Cloudflare edge architecture for conversion routing
Why TrackStack routes conversions on Cloudflare Workers: low latency, first-party domains, durable retries, and platform adapters without shipping secrets to the browser.
- Cloudflare Workers
- edge
- architecture
- CAPI
Problem: You considered self-hosting Meta CAPI on Vercel serverless functions. Cold starts, regional latency, and credential sprawl across ten ad APIs pushed you to look for an edge-native design.
Why edge for conversions
Conversion events are latency-sensitive for attribution windows and burst during checkout. Edge workers run close to users, accept first-party ingest quickly, and forward to ad platform regions without blocking your Next.js render path.
Secrets — Meta access tokens, Google OAuth refresh tokens — stay on the edge and in encrypted dashboard storage, not in NEXT_PUBLIC_* variables.
Request flow
The browser SDK POSTs canonical events to your public key endpoint (or custom domain). The worker validates origin allowlists, enriches with platform mappings from Configure metadata, hashes PII per destination spec, and fans out parallel CAPI calls.
Responses are persisted for delivery logs. Failures enter retry queues; permanent errors land in DLQ for replay.
Browser → first-party edge (Workers)
→ adapter: Meta / Google / LinkedIn / TikTok / …
→ delivery log + retry/DLQOperational advantages
One deploy surface updates all platform adapters when Meta bumps API versions. You do not redeploy customer Next.js apps for mapping fixes.
Workers scale with traffic spikes — Black Friday, product launch webinars — without provisioning serverless concurrency per destination.
What you still own in-app
The SDK remains thin: capture, identify, optional PostHog proxy. Business rules — when to fire StartTrial vs Purchase — live in your repo beside auth and billing.
See Platforms for per-destination behavior and required credentials.
Compared to sGTM on Cloud Run
Server-side GTM containers are another way to run tags on infrastructure you control. They optimize for marketer-owned tags, not typed canonical events with per-platform allowlists.
If engineering owns revenue instrumentation, an edge conversion router reduces moving parts versus maintaining GTM server containers and Stape hosting.
Sources
Official documentation and references cited in this article.
More in Engineering
First-party conversion tracking vs third-party pixels
Browser pixels and server-side CAPI solve different problems. Here is when to use each, how they complement each other, and what breaks when you rely on scripts alone.
Read postEvent deduplication between client and server
Sending the same conversion from browser and server without a shared event ID double-counts in ad platforms. Here is how dedup works at Meta, Google, and TikTok — and how to implement it in your app.
Read postWhy ad blockers break third-party pixels
uBlock Origin and filter lists like EasyList block requests to `facebook.net` and `google-analytics.com` by default. Understand the mechanism so you can design tracking that actually delivers.
Read postReady to fix your conversion pipeline?
Install the TrackStack SDK, route events to Meta and Google, and verify delivery from one dashboard.