Technical Overview
NanoAnalytics are collected via a secure API endpoint designed for multi-tenant SaaS environments. Here's how the process works and what is tracked:
Event Validation & Security
- Each analytics event sent to the API must include a
projectKeythat identifies the project. - The backend validates the
projectKeyagainst the database and ensures the event's URL matches the project's allowed origin. - CORS headers are set to allow secure cross-origin requests.
What Gets Tracked
- Event Name/Type: The type of user or system event (e.g., page view, custom event).
- Session ID: A unique identifier for the user session (generated if not provided).
- User ID: If available, the user's unique identifier.
- Project ID: The internal ID of the project.
- Page Info:
- Page title
- Page path
- Full URL
- Referrer: The previous page or source that led to the current page.
- User Agent: Information about the browser, operating system, and device.
- IP Address: Used for basic analytics and geographic distribution (anonymized or masked as needed).
- Timestamp: When the event occurred.
- Custom Data: Any additional fields sent in the event payload.
Data Storage & Processing
- Events are logged using a stored procedure in the database for efficiency and consistency.
- Each event is associated with the correct project and user.
- Usage is tracked for billing and quota purposes.
Example Event Payload
{
"projectKey": "your-project-key",
"eventName": "page_view",
"url": "https://yourdomain.com/page",
"page_title": "Page Title",
"page_path": "/page",
"referrer": "https://referrer.com/",
"userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7)...",
"sessionId": "uuid-session-id",
}This approach ensures that only valid, authorized events are stored, and that analytics data is accurate, secure, and associated with the correct project.
Last updated on