API Reference
Complete API reference for DataSaaS. All endpoints require authentication unless noted otherwise.
POST /api/events
Public endpoint — no authentication required. Ingests tracking events from the client-side script.
Request body
{
"website_id": "mrf_abc123",
"visitor_id": "uuid-v4",
"session_id": "uuid-v4",
"event_type": "pageview",
"url": "https://yourdomain.com/pricing",
"referrer": "https://google.com",
"title": "Pricing - My App",
"hostname": "yourdomain.com",
"pathname": "/pricing",
"utm_source": "google",
"utm_medium": "cpc",
"utm_campaign": "spring_sale",
"screen_width": 1920,
"language": "en-US",
"metadata": {},
"click_ids": { "gclid": "abc123" }
}Required fields
| Field | Type | Description |
|---|---|---|
| website_id | string | Your website identifier |
| visitor_id | string | Unique visitor identifier |
| session_id | string | Current session identifier |
Event types
| Type | Description |
|---|---|
| pageview | Standard page view |
| goal | Custom goal completion |
| _heartbeat | Session keepalive (30s intervals, lightweight) |
| _leave | Page/tab close (includes duration + scroll depth) |
| _outbound | External link click |
Response codes
| Code | Description |
|---|---|
| 202 Accepted | Event received successfully |
| 400 Bad Request | Missing required fields or domain mismatch |
| 404 Not Found | Invalid website_id |
| 429 Too Many Requests | Rate limit exceeded (100 events/min per IP) |
Bot traffic is silently accepted but filtered — the API returns 202 even for filtered events to avoid revealing detection logic.
GET /api/realtime
Public endpoint. Returns the number of visitors currently active on your website.
GET /api/realtime?siteId=mrf_abc123Response
{
"online": 12
}GET /api/websites/{id}/realtime-map
Authenticated. Returns active visitor locations for the realtime map visualization.
GET /api/websites/{id}/realtime-map/events
Authenticated. Returns recent events for the realtime event feed.
Goals
GET /api/websites/{id}/goals
List all goals for a website.
POST /api/websites/{id}/goals
Create a new goal.
{
"name": "signup",
"display_name": "User Signup",
"goal_type": "custom"
}DELETE /api/websites/{id}/goals/{goalId}
Delete a goal.
Integrations
POST /api/websites/{id}/integrations/connect
Connect a payment provider.
{
"provider": "stripe",
"api_key": "sk_live_..."
}DELETE /api/websites/{id}/integrations/disconnect
Disconnect a payment provider.
GET /api/websites/{id}/integrations/status
Check connection status. Pass ?provider=stripe as query param.
POST /api/websites/{id}/integrations/sync
Manually sync transactions from the connected provider.
GET /api/filter-values
Returns available values for a filter dimension within a date range. Used to populate filter dropdowns.
GET /api/filter-values?siteId=mrf_abc123&dimension=country&start=2024-01-01&end=2024-03-01Supported dimensions
referrer, utm_source, utm_medium, utm_campaign, utm_term, utm_content, country, region, city, browser, os, device_type, pathname, goal_name
Rate limiting
The event ingestion endpoint is rate-limited to 100 events per minute per IP address. Other API endpoints follow standard rate limits based on your plan.