Standards Deep Dive Inside the six-layer system

Event & Conversion APIs and Outcome Signals.

The outcome-signal layer: IAB Tech Lab’s ECAPI 1.0, the named event taxonomy, server-to-server transport, consent metadata, payload governance — and what trustworthy outcomes mean when agents do the optimizing.

This is a deep dive inside the six-layer standards system, not a seventh pillar. Conversion data has been the least standardized load-bearing layer in advertising: every platform built its own Conversion API, every advertiser rebuilt the same integration N times, and the numbers that steer budgets traveled in N different containers. ECAPI 1.0 is the cross-industry answer to the container problem. This page maps what the spec actually standardizes, what it deliberately leaves to implementers, and where outcome signals still have to earn their trust.

Read the guide See Privacy & Consent Standards See Research & Measurement Science
The ECAPI outcome-signal layer — one standardized container for marketing events; trust, interpretation, and audit remain the implementer’s job. ECAPI — THE OUTCOME-SIGNAL LAYER INPUTS — EVENTS ADVERTISER SYSTEMS EMIT OUTPUTS — WHAT A GOVERNED FEED ENABLES purchase — the canonical lower-funnel event. The spec carries value, currency_code, and properties such as transaction_id so commerce outcomes can be reconciled, not just counted. purchase add_to_cart — a named mid-funnel intent event. Standard names mean a platform or agent can interpret intent stages without a per-advertiser glossary. add_to_cart begin_checkout — checkout initiation. Intent is not outcome: optimizing toward checkout starts when purchase is the goal rewards abandonment. begin_checkout generate_lead — part of a three-stage lead lifecycle in the taxonomy alongside qualify_lead and close_convert_lead. Decide which stage is the optimization target before any system steers on it. generate_lead sign_up — account creation. The taxonomy names the event; your event dictionary still has to define what counts — a form fill or a verified account — before it steers spend. sign_up page_view — upper-funnel volume. Cheap, plentiful signals need deliberate weighting or they drown the funnel. page_view install — app install, alongside start_trial and subscribe for subscription businesses. Store-reported and server-reported truth need reconciliation. install subscribe — subscription start. Trial-to-paid definitions belong in the event dictionary, not in tribal knowledge. subscribe refund — the event that keeps purchase honest. If refunds do not flow back and get subtracted, every return-style readout overstates. refund custom — the escape hatch for actions the taxonomy does not name, plus the Additional Events the spec lists. Naming governance decides whether custom events are auditable inputs or noise. custom ECAPI 1.0 — IAB Tech Lab’s Event & Conversion API: server-to-server HTTPS JSON transport of marketing events from advertiser systems to platforms and partners. Announced for public comment January 20, 2026; comment closed February 20, 2026; finalized and declared available for implementation April 28, 2026, with the canonical spec on GitHub. Every object carries an ext extension object so platform-specific fields ride along without breaking the shared structure. ECAPI 1.0 — STANDARDIZED EVENT LAYER one schema · named events · server-to-server · ext extensions finalized April 2026 · GPP consent fields · dedup keys built in Optimization — platforms and partners use received events to optimize campaign delivery, subject to consent state and the mmt_only flag. The spec standardizes the input; each platform retains its own requirements. optimization Measurement — full-funnel reporting built on named events. Mind the boundary: event APIs report what happened; experiments establish what the marketing caused. measurement Deduplication — the spec keys uniqueness on the combination of data_set_id and event id. Without enforced dedup, duplicates inflate every downstream number. dedup keys Consent state — gpp_string and gpp_sid carry Global Privacy Platform consent data per event; mmt_only fences measurement-only events out of ads-delivery optimization. consent state Audit trail — what was sent, to whom, under what consent state. The schema makes this loggable; logging it is the implementer’s discipline. audit trail Agent inputs — a standardized event vocabulary is the structure agentic optimization needs; the launch announcement itself references testing agentic optimization of outcomes. Agents still need trust, interpretation, and audit gates. agent inputs The governance rail under every event feed: hashed identifiers in user_data, data minimization, per-event GPP consent metadata (gpp_string + gpp_sid), the mmt_only measurement-only fence, and an audit log. The spec explicitly leaves legal compliance to implementers — carrying the fields is plumbing, not a legal conclusion. GOVERNANCE RAIL hashed identifiers · minimization · gpp_string + gpp_sid · mmt_only · audit
The outcome-signal layer: named advertiser events, the ECAPI 1.0 standardized container, and the governed outputs — optimization, measurement, consent state, and audit — it makes possible.

Outcome signals are the steering data of advertising. Until ECAPI, every platform defined its own container for them.

ECAPI standardizes how outcome events travel. It does not certify that the outcomes are true, deduplicated, or caused by the media.

Agents should not optimize against outcomes they cannot trust, interpret, or audit.

Status, precisely

ECAPI 1.0 was announced for public comment on January 20, 2026; the window closed February 20, 2026; and IAB Tech Lab’s April 28, 2026 post declares the specification finalized and available for implementation, with the canonical spec on GitHub.

Fast read

What it is
A deep-dive guide to outcome signals — the conversion and event data that advertising optimization steers on — anchored on IAB Tech Lab’s Event & Conversion API (ECAPI) 1.0, the cross-industry specification that standardizes how those signals travel server-to-server.
What it covers
ECAPI 1.0 status and scope, the named event taxonomy (purchase, generate_lead, install, subscribe, and more), payload and deduplication governance, the GPP consent fields gpp_string and gpp_sid plus the mmt_only measurement-only flag, the clean-room connection, and agentic optimization.
What it is not
Not an attribution methodology and not a replacement for incrementality — an event API reports that outcomes occurred; it does not establish that the marketing caused them. And not an adoption claim: contributor names in the spec are not platform commitments.
Why it matters
Optimization — human or agentic — is only as good as the outcome signals it steers on. ECAPI standardizes the container; trust, interpretation, and audit remain the implementer’s job.
Best for
AdTech, brand, agency, platform, retail media, measurement, and data-infrastructure leaders wiring outcome signals into buying systems and agentic workflows.
Best next read
Privacy & Consent Standards, Research & Measurement Science, and the Data Clean Rooms, PETs & PAIR deep dive.
Orientation

Where ECAPI fits.

ECAPI sits where the measurement layer meets the privacy layer: a server-to-server specification for transmitting marketing events — from upper-funnel engagement through lower-funnel conversion activity — from advertiser systems to advertising platforms and partners, developed in IAB Tech Lab’s CAPI Working Group. Three facts orient everything else on this page: the spec is final and implementable; it is a shared layer over platform-specific Conversion APIs, not a replacement for them; and it standardizes transport and structure, not attribution or causality.

  • Status — verified

    Final and implementable

    ECAPI was announced for public comment on January 20, 2026; the window closed February 20, 2026. IAB Tech Lab’s April 28, 2026 post states the 1.0 specification has been finalized and is now available for implementation, with the canonical spec maintained on GitHub (ecapi_1.0.md, CC BY 3.0). One Tech Lab download page still carries comment-period status language — cite the GitHub spec and the finalization post, not the stale page.

  • The relationship

    A layer over platform CAPIs

    Per the launch press release, many platforms operate their own Conversion APIs that work individually but multiply custom integration work. ECAPI is the shared structure across them — it names no platforms as adopters, platforms may still require specific fields, and every object carries an ext extension object for platform-specific additions. Contribution to the spec is not adoption of it.

  • The boundary

    Not an attribution method

    An event API standardizes how outcome events travel; it does not allocate credit and it does not establish cause. Attribution remains a modeling choice, and incrementality remains an experimental discipline — ECAPI feeds both and replaces neither.

Status discipline

Public-comment language survives on official pages after specs finalize. The April 28, 2026 finalization post and the GitHub spec are the status of record — validate current status before citing.

Why it is hard

Why outcome signals are hard.

Conversion data looks like the most objective signal in advertising — a purchase happened or it did not. In practice, eight realities stand between an event in an advertiser’s system and a number an optimizer can be trusted with.

  • 01

    Every platform speaks its own CAPI

    The IAB Tech Lab launch framing is blunt: many advertising platforms operate their own versions of Conversion APIs, and integrating with multiple partners often requires custom development work due to differences in structure and requirements. ECAPI exists to standardize that container.

  • 02

    The same outcome means different things

    What counts as a purchase, a lead, or a trial varies by team, system, and platform. Named events only help when the internal mapping — your event dictionary — is written down, owned, and versioned.

  • 03

    Duplicates inflate everything

    The same conversion can arrive via a client-side tag and a server event. ECAPI keys deduplication on the combination of data_set_id and event id; without enforced dedup, the optimizer double-counts and the readout flatters.

  • 04

    Matching is never total

    user_data carries hashed identifiers — email, phone, customer IDs, ifa, click_id — and match rates vary by channel and consent state. An unmatched event is invisible to optimization, and that absence is itself a bias.

  • 05

    Consent state must travel with the event

    ECAPI gives consent a seat in the schema: gpp_string and gpp_sid per event. Carrying them correctly for each jurisdiction is the implementer’s work — the spec explicitly leaves legal compliance to implementers.

  • 06

    Measuring and optimizing are different permissions

    Some events may inform reporting but must not steer ads delivery. The mmt_only flag makes that boundary machine-readable — and meaningless unless both sender and receiver actually enforce it.

  • 07

    Timing skews the signal

    Server events arrive late; refunds arrive later; offline confirmations later still. An optimizer reading a partial window learns the wrong lesson with full confidence.

  • 08

    Reported is not caused

    Event feeds report outcomes after exposure or click. Causality needs experiments — optimizing on raw conversions can reward the channels best at harvesting demand that already existed.

The shared vocabulary

The ECAPI event taxonomy.

The spec defines a named set of standard events spanning the funnel — the finalization post describes classification across upper-funnel, mid-funnel, lower-funnel, and custom actions, “not just conversions” — plus Additional Events and a custom type. The rows below group representative event names with the governance question each group raises. The names are standard; what they mean in your business still has to be written down.

Funnel layerECAPI events (examples)What to govern
Commercepurchase · refundValue, currency_code, and transaction_id integrity. Refunds must flow back and be subtracted, or every return-style readout overstates.
Cart & checkoutadd_to_cart · begin_checkout · add_payment_infoIntent is not outcome — optimizing to checkout starts when purchase is the goal rewards abandonment.
Discoverypage_view · search · view_search_resultsHigh-volume, low-cost signals. Weight them deliberately or they drown the funnel.
Lead lifecyclegenerate_lead · qualify_lead · close_convert_leadThree distinct stages — agree which one is the optimization target, and mind CRM write-back latency.
Accountssign_upA sign_up definition — form fill or verified account — must be written down before it steers spend.
App & subscriptioninstall · start_trial · subscribeTrial-to-paid definitions, and store-reported versus server-reported truth, need explicit reconciliation.
Media exposuread_impressionAn exposure logged as an event is not a viewable impression — do not conflate it with MRC viewability metrics.
Local & servicecontact · schedule · find_location · donateOffline handoffs confirm late. Timestamp the action, not the confirmation that eventually arrives.
Custom & extendedcustom · Additional Events · ext objectsNaming governance — undocumented custom events become unauditable optimization inputs.

The discipline

Do not cite exact event counts — the taxonomy is best treated as a named, extensible vocabulary. The spec’s own guidance is to start with each receiving platform’s requirements, because platforms may require specific fields.

The working set

Event payload governance.

An ECAPI event is an HTTPS POST of JSON: an event object (data_set_id, id, timestamp, event_type, value, currency_code, source, properties), a user_data object of hashed match identifiers, and consent metadata — gpp_string, gpp_sid, and the mmt_only measurement-only flag. The schema is the easy part. The fifteen-point checklist below is the part that decides whether the feed can be trusted.

Inside an ECAPI event — the payload fields are standardized; governing them is the implementer’s job. INSIDE AN ECAPI EVENT — PAYLOAD GOVERNANCE true else The event object — data_set_id, id, timestamp, event_type (with custom_event for unnamed actions), value, currency_code, source, and properties such as transaction_id and items. The combination of data_set_id and event id is the deduplication key: if it is not unique, every downstream number inflates. EVENT OBJECT event_type · custom_eventid + data_set_id — deduptimestamp · sourcevalue · currency_codeproperties · transaction_id user_data — the match identifiers: hashed email_address and phone_numbers, customer_identifier, uids, ifa, click_id, impression_id, and related fields. Hash per the spec’s expectations and practice minimization: send the identifiers a match requires, not every identifier you hold. USER_DATA — MATCH KEYS hashed email_addresshashed phone_numberscustomer_identifier · uidsifa · click_id · impression_idsend only what a match needs Consent and privacy fields — gpp_string carries the Global Privacy Platform consent string, gpp_sid the applicable GPP section IDs, and mmt_only flags events that may be used for measurement only, not ads-delivery optimization. The spec does not mandate any specific consent regime and explicitly leaves legal compliance to implementers. CONSENT & PRIVACY gpp_string — GPP consentgpp_sid — GPP section IDsmmt_only — measurement-onlyper event, not per integrationcompliance stays with you The mmt_only gate — a boolean in the payload that splits permitted use: true means the event may inform measurement only; otherwise it may inform both measurement and ads-delivery optimization. A machine-readable fence between measuring and targeting — and it only works if both sender and receiver enforce it. THE mmt_only GATE one boolean, two lanes Measurement only — reporting and analysis. Events flagged mmt_only=true must stay out of ads-delivery optimization; verify that the receiving side honors the flag where supported. measurement only excluded from delivery optimization Measure + optimize — events without the measurement-only restriction may inform both reporting and delivery optimization, subject to the consent state they carry and each receiving platform’s own requirements. measure + optimize subject to consent + platform rules The payload-governance rail: deduplication on data_set_id + event id, identifier hashing, data minimization, per-platform required-field review (the spec says to start with each platform’s guidance), retention and erasure policy, and an audit log of what was sent to whom under what consent state. GOVERNANCE dedup · hashing · minimization · required fields · retention · audit
Inside an ECAPI event: the event object, the user_data match identifiers, and the consent fields — feeding the mmt_only gate that splits measurement-only use from measure-and-optimize use.
  • Dedup keys — every event carries a stable id, and the data_set_id + id combination is unique; duplicates inflate every downstream number.
  • Event dictionary — a written mapping from each internal event to its ECAPI event_type, owned and versioned like code.
  • custom_event naming — custom events follow a convention with an owner; no ad-hoc names in production feeds.
  • Timestamp integrity — event time reflects when the action happened, in the expected format, with clock skew monitored.
  • Value and currency — value plus currency_code validated at the source; mixed or assumed currencies corrupt return-style readouts.
  • transaction_id — carried in properties for commerce events so refunds and reconciliations can be tied back.
  • Refund flow — refund events actually flow, and downstream consumers actually subtract them.
  • Identifier hashing — user_data identifiers hashed per the spec’s expectations before transmission; raw PII never leaves by accident.
  • Data minimization — send the identifiers a match requires, not every identifier you hold.
  • gpp_string per event — the Global Privacy Platform consent string travels with each event, not as a global assumption.
  • gpp_sid correctness — the applicable GPP section IDs match the user’s jurisdiction.
  • mmt_only enforcement — measurement-only events are flagged, and the receiving side’s use is verified where supported.
  • Platform field review — each receiving platform’s required fields and guidance reviewed before launch; the spec itself says implementations should start there.
  • ext discipline — platform-specific ext usage documented per integration, so the shared structure stays shared.
  • Retention and audit — a log of what was sent, to whom, under what consent state, with a retention and erasure policy attached.

The point

Every object in the spec allows an ext extension object — flexibility by design. Undocumented ext usage is how a shared standard quietly fragments back into N integrations.

Privacy perimeter

ECAPI’s most consequential design decision is that consent rides inside the payload. Three fields carry it — and one explicit disclaimer bounds it.

  • Built into the schema

    GPP travels with the event

    ECAPI carries consent as data: gpp_string holds the Global Privacy Platform consent string and gpp_sid the applicable GPP section IDs — per event, not per integration. Public documentation describes these as the spec’s consent mechanism; it does not mandate TCF strings or any specific consent regime.

  • The measurement fence

    mmt_only

    A boolean flag marking an event as measurement-only: it may inform reporting and analysis but must not be used to optimize ads delivery. It is the spec’s most operationally interesting field — a machine-readable boundary between measuring and targeting — and it only means something if both sender and receiver enforce it.

  • Where liability stays

    Compliance is not conferred

    The specification explicitly disclaims legal-compliance guarantees. Carrying GPP fields correctly is necessary plumbing, not a legal conclusion — whether a given event flow is lawful in a given jurisdiction is the implementer’s question, answered with counsel rather than a schema.

Adjacent layer

Event APIs and clean rooms.

Event APIs and clean rooms solve adjacent halves of the same problem. An event API moves the advertiser’s outcome signal to the parties optimizing and reporting on media; a clean room joins outcome data with exposure data under controlled conditions. The loop below shows where each belongs — and where the incrementality read keeps both honest.

The event-to-measurement loop — standardized event feeds, clean-room joins, and the incrementality read that keeps the loop honest. FROM EVENT FEED TO MEASUREMENT LOOP read inform next cycle Advertiser systems — commerce platforms, CRM, app backends: where outcome events originate. Event quality is decided here, before any standard touches it — definitions, dedup keys, refund flow, consent capture. advertiser systems orders · CRM · app events ECAPI transport — server-to-server HTTPS JSON with named event types, deduplication keys (data_set_id + event id), and per-event GPP consent metadata. The standardized container, finalized April 2026. ECAPI transport S2S JSON · named events Platforms and partners — receive events for campaign optimization and measurement. Each retains its own required fields and guidance; ext objects carry platform-specific extensions without breaking the shared structure. platforms & partners optimize · report Clean room / collaboration join — where outcome data meets exposure data under controlled output policies. Aggregation is not absolution: the join still needs output governance, and consent metadata should constrain what it may emit. clean room join exposure × outcomes Incrementality — the IAB/MRC framing of incrementality is the potential causal impact of marketing, and it is established by experiments, not by event feeds. Keep the three measurement reads distinct: attribution assigns credit for consumer actions to specific marketing efforts, MMM allocates at the macro level, experiments establish cause. This is the loop’s honesty check: optimization that skips it learns to harvest demand, not create it. incrementality read experiments decide cause Planning decisions — budgets, mix, and targets set on measured (and ideally causally validated) outcomes, feeding the advertiser’s next cycle of campaigns. The loop closes here — on decisions, not dashboards. planning decisions budget · mix · targets The loop’s rule: event APIs report what happened; experiments establish what the marketing caused. A standardized feed makes the reporting cleaner — it does not make it causal. THE RULE event APIs report what happened · experiments establish what marketing caused
The event-to-measurement loop: advertiser systems, ECAPI transport, platforms and partners, clean-room joins, the incrementality read, and the planning decisions that close the loop.
  • Event APIs move outcomes; clean rooms join them. ECAPI standardizes the feed from advertiser systems to platforms and partners; collaboration environments govern the match between outcomes and exposure.
  • Consent metadata must survive the journey — the gpp_string, gpp_sid, and mmt_only state attached to an event should constrain what any downstream join is permitted to output.
  • Aggregation is not absolution. Joining event-level outcomes to exposure inside a clean room still needs output policy — a clean room without output policy is just a safer room with an unsafe door.
  • Neither layer establishes cause: a joined, governed dataset is the input to incrementality work, not a substitute for it.
Agents on the signal

Agentic measurement.

IAB Tech Lab’s own announcement points here: the launch quote from its CEO references “testing agentic optimization of outcomes.” A standardized event vocabulary is exactly the structure agents need — and exactly the kind of input that fails quietly when it is wrong. The house rule: agents should not optimize against outcomes they cannot trust, interpret, or audit. Six implications follow.

  • 01

    A shared vocabulary is agent fuel

    Named events let an agent reason across platforms without N bespoke mappings — and IAB Tech Lab’s own launch quote points here, referencing testing agentic optimization of outcomes. The structure is arriving; the governance is not automatic.

  • 02

    Trust is a gate, not a vibe

    Schema validity, dedup keys present, timestamps sane, consent metadata attached — checked before a signal is allowed to steer budget. Signals that fail the gate inform investigation, not optimization.

  • 03

    Interpretation is part of the job

    Value and currency normalization, refund subtraction, funnel-stage weighting. An agent that treats begin_checkout like purchase misprices everything it buys.

  • 04

    mmt_only is a machine-readable fence

    Agents must read and respect measurement-only flags. An optimization loop that ingests mmt_only events for delivery decisions crosses a boundary the payload itself declared.

  • 05

    Audit lineage or it did not happen

    Log which events fed which decision. If an optimization cannot be reconstructed from its inputs, it cannot be audited — and an unauditable optimization should not scale.

  • 06

    Close the loop with experiments

    Agents optimizing raw conversions amplify their own selection effects. Periodic incrementality reads are the external honesty check that event-fed optimization cannot supply for itself.

The agentic measurement workflow — trust, interpret, optimize, audit, and a review loop that keeps the agent honest. AGENTIC OPTIMIZATION ON OUTCOME SIGNALS Standardized signals in — named ECAPI events arriving server-to-server. A shared vocabulary is what lets one agent reason across many platforms without bespoke mappings — the structure agentic optimization needs. 01 — INGEST signals in named ECAPI events Trust gate — schema validity, dedup keys present (data_set_id + event id), timestamps sane, consent metadata attached. Signals that fail the gate inform investigation, not optimization. 02 — TRUST trust gate schema · dedup · consent Interpret — value and currency normalization, funnel-stage weighting, refund subtraction. An agent that treats begin_checkout like purchase misprices everything it buys. 03 — MEANING interpret value · stage · refunds Optimize — within declared boundaries: mmt_only events stay out of ads-delivery optimization, and each receiving platform’s requirements are honored per integration. 04 — STEER optimize honors mmt_only Audit log — which events fed which decision. If an optimization cannot be reconstructed from its inputs, it cannot be audited — and should not be trusted. 05 — PROVE audit log signal → decision The review loop — human review, periodic incrementality checks, and drift watch on event definitions. Event-fed optimization needs an external honesty check or it amplifies its own selection effects. The callout: event confidence before event volume — a smaller feed the agent can trust beats a bigger feed it cannot. REVIEW LOOP human review · incrementality checks · definition drift watch event confidence before event volume The house rule for agentic measurement: agents should not optimize against outcomes they cannot trust, interpret, or audit. ECAPI standardizes the container those outcomes travel in — the trust, interpretation, and audit gates remain the implementer’s to build. THE HOUSE RULE agents should not optimize against outcomes they cannot trust, interpret, or audit
The agentic outcome-signal workflow: ingest, trust gate, interpret, optimize, audit — over a review loop of human review, incrementality checks, and definition drift watch.
Disambiguation

CAPI vs ECAPI vs attribution.

These layers get conflated in roadmap decks. They answer different questions — and each carries a watch-out that the conflation hides.

LayerRoleWatch-out
Client-side tags & pixelsBrowser- and app-side event collection — the original conversion plumbingSignal loss and blocking are why server-side exists; dedup client events against server events or count twice
Platform CAPIsEach platform’s own server-to-server conversion endpoint, schema, and requirementsN platforms means N integrations and N schemas; platforms retain required fields even where shared standards exist
ECAPI (IAB Tech Lab)The shared standardization layer: one event structure, named taxonomy, GPP consent fields, ext for platform specificsA container standard, not an adoption guarantee or a compliance shield — map each platform’s guidance, and treat contributor lists as contribution, not adoption
Attribution modelsAllocate credit for outcomes across touchpointsModels, not observations — rules differ per platform, and cross-platform attribution numbers are not comparable truths
Incrementality & experimentsEstablish the causal impact of marketing through test-versus-control designsSlower and costlier than dashboards — which is why they get skipped, and why event-fed optimization drifts without them
Marketing mix modelingTop-down, aggregate read on budget-level effectivenessCoarse granularity and long cycles — pairs with event-level signals rather than replacing them
Implementation lens

Implementation lens.

The same specification lands differently depending on where you sit in the chain. Select your company type for the version of this page that applies to you.

Select your company type
What to own

Own the event dictionary, the dedup keys, the refund flow, and the consent capture — those decide what every downstream number means. Map internal events to ECAPI names deliberately, and demand documentation of how each receiving platform uses what you send.

  • Event dictionary
  • data_set_id + id dedup
  • Refund flow
  • gpp_string / gpp_sid
What to operationalize

Maintain the cross-platform mapping matrix: which internal events map to which ECAPI names, which platforms require which fields, where ext objects diverge. QA the feeds you optimize against, and keep optimization targets pinned to outcomes, not intent stages.

  • Mapping matrix
  • Platform field review
  • Feed QA
  • Target governance
What to engineer

The finalization post’s ask to platforms is to support the ECAPI format. Engineering that support means documenting required fields and ext usage, enforcing dedup on receipt, and honoring consent metadata — including keeping mmt_only events out of delivery optimization.

  • ECAPI format support
  • ext documentation
  • Dedup on receipt
  • mmt_only enforcement
What to align

Conversion-rich by construction — and the same event-governance questions apply to closed-loop claims. Align event definitions with your retail media measurement vocabulary, keep refunds and returns in the loop, and treat outcome attribution claims with the same incrementality discipline.

  • Closed-loop governance
  • Refund & returns flow
  • Retail media measurement
  • Incrementality
What to disclose

Disclose match methodology, dedup logic, and the gap between reported and matched events. Build incrementality reads on top of event feeds rather than presenting feeds as causal evidence — and label which is which in every readout.

  • Match methodology
  • Dedup disclosure
  • Incrementality design
  • Readout labeling
What to build

You are the pipes: schema validation against the spec, identifier hashing, GPP consent propagation, retry and dedup semantics, retention controls. The difference between a standard and a mess is enforced at this layer.

  • Schema validation
  • Hashing & minimization
  • GPP propagation
  • Retention controls
What to watch

Sell-side teams are increasingly asked to prove outcomes, not just delivery. Understand what advertisers’ event feeds can and cannot show, and keep your outcome narratives inside what a server-to-server event actually proves — exposure-to-outcome stories still need experiments.

  • Outcome narratives
  • Proof boundaries
  • Experiment literacy
  • Buyer conversations
What to govern

Event feeds are join inputs. Carry the consent metadata through the join, let mmt_only state constrain outputs, and make output policy explicit — the value of a governed join is the governance.

  • Join governance
  • Consent continuity
  • Output policy
  • mmt_only state
No Fluff POV

No Fluff POV.

ECAPI is genuinely useful standards work: it attacks the N-integrations tax on outcome signals with a shared schema, named events, and consent metadata in the payload. What it does not do is make outcome signals true. The container is standardized; the contents are still yours — definitions, dedup, refunds, consent state, and the discipline to keep measurement-only data out of optimization. Teams that adopt the schema and skip the governance get faster pipes for the same dirty water.

  • Say the status precisely: announced January 20, 2026; public comment closed February 20, 2026; finalized and available for implementation per the April 28, 2026 Tech Lab post — cite the GitHub spec, not stale download-page language.
  • Treat ECAPI as a container standard: it standardizes how outcome events travel, not whether the outcomes are true.
  • Contribution is not adoption: contributor names in the spec are not platform commitments — validate each platform’s actual support directly.
  • Wire consent in, not on: gpp_string, gpp_sid, and mmt_only are schema fields — carry them per event and honor them downstream.
  • Keep measurement and optimization permissions separate: mmt_only only works if your pipeline — and your partner’s — enforces it.
  • Pair event feeds with experiments: an event API reports outcomes; incrementality establishes cause — never let an agent confuse the two.

The point

Agents should not optimize against outcomes they cannot trust, interpret, or audit. ECAPI standardizes the container those outcomes travel in — the trust, the interpretation, and the audit are still built, not bought.

Where this connects

Standards

Standards deep dives

Operating playbooks & surfaces

Validate, don’t assume

Primary sources to validate.

Standards, guidance, and implementation references last validated: June 2026. Specifications, public-comment status, frameworks, APIs, and implementation guidance change. Validate against official documentation before implementation.

Primary sources to validate 7 sources
  • ECAPI (Event and Conversion API) Specification — standards page ↗ Official standards page

    IAB Tech Lab · checked 2026-06-13 · Primary

    Official ECAPI landing page. Describes ECAPI as defining a set of full-funnel events of interest to advertisers, transmitted server-to-server from advertisers to advertising platforms/partners for campaign optimization and measurement. States the specification 'was in Public Comment until Friday, February 20, 2026' and links to v1.0 on GitHub. For current status (finalized, available for implementation) cite the GitHub spec and the April 2026 finalization blog post — some Tech Lab pages retain stale public-comment-era language. Supports: Definition of ECAPI, Public-comment close date (Feb 20, 2026), Server-to-server scope, Canonical spec location.

  • IAB Tech Lab Announces Event and Conversion API (ECAPI) For Public Comment ↗ Official press release

    IAB Tech Lab · checked 2026-06-13 · Primary

    January 20, 2026 announcement of ECAPI for public comment until February 20, 2026. Frames the problem: 'Many advertising platforms operate their own versions of Conversion APIs... integrating with multiple partners often requires custom development work due to differences in structure and requirements.' Quotes Anthony Katsur (CEO, IAB Tech Lab) — including a reference to 'testing agentic optimization of outcomes' — plus individuals from Meta and Publicis Sapient. Supportive quotes are not adoption commitments; no platform adoption of ECAPI is published. Supports: Announcement date and comment deadline, IAB framing vs platform-specific CAPIs, Official quotes (attributed).

  • InteractiveAdvertisingBureau/ecapi (GitHub repository) ↗ Official GitHub

    IAB Tech Lab (GitHub: InteractiveAdvertisingBureau) · checked 2026-06-13 · Primary

    Canonical home of the ECAPI v1.0 specification. README: 'The Event & Conversion API (commonly known as CAPI) is designed to standardize communication of marketing-related events from advertisers' systems to advertising platforms and partners.' Contains ecapi_1.0.md, examples.md, assets/. Licensed Creative Commons Attribution 3.0. Supports: Canonical spec repo, License (CC BY 3.0).

  • ECAPI 1.0 specification (ecapi_1.0.md) ↗ Official GitHub

    IAB Tech Lab (GitHub: InteractiveAdvertisingBureau) · checked 2026-06-13 · Primary

    Full spec text. Server-to-server HTTPS POST JSON transport; event object (data_set_id, id, timestamp, event_type, value, currency_code, source, properties incl. transaction_id, user_data); user_data carries hashed/match identifiers (email_address, phone_numbers, customer_identifier, uids, ifa, click_id, impression_id, etc.); consent/privacy fields gpp_string (GPP consent string), gpp_sid (applicable GPP sections), and mmt_only (boolean: measurement-only, excludes ads-delivery optimization). Named standard-event taxonomy (purchase, page_view, ad_impression, add_to_cart, begin_checkout, generate_lead, sign_up, install, subscribe, custom, etc.) plus Additional Events — avoid exact event counts. Every object allows an 'ext' extension object; dedup keyed on data_set_id + event id. Spec does not name Meta/Google as adopters; contributor individuals are listed (Meta, Google, Walmart, NBCUniversal, Paramount, Roku, etc. — contributors, NOT adoption). Legal compliance (GDPR/CCPA) is left to implementers — the spec disclaims compliance guarantees. Supports: Event taxonomy and schema structure, Consent metadata (gpp_string, gpp_sid, mmt_only), ext extension mechanism and dedup rules, Contributor list (not adoption).

  • ECAPI-talizing on Conversions (final ECAPI 1.0 announcement) ↗ Official blog

    IAB Tech Lab · checked 2026-06-13 · Primary

    Published April 28, 2026. States 'The ECAPI 1.0 specification has been finalized' and 'ECAPI is now available for implementation,' linking to the full spec on GitHub. Describes ECAPI as a standardization layer (not a replacement for platform CAPIs) that accommodates platform-specific fields via the ext object 'without breaking the shared structure,' covering upper-funnel, mid-funnel, lower-funnel, and custom actions — not just conversions. This blog post (not a press release) is the finalization announcement of record. Supports: Current status: ECAPI 1.0 final, available for implementation, Finalization date (April 28, 2026), Standardization-layer framing.

  • ECAPI Specification — Measurement standards page (stale comment-era status language) ↗ Official standards page

    IAB Tech Lab · checked 2026-06-13 · Supporting

    Alternate ECAPI page under Measurement standards, hosting the public-comment PDF. CAUTION: this download page carried 'Open for Public Comment until February 20, 2026' status language ('Last updated: January 28, 2026') after the comment window — stale relative to the April 28, 2026 finalization. Cite the GitHub spec and finalization blog for current status, not this page's status line. Supports: Comment-window status language (historical), Public-comment PDF location.

  • Event & Conversion API v1.0 — public-comment draft PDF (January 2026) ↗ Official docs

    IAB Tech Lab · checked 2026-06-13 · Context only

    The January 2026 public-comment draft of the spec; links to the CAPI Working Group page, confirming the spec was developed within IAB Tech Lab's CAPI Working Group. Historical artifact only — superseded by the finalized GitHub spec (ecapi_1.0.md) for all content citations; no post-comment changelog was published. Supports: Existence of the January 2026 public-comment draft, CAPI Working Group provenance.

Platform capabilities and naming change quickly. Last validated: June 13, 2026. Check current documentation before implementation.Standards, guidance, and implementation references last validated: June 2026. Specifications, public-comment status, frameworks, APIs, and implementation guidance change. Validate against official documentation before implementation.

Next step

Wiring outcome signals into buying systems or agentic workflows?

The operating work is to govern the event dictionary, dedup keys, consent metadata, and audit lineage before optimization scales on whatever the pipeline happens to emit — and to keep an incrementality read in the loop so the feed stays honest.

Scope this work Open Research & Measurement Science