logic, and parameter formatting requirements that Meta enforces strictly but doesn't always communicate clearly. One misconfigured parameter can tank your entire implementation. One expired token can silently kill your tracking without sending you a single notification.
This guide cuts through that complexity with a systematic troubleshooting process. We'll walk through exactly how to diagnose your specific CAPI issue, verify your authentication setup, fix parameter formatting problems, resolve deduplication conflicts, and validate that everything works before you push changes live. Whether you're a developer implementing CAPI for the first time or a marketer trying to fix a broken setup, you'll find the specific steps you need to restore accurate tracking and get Meta's algorithm the quality conversion data it requires to optimize your campaigns effectively.
Before you start changing code or regenerating tokens, you need to understand exactly what's broken. Facebook Events Manager contains all the diagnostic information you need, but you have to know where to look and what the numbers actually mean.
Navigate to your Events Manager and select the pixel associated with your website. Click on the "Overview" tab first. This dashboard shows your total event volume, error rates, and the split between browser events (from your Pixel) and server events (from CAPI). If your server events show zero volume or a sudden drop, you've immediately identified that CAPI isn't sending data at all. If error rates spike above 5%, you have parameter or authentication problems.
Next, click into the "Server Events" section specifically. This isolates only the events coming through your Conversion API implementation, filtering out browser-based Pixel data. Look at the event volume over the past 7 days. A healthy CAPI setup shows consistent daily volume with minimal fluctuation. Sudden drops indicate your server stopped sending events. Gradual declines might mean your access token is approaching expiration or your server is experiencing intermittent connectivity issues.
The Event Match Quality score is your most important diagnostic metric. Click on "Event Match Quality" in the left sidebar. You'll see scores for each event type you're tracking—Purchase, Lead, AddToCart, etc. These scores range from 0 to 10, with higher numbers indicating better customer data matching. Scores below 6.0 signal that you're missing critical customer information parameters or formatting them incorrectly. Scores below 4.0 mean your CAPI implementation is barely functional and Meta's algorithm has almost no useful data to work with.
Click into individual event types to see which specific customer data parameters you're missing. Events Manager shows you exactly which fields you're sending (email, phone, name, location data) and which ones you're not. If you see "0% of events include email" or "0% of events include phone," you've found a major problem. Meta needs this customer information to match your conversions to actual Facebook users, and without it, your Facebook conversion attribution suffers dramatically.
Check the "Activity" tab to see recent error messages. Meta logs specific errors when your CAPI requests fail—authentication errors, invalid parameter formats, missing required fields, or malformed data. These error messages often contain the exact parameter name causing problems, making them invaluable for troubleshooting. Screenshot any error messages you find before moving to the next step.
Finally, compare your browser events to your server events for the same time period. They should show similar volumes if you're sending the same conversions through both channels. Major discrepancies indicate either missing deduplication (causing duplicate events) or events being sent through only one channel when they should go through both. Document what you find—this comparison reveals whether you have a deduplication problem or a coverage gap.
Authentication failures are the most common reason CAPI stops working, and they're particularly frustrating because Meta doesn't send you an email when your token expires. Your tracking just silently fails, and you won't know until you check.
Access tokens for Facebook Conversion API come in two types: personal tokens tied to your individual Facebook account, and System User tokens tied to your Business Manager. If you're using a personal token, stop immediately. Personal tokens expire frequently, require the associated Facebook account to remain active, and break whenever that person's password changes or they lose admin access. System User tokens are the professional solution—they're tied to your Business Manager entity, not an individual, and they can be configured to never expire.
To check your current token, you'll need to locate where it's stored in your implementation. If you're using a third-party platform or plugin, check the settings panel where you originally entered your CAPI credentials. If you built a custom integration, check your server environment variables or configuration files. Copy the token value (it's a long string of characters) and head to Meta's Graph API Explorer.
In Graph API Explorer, paste your access token into the "Access Token" field at the top right. Click the information icon next to the token field—this shows you the token's permissions, expiration date, and which Business Manager it's associated with. Verify three things: First, the token hasn't expired (or is set to "Never expires" for System User tokens). Second, it includes the "ads_management" and "business_management" permissions at minimum. Third, it's associated with the correct Business Manager and the correct ad account where your pixel lives.
If your token has expired or lacks the right permissions, you need to generate a new one. Navigate to Business Settings in your Business Manager, then click "System Users" under the Users section. If you don't have a System User yet, create one specifically for server-side tracking. Give it "Admin" access to your pixel and ad account. Then click "Generate New Token," select the required permissions (ads_management, business_management, and business_extension if you're also syncing offline conversions), and set the token to never expire.
Copy the new token immediately—Meta only shows it once. Store it securely in a password manager or encrypted environment variable system. Never commit access tokens directly into your codebase where they could be exposed in version control. Update your CAPI implementation with the new token, restart your server or application to ensure the change takes effect, and then test immediately using the diagnostic steps from Step 1.
One often-overlooked permission issue: verify that the System User has access to the specific pixel you're trying to send events to. In Business Settings, click "Data Sources," select your pixel, and confirm your System User appears in the list of people and systems with access. If it's missing, add it with "Manage Pixel" permissions. Without this explicit pixel access, your token won't be able to send events even if it has the correct API permissions. For a complete walkthrough of the authentication process, review our Facebook Conversion API setup guide.
Low Event Match Quality scores almost always trace back to missing or incorrectly formatted customer data parameters. Meta's algorithm relies on this information to match your server-side conversion events to actual Facebook users, and when the data is wrong, your attribution falls apart.
Facebook Conversion API requires customer information parameters to be hashed using SHA-256 before you send them. This means you cannot send plain text email addresses, phone numbers, or names—they must be cryptographically hashed first. Many implementations break because they either skip hashing entirely (sending raw data that Meta rejects) or hash the data incorrectly (producing invalid hashes that don't match anything in Meta's system).
The hashing process has strict formatting requirements. Email addresses must be converted to lowercase and trimmed of any whitespace before hashing. If you hash "John@Example.com" instead of "john@example.com," the hashes won't match and Meta won't recognize the user. Phone numbers must include the country code and contain only digits—no spaces, dashes, or parentheses. A US phone number should look like "14155551234" before hashing, not "(415) 555-1234."
Names require similar preprocessing. First names and last names should be lowercase, trimmed, and have special characters removed. If someone enters "O'Brien" as their last name, convert it to "obrien" before hashing. City names should be lowercase with spaces removed—"New York" becomes "newyork." State codes should be two-letter abbreviations in lowercase—"CA" becomes "ca." Zip codes should be numbers only for US addresses, or the first portion for international postal codes.
The most impactful parameters for Event Match Quality are email (em), phone (ph), first name (fn), last name (ln), city (ct), state (st), zip code (zp), and country (country). Adding these parameters can raise your Event Match Quality from 3.0 to 8.5 or higher. Even if you only collect email addresses from customers, sending that single properly hashed parameter dramatically improves matching compared to sending no customer data at all.
Beyond customer data, verify you're including the required technical parameters. The action_source parameter is mandatory—set it to "website" for conversions happening on your site. The event_time parameter must be a Unix timestamp (seconds since January 1, 1970) and must be within 7 days of when the conversion actually occurred. If you're sending historical data or your server clock is wrong, events get rejected. The event_name parameter must exactly match Facebook's standard event names—"Purchase," not "purchase" or "PURCHASE."
Include the event_source_url parameter with the full URL where the conversion occurred. This helps Meta understand context and improves attribution accuracy. Add the user_agent parameter containing the customer's browser user agent string if you have it—this provides additional matching signals. The fbp and fbc parameters (Facebook browser and click IDs) should be passed from your browser-side Pixel implementation to your server-side CAPI code, then included in server events for better deduplication and attribution.
Test your parameter formatting before deploying to production. Hash a known email address using your implementation, then manually hash the same email using an online SHA-256 tool with the correct preprocessing. The hashes should match exactly. If they don't, you have a formatting bug in your preprocessing logic. Fix it before sending real customer data, because incorrect hashes can't be corrected retroactively—you'll need to wait for new conversions to flow through your fixed implementation. Our conversion API setup guide covers parameter formatting in detail.
Sending the same conversion through both your Facebook Pixel and Conversion API is a best practice—it provides redundancy and improves data accuracy. But without proper deduplication, you'll count every conversion twice, inflating your metrics and making optimization decisions based on incorrect data.
Facebook's deduplication system works by matching event_id values across browser and server events. When Meta receives two events with the same event_name and event_id within a 48-hour window, it keeps only one and discards the duplicate. The key is generating a unique, consistent event_id for each conversion and passing that exact same ID to both your Pixel and your CAPI implementation.
The best event_id values are transaction IDs, order numbers, or UUIDs generated at the moment of conversion. For purchase events, use your order ID—it's already unique per transaction and available to both your frontend JavaScript and backend server code. For lead events, generate a UUID when the form submits successfully, store it in a hidden form field or JavaScript variable, and pass it to both tracking implementations. The critical requirement is that both the browser event and server event use the identical event_id string.
Timing matters for deduplication. Meta only deduplicates events that arrive within 48 hours of each other. If your browser Pixel fires immediately but your server-side event doesn't send until 3 days later (perhaps because it waits for payment processing to complete), they won't deduplicate even with matching event_ids. Send server events as close to real-time as possible. If you must delay server events for business logic reasons, consider sending a preliminary server event immediately with the same event_id, then sending a subsequent event with updated parameters once your processing completes.
Check whether deduplication is actually working by reviewing the "Deduplicated Events" metric in Events Manager. Navigate to your pixel's Overview tab and look for the deduplication statistics. If you're sending events through both channels but seeing zero deduplicated events, your event_ids aren't matching. Common causes include: generating different IDs on the client vs server, formatting the ID differently (adding prefixes or suffixes on one side), or failing to pass the ID from your frontend to your backend at all.
Avoid the opposite problem: sending events only through CAPI when your Pixel is also active and firing the same events. This creates attribution gaps because browser-based events capture different information (like click IDs and browsing behavior) that server events miss. The optimal setup sends conversions through both channels with proper deduplication. This gives Meta maximum data to work with while avoiding double-counting. If your Facebook Pixel is missing conversions, you may have the opposite problem where browser events aren't firing correctly.
If you're migrating from Pixel-only to a Pixel plus CAPI setup, implement deduplication from day one. Don't run both in parallel without it "just to test"—you'll immediately corrupt your conversion data and won't be able to separate which conversions are real and which are duplicates. Build the deduplication logic first, test it with Meta's Test Events tool to verify matching event_ids appear correctly, then deploy both implementations simultaneously.
After making configuration changes, don't assume everything works. Facebook provides specific testing tools designed to validate your CAPI implementation before real customer data flows through it.
Start with Meta's Test Events tool in Events Manager. Click on your pixel, then select "Test Events" from the left sidebar. This tool shows you a live stream of events as they arrive, whether from your browser Pixel or your server-side CAPI. You can send test conversions and immediately see if they appear correctly, what parameters they contain, and whether any errors occurred.
To test CAPI specifically, use the test_event_code parameter in your server requests. Generate a test code in the Test Events interface—it's a random string that Meta uses to identify your test events. Add this test_event_code to your CAPI payload temporarily, send a test conversion from your server, and watch it appear in the Test Events stream within seconds. This confirms your server can reach Meta's API, your access token works, and your events are formatted correctly.
Check the HTTP response codes your server receives when sending CAPI events. A 200 response means Meta accepted the event successfully. A 400 response indicates a parameter error—the response body will contain specific details about which parameter is malformed or missing. A 401 response means authentication failed, usually indicating an expired or invalid access token. A 500 response suggests a problem on Meta's side, though this is rare. Log these responses in your server application so you can diagnose issues even after they occur.
Use Meta's Conversions API Payload Helper before deploying changes to production. This tool validates your event payload structure without actually sending the event to your pixel. You can paste in your JSON payload, and the tool checks for required parameters, correct formatting, proper hashing, and common mistakes. It's faster than trial-and-error testing with real events and catches errors before they impact your live tracking. Understanding what Conversion API is and how it processes data helps you interpret these validation results.
After deploying fixes, monitor Events Manager continuously for 24 to 48 hours. Watch for consistent event flow—no sudden drops or spikes that indicate intermittent problems. Check that Event Match Quality scores improve within 24 hours as properly formatted customer data starts flowing through. Verify that error rates drop to near zero. Compare event volumes to your expected conversion rates to ensure you're capturing everything.
Test deduplication specifically by triggering a conversion that fires both Pixel and CAPI events, then checking Events Manager to confirm only one event appears in your final metrics. Look for the "Deduplicated Events" count to increment. If you see two Purchase events when you only made one test purchase, deduplication isn't working and you need to revisit Step 4.
Fixing your CAPI implementation once isn't enough. Access tokens can expire, server configurations can change, Meta can update API requirements, and tracking can break again without warning. Ongoing monitoring catches issues before they damage your campaigns.
Set up automated alerts for Event Match Quality drops. Many attribution platforms and monitoring tools can notify you when your EMQ score falls below a threshold you define. If your score typically sits at 8.0 and suddenly drops to 5.0, you want to know immediately—not discover it during your weekly review when you've already lost days of accurate data. Configure alerts to trigger when scores drop by more than 1.5 points or fall below 6.0.
Create a weekly review process for your tracking setup. Every Monday, spend 15 minutes in Events Manager checking: total event volume compared to the previous week, error rates in the Overview tab, Event Match Quality scores for your key conversion events, and the deduplicated events count to ensure deduplication still works. Document these numbers in a spreadsheet so you can spot trends—gradual declines often indicate problems developing before they become critical.
Document your CAPI configuration thoroughly. Write down which System User generates your access token, when it expires (if ever), which parameters you send for each event type, how you generate event_ids, and where the implementation lives in your codebase. When something breaks at 2am and you need to troubleshoot quickly, this documentation saves hours. When a team member leaves and someone new takes over tracking, they can understand the setup without reverse-engineering everything.
Build redundancy into your tracking architecture. Don't rely solely on CAPI—keep your browser Pixel active as a backup. Don't rely solely on one attribution platform—consider whether a dedicated server-side tracking solution could handle CAPI maintenance automatically while you focus on campaign optimization. The goal is resilience: if one component fails, you still have conversion data flowing to Meta's algorithm. Learn more about fixing broken conversion tracking to build a more resilient system.
Consider whether managing CAPI manually makes sense for your team's resources and technical capabilities. Server-side tracking platforms handle token refreshes automatically, maintain parameter formatting as Meta's requirements evolve, manage deduplication logic, and provide monitoring dashboards that alert you to issues immediately. For teams running significant ad spend across multiple platforms, the time saved and errors prevented often justify moving tracking infrastructure to a specialized platform rather than maintaining custom implementations.
Fixing Facebook Conversion API requires methodical troubleshooting rather than guesswork. Start in Events Manager to diagnose exactly what's broken—low Event Match Quality, missing events, authentication errors, or deduplication problems. Verify your access token hasn't expired and includes the necessary permissions. Fix parameter formatting by correctly hashing customer data and including all required fields. Implement proper deduplication with matching event_ids across browser and server events. Test everything using Meta's tools before deploying to production, then monitor continuously to catch future issues early.
The checklist is straightforward: check your token and permissions, hash customer data correctly with proper preprocessing, include all required parameters especially action_source and event_time, match event_ids across both tracking channels within 48 hours, and validate using Test Events before going live. Work through each step systematically, and you'll identify the specific problem causing your CAPI issues.
Once your Conversion API sends clean, properly matched data, Meta's algorithm can optimize your campaigns far more effectively. Higher Event Match Quality scores mean better attribution, which leads to more accurate optimization and lower costs per conversion. The difference between a 4.0 EMQ score and an 8.5 score is often the difference between campaigns that struggle and campaigns that scale profitably. For comprehensive guidance on accurate Facebook conversion tracking, review our complete implementation framework.
For teams managing substantial ad budgets across Facebook, Google, TikTok, and other platforms, maintaining multiple CAPI implementations manually becomes increasingly complex. Each platform has different requirements, different parameter formats, different authentication systems. Attribution platforms like Cometly handle server-side tracking automatically across all your advertising channels, feeding enriched conversion data back to Meta while eliminating the manual maintenance that causes these issues in the first place. The platform captures every touchpoint in your customer journey, sends properly formatted events to each ad platform's API, and provides AI-driven recommendations for scaling your best-performing campaigns. Learn how to sync conversion data to Facebook Ads automatically.
Whether you fix CAPI manually following this guide or adopt a platform to manage it automatically, the goal remains the same: give Meta's algorithm the accurate, complete conversion data it needs to find your best customers and optimize your ad delivery. Clean data is the foundation of profitable advertising. Everything else—creative, targeting, bidding strategies—builds on that foundation. Fix your tracking first, and your campaigns will improve as a direct result.
Ready to elevate your marketing game with precision and confidence? Discover how Cometly's AI-driven recommendations can transform your ad strategy—Get your free demo today and start capturing every touchpoint to maximize your conversions.
Learn how Cometly can help you pinpoint channels driving revenue.
.svg)
Network with the top performance marketers in the industry
