Spotify Ads Manager
Datafly Signal delivers conversion events to Spotify Ads Manager through the Spotify Conversions API (CAPI) — Spotify’s server-to-server, tagless attribution surface. Instead of a browser pixel, Signal sends each conversion directly from your own server to Spotify, so attribution survives ad blockers, ITP, and cookie loss while keeping personal data first-party and hashed.
Prerequisites
- A Spotify Ads Manager account with an active advertising campaign.
- A CAPI data source created in Ads Manager (Events → Connect Data Source → Conversions API). Creating it yields a Connection ID (a UUID).
- A CAPI access token generated from the same screen (Generate Token). This token is separate from the OAuth token used by the rest of the Spotify Ads API, does not expire, and can be regenerated (up to 3 active tokens per connection).
Configuration
In Spotify Ads Manager:
- Go to Events → Connect Data Source → Conversions API.
- Submit the form to create the connection. Copy the Connection ID (UUID) shown.
- Click Generate Token and copy the CAPI access token. Store it somewhere safe — you may not be able to view it again.
Configure in Signal
-
In the Signal management UI, open Integrations and add Spotify Ads Manager.
-
Fill in the connection fields:
Field Description CAPI Access Token The long-lived Conversions API token from Ads Manager. Sent as a Bearer token. CAPI Connection ID The Connection ID (UUID) for your CAPI data source. -
Attach the integration to a pipeline and select the Spotify Ads Manager blueprint preset.
-
Save and enable the pipeline.
API Endpoint
Signal posts events to the Spotify Conversions API direct endpoint:
POST https://capi.spotify.com/capi-direct/events/
Authorization: Bearer <CAPI access token>
Content-Type: application/jsonThe request body carries your Connection ID at the root alongside an events array:
{
"capi_connection_id": "00000000-0000-0000-0000-000000000000",
"events": [
{
"event_name": "Purchase",
"event_time": { "seconds": 1717689600 },
"event_id": "evt_8f2c...",
"action_source": "WEB",
"event_source_url": "https://shop.example.com/thank-you",
"opt_out_targeting": false,
"user_data": {
"ip_address": "203.0.113.42",
"user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) ...",
"hashed_emails": ["b4c9a289323b21a01c3e940f150eb9b8c542587f1abfd8f0e1cc1ffc5e475514"],
"device_id": "a1b2c3d4-..."
},
"event_details": {
"amount": 49.99,
"currency": "USD",
"content_name": "order_10456"
}
}
]
}Identity Signals
Spotify CAPI requires at least one identifier per event for matching. Signal forwards:
| Signal source | CAPI field | Notes |
|---|---|---|
| Visitor IP | user_data.ip_address | Resolved server-side from the request. |
| User agent | user_data.user_agent | Forwarded as received. |
user_data.hashed_emails | Trimmed, lowercased, then SHA-256 hashed. Sent as a single-element array. | |
| Phone | user_data.hashed_phone_number | Normalised to E.164 then SHA-256 hashed. |
| Anonymous ID | user_data.device_id | Signal’s stable first-party identifier. |
Email and phone are hashed before they ever leave your server — Spotify only receives the SHA-256 digests, never raw PII.
Consent
Signal maps the visitor’s canonical marketing consent to Spotify’s opt_out_targeting flag. When marketing consent is denied (or absent), opt_out_targeting is set to true, so the event is still measured for conversion reporting but is excluded from retargeting.
Event Mapping
The default e-commerce preset maps Signal events to Spotify’s standard event names:
| Signal event | Spotify event_name |
|---|---|
page | Page_View |
Product Viewed | View_Product |
Product Added | Add_Cart |
Checkout Started | Start_Checkout |
Order Completed | Purchase |
Lead Generated | Lead |
Signed Up | Sign_Up |
Events not in the mapping are dropped. Spotify also supports Custom_Event_1 through Custom_Event_5 if you need additional event types.
Example
A purchase tracked with Datafly.js:
datafly.track("Order Completed", {
order_id: "order_10456",
revenue: 49.99,
currency: "USD"
});With the visitor’s email captured via identify, Signal produces the following CAPI event:
{
"capi_connection_id": "00000000-0000-0000-0000-000000000000",
"events": [
{
"event_name": "Purchase",
"event_time": { "seconds": 1717689600 },
"event_id": "evt_8f2c...",
"action_source": "WEB",
"event_source_url": "https://shop.example.com/thank-you",
"opt_out_targeting": false,
"user_data": {
"ip_address": "203.0.113.42",
"user_agent": "Mozilla/5.0 ...",
"hashed_emails": ["b4c9a289323b21a01c3e940f150eb9b8c542587f1abfd8f0e1cc1ffc5e475514"]
},
"event_details": {
"amount": 49.99,
"currency": "USD",
"content_name": "order_10456"
}
}
]
}Deduplication
Signal sets a unique event_id on every event. If you also run the Spotify browser pixel, keep the event_id consistent across both so Spotify can deduplicate the browser and server copies of the same conversion.
Testing
- Send a test conversion through your pipeline (for example, complete a test order).
- In Spotify Ads Manager → Events, open your CAPI connection’s diagnostics and confirm received and matched event counts increase.
- Verify event names appear under the expected standard types (e.g.
Purchase). - Confirm match quality — events with a hashed email or phone plus IP and user agent match at higher rates than IP-only events.
Troubleshooting
| Symptom | Likely cause | Fix |
|---|---|---|
401 Unauthorized | Invalid or revoked CAPI token | Regenerate the token in Ads Manager and update the integration. The token is separate from your Ads API OAuth token. |
403 Forbidden | Token does not have access to this connection | Confirm the token and Connection ID belong to the same CAPI data source. |
404 Not Found | Unknown capi_connection_id | Re-copy the Connection ID from Ads Manager. |
400 Bad Request | Missing identifier or malformed payload | Ensure at least one of email, phone, IP, or device ID is present on every event. |
| Events received but not matched | Weak identity signals | Capture email/phone via identify so Signal can send hashed match keys alongside IP and user agent. |
| Conversions missing from retargeting audiences | opt_out_targeting is true | This is expected when marketing consent is denied; the event is still measured but excluded from retargeting. |