OpenCart Server-Side Tagging: Capturing Email & Phone as First-Party Data

Standard

Capturing first-party data like email and phone in a privacy-compliant way is essential for Enhanced Conversions, Meta CAPI, GA4 attribution, and audience building. With Server-Side Tagging in OpenCart, you can securely hash and forward these identifiers without exposing them in the browser.

๐Ÿงฐ Requirements

Tool Purpose
OpenCart 3.x/4.x Store with checkout success access
Web + Server GTM Containers Installed and linked
GA4 / Google Ads / Meta Pixel Platform integrations
HTTPS Domain For secure user data transfer
Consent Mechanism Required for lawful data capture (GDPR/CCPA)

๐ŸŽฏ Goal

Securely collect and pass email & phone:

  • ๐Ÿง  Hashed with SHA-256 before leaving OpenCart
  • ๐Ÿš€ Sent via GTM Web to ssGTM endpoint
  • โœ… Delivered to GA4, Google Ads (Enhanced Conversions), Meta CAPI

๐Ÿ“ฆ Step 1: Capture Email and Phone on Purchase

In catalog/controller/checkout/success.php:

$order_id = $this->session->data['order_id'];
$this->load->model('checkout/order');
$order_info = $this->model_checkout_order->getOrder($order_id);

$email = strtolower(trim($order_info['email']));
$phone = preg_replace('/\D/', '', $order_info['telephone']);

$data['hashed_email'] = hash('sha256', $email);
$data['hashed_phone'] = hash('sha256', $phone);
$data['event_id'] = uniqid('ss_', true);

๐Ÿงฉ Step 2: Push Data to dataLayer (success.twig)

In catalog/view/theme/*/template/checkout/success.twig:

<script>
window.dataLayer = window.dataLayer || [];
dataLayer.push({
  event: "purchase",
  event_id: "{{ event_id }}",
  email: "{{ hashed_email }}",
  phone: "{{ hashed_phone }}"
});
</script>

โœ… The dataLayer now holds hashed identifiers and a unique event_id.

๐Ÿ›ฐ๏ธ Step 3: Forward Data to Server-Side GTM

In GTM Web Container:

Tag Type: Custom HTML
Trigger: Event equals purchase

<script>
fetch('https://gtm.yoursite.com/event', {
  method: 'POST',
  headers: {
    'Content-Type': 'application/json'
  },
  body: JSON.stringify({
    event_name: 'purchase',
    email: '{{DL - email}}',
    phone: '{{DL - phone}}',
    event_id: '{{DL - event_id}}'
  })
});
</script>

๐Ÿง  Step 4: Setup Clients in Server-Side GTM

Enable these clients:

  • GA4 Client โ€“ For enhanced attribution
  • Google Ads Client โ€“ For Enhanced Conversions
  • Meta CAPI Client โ€“ For matching and optimization

Use event_id, email, phone, and other fields from the request body.

๐ŸŽฏ Step 5: Server-Side Tags Configuration

๐Ÿ“ŒGA4 Tag

Parameter Variable
email {{email}}
phone {{phone}}
event_id {{event_id}}
Event Name purchase

GA4 does not directly use email/phone yet, but this data can be logged or used for custom endpoints.

๐Ÿ“Œ Google Ads Enhanced Conversions Tag

Parameter Value
Conversion ID / Label From Google Ads
Email / Phone {{email}}, {{phone}} (hashed)
Event ID {{event_id}}
Event Name purchase

Google Ads uses hashed values for user matching and deduplication.

๐Ÿ“Œ Meta Conversions API Tag

{
  "event_name": "Purchase",
  "event_time": {{ timestamp }},
  "event_id": "{{event_id}}",
  "user_data": {
    "em": "{{email}}",
    "ph": "{{phone}}"
  },
  "custom_data": {
    "currency": "USD",
    "value": 49.99
  }
}

๐Ÿ” Step 6: Consent Compliance

Only include email/phone in your dataLayer if consent is granted:

{% if consent_granted %}
<script>
dataLayer.push({
  event: "purchase",
  email: "{{ hashed_email }}",
  phone: "{{ hashed_phone }}",
  event_id: "{{ event_id }}"
});
</script>
{% endif %}

Replace consent_granted with your platform’s consent variable.

๐Ÿงช Step 7: QA & Validation

Tool Use
GTM Preview (Web & Server) Validate email, phone, event_id
GA4 DebugView Track server events
Google Ads Conversion Diagnostics Match rate and Enhanced Conversion
Meta Events Manager โ†’ Test Events See hashed PII payloads

๐Ÿง  Pro Tips

Tip Why
Always hash on the backend Protects user data from browser leakage
Deduplicate with event_id Avoids double counting
Reuse same email for audience match Helps cross-session attribution
Use logging in ssGTM Debug data without sending to platforms

๐Ÿ“Š Example Attribution Path

User completes purchase
 โ†“
OpenCart hashes email & phone server-side
 โ†“
Pushes to dataLayer with event_id
 โ†“
Web GTM sends payload to ssGTM
 โ†“
ssGTM sends:
  - GA4 event with ID
  - Google Ads EC with PII
  - Meta CAPI with PII
 โ†“
Platforms match user โ†’ higher attribution

Related posts:

Default Thumbnail๐Ÿ” OpenCart Server-Side Tagging: Capturing Email & Phone as First-Party Data Default ThumbnailServer-side Tracking Facebook Conversions API (CAPI) with Event Match Quality Default ThumbnailServer-Side Tracking for Enhanced Attribution in a Privacy-First World Default Thumbnail๐Ÿ” Facebook Pixel + Conversions API (CAPI) Setup in OpenCart via GTM (Web + Server-Side) Default ThumbnailSet Up Server-Side GA4 Tracking for Enhanced Ecommerce tracking Default ThumbnailIntegrating Meta Pixel and Conversions API with Google Tag Manager Default ThumbnailServer-Side GTM Implementation for OpenCart with GA4 and Google Ads Default ThumbnailPreventing Duplicate Conversions in Server-Side eCommerce Setup

Leave a Reply

Your email address will not be published. Required fields are marked *