πŸ” OpenCart Server-Side Tagging: Capturing Email & Phone as First-Party Data

Standard

In a privacy-first digital world, first-party data such as email and phone number are critical for accurate ad attribution, audience building, and conversion trackingβ€”especially for Meta CAPI, Google Ads Enhanced Conversions, and server-side GA4.

βœ… Why Capture First-Party Identifiers?

Purpose Benefit
Meta CAPI Matching Increases match quality and conversion attribution
Google Ads Enhanced Conversions Helps match conversions to ads without relying on cookies
Cross-device tracking Powers persistent user identity across devices
Compliance You control how and where data flows

🧰 Prerequisites

  • OpenCart v3.x or v4.x with checkout customization access
  • Google Tag Manager Web + Server-Side containers deployed
  • Domain mapped for ssGTM (e.g., gtm.yoursite.com)
  • Basic consent mechanism (CMP or manual logic)
  • Google Ads & Meta Pixel Conversion setup

πŸš€ Step-by-Step Implementation

πŸ”Ή Step 1: Extract Email & Phone After Checkout

Edit catalog/controller/checkout/success.php and extract order data:

$order_id = $this->session->data['order_id'];
$order_info = $this->model_checkout_order->getOrder($order_id);

// Sanitize and hash
$email_clean = strtolower(trim($order_info['email']));
$phone_clean = preg_replace('/\D/', '', $order_info['telephone']);

$email_hashed = hash('sha256', $email_clean);
$phone_hashed = hash('sha256', $phone_clean);

βœ… This hashes PII before any browser exposure.

πŸ”Ή Step 2: Inject Hashed Data into success.twig

Pass hashed values to the template:

$data['user_hash_data'] = json_encode([
  'email' => $email_hashed,
  'phone' => $phone_hashed,
  'event_id' => uniqid('purchase_', true)
]);

In success.twig, push to the dataLayer:

{% if user_hash_data %}
<script>
window.dataLayer = window.dataLayer || [];
dataLayer.push({
  event: 'purchase',
  user_data: {{ user_hash_data|raw }},
  ecommerce: {
    transaction_id: '{{ order_id }}',
    value: '{{ total }}',
    currency: '{{ currency }}'
  }
});
</script>
{% endif %}

βœ… At this point, your GTM Web Container can access user_data.email and user_data.phone.

πŸ”Ή Step 3: Create GA4 and Ads Tags in Web GTM

Create GA4 Event Tag

  • Event Name: purchase
  • Parameters:
    • transaction_id, value, currency
    • Custom parameter: user_data_email, user_data_phone (if passing to GA4 directly)

βœ… More often, you’ll pass these directly to Server GTM, not GA4.

Trigger: Custom Event = purchase

πŸ”Ή Step 4: Send Data to Server-Side GTM

In GA4 Event Tag (Web), set:

Field Name Value
transport_url https://gtm.yoursite.com

βœ… This routes your purchase event and associated user_data to the server.

πŸ”Ή Step 5: Handle Data in Server-Side GTM

1. Create Variables:

  • Event Data β†’ user_data.email
  • Event Data β†’ user_data.phone
  • Event Data β†’ ecommerce.transaction_id
  • Event Data β†’ event_id

2. Create Tags:

πŸ…°οΈ Google Ads Enhanced Conversion (Server Tag)

  • Tag Type: Google Ads Conversion
  • Include:
    • email: {{ user_data.email }}
    • phone_number: {{ user_data.phone }}
    • transaction_id, currency, value, event_id
  • Trigger: purchase

βœ… Google will hash this again before processing.

πŸ…±οΈ Meta CAPI HTTP Request Tag

  • Use Meta CAPI tag template
  • Fields:
    • em: {{ user_data.email }}
    • ph: {{ user_data.phone }}
    • event_name: Purchase
    • event_id: {{ event_id }}
    • action_source: website
    • currency, value, transaction_id

βœ… Improves match quality in Meta by 30–40% for some accounts.

πŸ”Ή Step 6: Deduplicate and Validate

Use event_id to deduplicate conversions across:

  • Web β†’ Google Ads
  • Server β†’ Google Ads
  • Web β†’ Meta Pixel
  • Server β†’ Meta CAPI

Both platforms support deduplication based on event_id.

πŸ”Ή Step 7: Test Your Implementation

Use:

  • GA4 DebugView for real-time event monitoring
  • Server GTM Preview mode to verify incoming values
  • Meta CAPI Test Events in Events Manager
  • Google Ads Enhanced Conversion Troubleshooter (under Tools > Conversions)

πŸ” Security & Compliance Best Practices

Action Purpose
Hash emails/phones in backend Prevent raw PII exposure in browser
Use first-party domain (gtm.yoursite.com) Ensures cookies persist
Honor consent Only fire tags if user agrees
Log events in Server GTM Monitor anomalies
Use secure headers Restrict spoofed incoming traffic

πŸ“¦ Summary Flow

[OpenCart Checkout (PHP)]
       ↓
[Hash Email & Phone β†’ Twig β†’ dataLayer.push()]
       ↓
[Web GTM β†’ GA4 Tag β†’ Server Endpoint]
       ↓
[Server GTM]
   ↓           ↓
[Google Ads]  [Meta CAPI]

πŸ§ͺ QA Checklist

Item Status
Email & phone hashed in backend βœ…
dataLayer push has user_data βœ…
GTM tags triggered with correct values βœ…
Server GTM receives and parses data βœ…
Tags sent to Meta and Google Ads βœ…
event_id used for deduplication βœ…

Related posts:

Default ThumbnailServer-side Tracking Facebook Conversions API (CAPI) with Event Match Quality Default ThumbnailπŸ” Facebook Pixel + Conversions API (CAPI) Setup in OpenCart via GTM (Web + Server-Side) Default ThumbnailGoogle Ads Enhanced Conversions with Server-Side Tagging Default ThumbnailFacebook Ads Enhanced Conversion Tracking Strategy in OpenCart (Web + Server-Side GTM) Default ThumbnailPreventing Duplicate Conversions in Server-Side eCommerce Setup Default ThumbnailπŸ”„ Tracking Refunds & Returns Server-Side for Clean ROAS Reporting in OpenCart Default ThumbnailπŸ”„ Snapchat Pixel + CAPI Implementation for OpenCart Product Sales (Web + Server-Side GTM) Default Thumbnail🎯 OpenCart TikTok Conversion API (CAPI) Server-Side Tracking Using GTM

Leave a Reply

Your email address will not be published. Required fields are marked *