Technical Overview

NanoAnalytics are collected via a secure API endpoint designed for multi-tenant SaaS environments. Here's how the process works and what is tracked:

Event Validation & Security

• Each analytics event sent to the API must include a projectKey that identifies the project.
• The backend validates the projectKey against the database and ensures the event's URL matches the project's allowed origin.
• CORS headers are set to allow secure cross-origin requests.

What Gets Tracked

• Event Name/Type: The type of user or system event (e.g., page view, custom event).
• Session ID: A unique identifier for the user session (generated if not provided).
• User ID: If available, the user's unique identifier.
• Project ID: The internal ID of the project.
• Page Info:
  • Page title
  • Page path
  • Full URL
• Referrer: The previous page or source that led to the current page.
• User Agent: Information about the browser, operating system, and device.
• IP Address: Used for basic analytics and geographic distribution (anonymized or masked as needed).
• Timestamp: When the event occurred.
• Custom Data: Any additional fields sent in the event payload.

Data Storage & Processing

• Events are logged using a stored procedure in the database for efficiency and consistency.
• Each event is associated with the correct project and user.
• Usage is tracked for billing and quota purposes.

Example Event Payload

{
  "projectKey": "your-project-key",
  "eventName": "page_view",
  "url": "https://yourdomain.com/page",
  "page_title": "Page Title",
  "page_path": "/page",
  "referrer": "https://referrer.com/",
  "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7)...",
  "sessionId": "uuid-session-id",
  "userId": "uuid-user-id"
}

This approach ensures that only valid, authorized events are stored, and that analytics data is accurate, secure, and associated with the correct project.