Server-side conversion tracking

For reliable, tamper-proof conversions, send them from your backend after the order is confirmed. Server-side calls authenticate with your secret API key via the Authorization header — never the public site key, and never from the browser.

POST /api/v1/conversions
Authorization: Bearer SECRET_API_KEY

You supply the click_id yourself here. Capture it when the click first arrives (for example by reading the ConverStream first-party cookie) and persist it alongside the order so it's available when the conversion completes.

cURL

curl -X POST https://www.conver.stream/api/v1/conversions \
  -H "Authorization: Bearer API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"click_id":"abc123","revenue":50.00,"currency":"USD","external_conversion_id":"order_123"}'

Ruby (Net::HTTP)

require "net/http"
require "uri"
require "json"

uri = URI("https://www.conver.stream/api/v1/conversions")
http = Net::HTTP.new(uri.host, uri.port)
http.use_ssl = true

request = Net::HTTP::Post.new(uri)
request["Authorization"] = "Bearer API_KEY"
request["Content-Type"]  = "application/json"
request.body = {
  click_id: "abc123",
  revenue: 50.00,
  currency: "USD",
  external_conversion_id: "order_123"
}.to_json

response = http.request(request)
puts response.body # => {"success":true}

JavaScript (Node, fetch)

Run this server-side only, so your secret key is never exposed to the browser:

const res = await fetch("https://www.conver.stream/api/v1/conversions", {
  method: "POST",
  headers: {
    "Authorization": "Bearer API_KEY",
    "Content-Type": "application/json"
  },
  body: JSON.stringify({
    click_id: "abc123",
    revenue: 50.00,
    currency: "USD",
    external_conversion_id: "order_123"
  })
});

const data = await res.json();
console.log(data); // { success: true }

Error 401 Unauthorized — returned when the bearer token is missing or invalid:

{ "error": "unauthorized" }