Conversion Tracking

Integration guide for developers

When a visitor completes a sale, signup, or form submission, report it to ClickLens. The engine scores the conversion as its own event, with the same scrutiny it gives the click, then decides whether it is genuine. A conversion is positive evidence of a human, but it never overrides the engine's own judgement: a session the engine scored as a bot cannot whitewash itself into your ground truth by converting.

Already installed the tag? You report a conversion with one call. The same tag handles it, so there is no second snippet. If you have not installed yet, start with the install guide.

Report a conversion

Call clicklens('conversion', …) when the conversion fires — on your thank-you page, or in the success handler of an in-page form.

clicklens('conversion', { type: 'lead', value: 49, currency: 'USD' });

Options

Option Type Notes
type string One of lead, purchase, add_to_cart, signup, or custom. Anything else is recorded as custom. Defaults to custom when omitted.
value number The conversion's value. Used to restate value on a down-weight. Non-numeric values are ignored.
currency string ISO currency code for value, for example USD.

All three options are optional — clicklens('conversion') on its own records a custom conversion. The call sends a signed conversion beacon and returns immediately; it is fire-and-forget, with nothing to await. The beacon also captures the page URL so the click-id (gclid, fbclid, and similar) is recorded for reconciliation, even on a session that never stitched.

Automatic conversions

To report a lead conversion on every form submit without writing any code, add data-cl-auto-convert="true" to the tag, or set autoConversion: true in window.__clicklens.

<script defer src="https://app.clicklens.io/t.js" data-site="YOUR_SITE_KEY" data-cl-auto-convert="true"></script>

This is off by default, and it fires on every form on the page — a search box or a newsletter input included. Turn it on only when every form is a genuine conversion. Otherwise call clicklens('conversion', …) from the specific form's success handler, which also lets you set type and value.

What the conversion beacon records

The conversion beacon snapshots the meta-timing and structure of how the conversion came to exist — the provenance of the submit. These seven signals fall into three families:

Family Signal What it captures
Gesture authenticity submitWasTrusted Whether the submit carried the browser's trusted-event flag, set only by a real user action and never by a scripted submit.
hadPrecedingPointerPath Whether the pointer moved on the page before the conversion fired.
pasteWithoutFocusCount How many fields were filled by a paste that never followed a focus — a scripted-autofill tell.
Fill pattern keystrokeFieldCount How many distinct fields received keystrokes.
fieldFillOrderEntropy The entropy of the order in which fields were filled. A bot tends to fill in a rigid, low-entropy order.
interactionCount The total number of field interactions recorded.
Timing msFromLoadToConversion Milliseconds from page load to the conversion. A sub-second form fill is not a human typing.

No personal data leaves the page. The beacon records the timing and structure of the submit, never field values, never what was typed, never an email or a name. It is provenance, not content.

How the conversion is judged

ClickLens combines three things: the session's stored humanness score, the submit provenance above, and the coherence of the journey that led to the conversion. The result is a graded verdict — pass, down-weight, or retract. Retraction carries the highest bar, because removing a real conversion is the costliest error. The conversion is recorded either way, so a click-id-keyed adjustment can be attempted later.

Acting on those verdicts — restating or retracting a conversion on your ad platform — is in measured rollout: today the dashboard shows the adjustment ClickLens would make before any gate changes data on real traffic. The conversion protection guide covers how a conversion is graded, what write-back does on each platform, and the holdout that measures the lift; the feature page sets out the full mechanism.

Server-side fallback

When you cannot run the tag at the moment of conversion — a purchase confirmed by a Stripe webhook, say — report it from your backend with POST /api/v1/sessions/convert. Pass the session key the tag stored in sessionStorage under cl_sk; read it on the frontend and hand it to your server.

This path carries the session key only, with none of the submit provenance above, so it is a weaker signal than the clicklens('conversion') call. Use the tag call when you can, and this when you cannot.

Node.js

await fetch('https://app.clicklens.io/api/v1/sessions/convert', {
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    'Authorization': 'Bearer YOUR_SITE_KEY',
  },
  body: JSON.stringify({ sessionKey }),
});

Python

import requests

requests.post(
    "https://app.clicklens.io/api/v1/sessions/convert",
    json={"sessionKey": session_key},
    headers={
        "Content-Type": "application/json",
        "Authorization": "Bearer YOUR_SITE_KEY",
    },
)

cURL

curl -X POST https://app.clicklens.io/api/v1/sessions/convert \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer YOUR_SITE_KEY" \
  -d '{"sessionKey": "SESSION_KEY_VALUE"}'

Replace YOUR_SITE_KEY with the site key from Settings → Site Settings. The site key is public and grants no dashboard access; the endpoint only accepts session keys that already exist in your site's data.

Response codes

Code Meaning
200 Conversion recorded. The body is a uniform { "sessionKey": "...", "recorded": true } acknowledgement — it never reveals whether the conversion was accepted as verified-human ground truth, so a flagged caller cannot learn their session was caught.
400 Missing sessionKey in the request body.
401 Missing or invalid site key in the Authorization header.
404 No session matched the key — cookieless or ITP, or the call fired before any beacon. The conversion is still recorded against its click-id for later reconciliation, so a 404 here does not mean the conversion was dropped.

FAQ

Can a bot fake a conversion to clear itself?

No. A conversion never overrides the engine's own judgement. Reporting a conversion on a session the engine scored as a bot records the event but mints no human label, and a conversion never overturns a stronger verdict — a honeypot, manual, or complaint label stands.

Does reporting a conversion change the session's score?

The original session score is not changed. When a conversion is accepted as ground truth, a verified label is stored alongside the score and used by the efficacy dashboard to measure scoring accuracy over time.

Is it safe to call from the browser?

Yes. The tag call and the site key are both client-side by design. The site key identifies your site but grants no access to your dashboard or data, and the server-side endpoint only accepts session keys that already exist in your site's data.

Where do I find my site key?

In the dashboard, go to Settings → Site Settings. Your site key is shown in the integration section alongside the tag snippet.