Conversion Tracking
Integration guide for developers
When a visitor completes a sale, signup, or form submission, report it to ClickLens. The engine scores the conversion as its own event, with the same scrutiny it gives the click, then decides whether it is genuine. A conversion is positive evidence of a human, but it never overrides the engine's own judgement: a session the engine scored as a bot cannot whitewash itself into your ground truth by converting.
Already installed the tag? You report a conversion with one call. The same tag handles it, so there is no second snippet. If you have not installed yet, start with the install guide.
Report a conversion
Call clicklens('conversion', …)
when the conversion fires — on your thank-you page, or in the success handler of an
in-page form.
clicklens('conversion', { type: 'lead', value: 49, currency: 'USD' }); Options
| Option | Type | Notes |
|---|---|---|
type | string | One of lead, purchase, add_to_cart, signup, or custom. Anything else is recorded as custom. Defaults to custom when omitted. |
value | number | The conversion's value. Used to restate value on a down-weight. Non-numeric values are ignored. |
currency | string | ISO currency code for value, for example USD. |
All three options are optional —
clicklens('conversion')
on its own records a custom
conversion. The call sends a signed conversion beacon and returns immediately; it is
fire-and-forget, with nothing to await. The beacon also captures the page URL so the
click-id (gclid,
fbclid, and similar) is
recorded for reconciliation, even on a session that never stitched.
Automatic conversions
To report a lead
conversion on every form submit without writing any code, add
data-cl-auto-convert="true"
to the tag, or set autoConversion: true
in window.__clicklens.
<script defer src="https://app.clicklens.io/t.js" data-site="YOUR_SITE_KEY" data-cl-auto-convert="true"></script>
This is off by default, and it fires on every form on the page — a search
box or a newsletter input included. Turn it on only when every form is a genuine
conversion. Otherwise call clicklens('conversion', …)
from the specific form's success handler, which also lets you set
type and
value.
What the conversion beacon records
The conversion beacon snapshots the meta-timing and structure of how the conversion came to exist — the provenance of the submit. These seven signals fall into three families:
| Family | Signal | What it captures |
|---|---|---|
| Gesture authenticity | submitWasTrusted | Whether the submit carried the browser's trusted-event flag, set only by a real user action and never by a scripted submit. |
hadPrecedingPointerPath | Whether the pointer moved on the page before the conversion fired. | |
pasteWithoutFocusCount | How many fields were filled by a paste that never followed a focus — a scripted-autofill tell. | |
| Fill pattern | keystrokeFieldCount | How many distinct fields received keystrokes. |
fieldFillOrderEntropy | The entropy of the order in which fields were filled. A bot tends to fill in a rigid, low-entropy order. | |
interactionCount | The total number of field interactions recorded. | |
| Timing | msFromLoadToConversion | Milliseconds from page load to the conversion. A sub-second form fill is not a human typing. |
No personal data leaves the page. The beacon records the timing and structure of the submit, never field values, never what was typed, never an email or a name. It is provenance, not content.
How the conversion is judged
ClickLens combines three things: the session's stored humanness score, the submit provenance above, and the coherence of the journey that led to the conversion. The result is a graded verdict — pass, down-weight, or retract. Retraction carries the highest bar, because removing a real conversion is the costliest error. The conversion is recorded either way, so a click-id-keyed adjustment can be attempted later.
Acting on those verdicts — restating or retracting a conversion on your ad platform — is in measured rollout: today the dashboard shows the adjustment ClickLens would make before any gate changes data on real traffic. The conversion protection guide covers how a conversion is graded, what write-back does on each platform, and the holdout that measures the lift; the feature page sets out the full mechanism.
Server-side fallback
When you cannot run the tag at the moment of conversion — a purchase confirmed by a
Stripe webhook, say — report it from your backend with
POST /api/v1/sessions/convert.
Pass the session key the tag stored in
sessionStorage under
cl_sk; read it on the
frontend and hand it to your server.
This path carries the session key only, with none of the submit provenance above, so it
is a weaker signal than the
clicklens('conversion')
call. Use the tag call when you can, and this when you cannot.
Node.js
await fetch('https://app.clicklens.io/api/v1/sessions/convert', {
method: 'POST',
headers: {
'Content-Type': 'application/json',
'Authorization': 'Bearer YOUR_SITE_KEY',
},
body: JSON.stringify({ sessionKey }),
}); Python
import requests
requests.post(
"https://app.clicklens.io/api/v1/sessions/convert",
json={"sessionKey": session_key},
headers={
"Content-Type": "application/json",
"Authorization": "Bearer YOUR_SITE_KEY",
},
) cURL
curl -X POST https://app.clicklens.io/api/v1/sessions/convert \
-H "Content-Type: application/json" \
-H "Authorization: Bearer YOUR_SITE_KEY" \
-d '{"sessionKey": "SESSION_KEY_VALUE"}'
Replace YOUR_SITE_KEY
with the site key from Settings → Site Settings.
The site key is public and grants no dashboard access; the endpoint only accepts session
keys that already exist in your site's data.
Response codes
| Code | Meaning |
|---|---|
200 | Conversion recorded. The body is a uniform { "sessionKey": "...", "recorded": true } acknowledgement — it never reveals whether the conversion was accepted as verified-human ground truth, so a flagged caller cannot learn their session was caught. |
400 | Missing sessionKey in the request body. |
401 | Missing or invalid site key in the Authorization header. |
404 | No session matched the key — cookieless or ITP, or the call fired before any beacon. The conversion is still recorded against its click-id for later reconciliation, so a 404 here does not mean the conversion was dropped. |
FAQ
Can a bot fake a conversion to clear itself?
No. A conversion never overrides the engine's own judgement. Reporting a conversion
on a session the engine scored as a bot records the event but mints no human label, and a
conversion never overturns a stronger verdict — a honeypot, manual, or complaint
label stands.
Does reporting a conversion change the session's score?
The original session score is not changed. When a conversion is accepted as ground truth,
a verified label is stored alongside the score and used by the efficacy dashboard to
measure scoring accuracy over time.
Is it safe to call from the browser?
Yes. The tag call and the site key are both client-side by design. The site key identifies
your site but grants no access to your dashboard or data, and the server-side endpoint
only accepts session keys that already exist in your site's data.
Where do I find my site key?
In the dashboard, go to Settings → Site Settings.
Your site key is shown in the integration section alongside the tag snippet.