Skip to main content

Base URL

All endpoints are prefixed with /api/v1.

Authentication

The API uses two authentication methods depending on the endpoint:

Session auth (dashboard)

Used by the dashboard and any integration that manages teams, sites, and analytics. Authenticates via session cookies set by the /api/auth/* endpoints (powered by BetterAuth). All team-scoped endpoints (/api/v1/teams/:teamSlug/...) require session auth plus team membership.

API key auth (SDK ingestion)

Used by the SDK to send events. Pass the API key as a header:
Or as a query parameter:
API keys are created per-site and can be revoked from the dashboard.

Endpoints

Public (no auth)

SDK / API key auth (X-Api-Key header)

Common patterns

Team-scoped routes

Most endpoints are scoped to a team via the URL:
Your session must have membership in the team. Some operations (update/delete team, manage roles) require owner or admin role.

Error responses

Errors return JSON with a message field:
Common status codes:

Analytics time ranges

Analytics endpoints accept a range query parameter — the number of hours to include (default: 24):
This returns data for the last 7 days.