In just a few clicks, businesses can deploy the Conversions API Gateway from a self-serve flow within Meta Events Manager. The setup flow deploys a server instance on the business’ behalf, using their third-party cloud provider,such as Amazon Web Service (AWS) or Google Cloud Platform (GCP).
To deploy Conversions API Gateway, businesses can use a self-serve flow within Meta Events Manager. In a few clicks, a server instance is configured and deployed on the business’ behalf within their third-party cloud provider account.
Conversions API Gateway is then served from a subdomain of the website that reports web events, also called the first-party domain (this domain must be in the same eTLD+1 as the reporting Meta Pixel). When configured with a first-party domain, Conversions API Gateway can help direct the flow of data through the business’s trusted infrastructure only.
Before you can deploy Conversions API Gateway, you’ll need the following properties and access:
Recommended: Enable Advanced Matching on your Meta Pixel to help maximize the performance of your Conversions API Gateway integration. With Advanced Matching, you can send hashed customer contact information along with your Pixel events, which can help you attribute more conversions and reach more people. See more details here.
Businesses can choose to deploy Conversions API Gateway on their existing third-party cloud account, or on a new cloud account separated from their main assets. Both options provide infrastructure isolation, as Conversions API Gateway is designed to have no interaction with business’ server-side assets. Conversions API Gateway is provisioned within the default Virtual Private Cloud network (VPC).
To function correctly, Conversions API Gateway requires the following inbound and outbound network traffic to be open. The default configuration only allows the required traffic.
Source | Destination | Protocol/Port | Description |
---|---|---|---|
Conversions API Gateway instance | 0.0.0.0/0 | All | Allow outbound connection to the internet from Conversions API Gateway to pass events to Meta and download packages from external repositories such as:
|
0.0.0.0/0 | Conversions API Gateway instance | TCP/80 | Allow inbound HTTP connection to Conversions API Gateway This port is automatically redirected to TCP/443 |
0.0.0.0/0 | Conversions API Gateway instance | TCP/443 | Allow inbound HTTPS connection to Conversions API Gateway Used by browsers to send events through websockets secure (WSS) or HTTPS |
Endpoints are secured via TLS and SSL, and in-transit data is encrypted. Conversions API Gateway exposes two internet-facing endpoints:
These endpoints are secured through TLS (TLS 1.2 and 1.3 are supported) and by using an SSL (default cipher list) certificate generated automatically during the server provisioning. The default certificate has a one year life time and renews regularly as long as two DNS records set up during installation are unchanged.
The default domain uses AWS Cloudfront endpoint. If a user sets up a custom domain, it uses AWS managed certificates. TLS is terminated at load balancer level before forwarding to private VPC.
To help reinforce the protections of Conversions API Gateway endpoints, businesses can use their preferred cloud-based security solutions (Web Application Firewall, anti-DDOS) from AWS or other third-party providers. Such protections are configured by proxying the Conversions API Gateway traffic through the corresponding service provider and allowing inbound traffic only from this service provider.
Conversions API Gateway stores configuration data and operational logs such as event statistics, and uses the instance disk storage for storing logs.
Instances using AWS as their third-party cloud provider will have logs stored in CloudWatch, and access to these logs is determined by AWS data access policies and any additional policies implemented within their organization. You may choose to share operational logs with your support contact.Learn more about extracting logs.
Conversions API Gateway server capacity is determined by the maximum number of instances configured. It can be decided during the installation or on the Conversions API Gateway Admin UI after installation.
Note that: