Ingest server-side event REST API

POST

/api/ingest/server/event

const url = 'https://app.hitkeep.com/api/ingest/server/event';
const options = {
  method: 'POST',
  headers: {Authorization: 'Bearer <token>', 'Content-Type': 'application/json'},
  body: '{"dnt":true,"name":"example","properties":{},"referrer":"example","session_id":"2489E9AD-2EE2-8E00-8EC9-32D5F69181C0","timestamp":"2026-04-15T12:00:00Z","url":"https://example.com","user_agent":"example","visitor_ip":"example"}'
};

try {
  const response = await fetch(url, options);
  const data = await response.json();
  console.log(data);
} catch (error) {
  console.error(error);
}

curl --request POST \
  --url https://app.hitkeep.com/api/ingest/server/event \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '{ "dnt": true, "name": "example", "properties": {}, "referrer": "example", "session_id": "2489E9AD-2EE2-8E00-8EC9-32D5F69181C0", "timestamp": "2026-04-15T12:00:00Z", "url": "https://example.com", "user_agent": "example", "visitor_ip": "example" }'

Accepts one trusted server-side custom event from an API client. This server-to-server endpoint does not require browser Origin or Referer headers. HitKeep resolves the site from the submitted URL hostname, requires site.manage_data for that resolved site, and uses visitor_ip for ingest-time exclusions, spam filtering, and country, region, city, provider, and ASN lookup. Stored analytics records contain derived country, region, city, provider, and ASN context. HitKeep does not store the raw visitor IP. This endpoint uses the ingest rate limiter.

Authorizations

bearerAuth
apiKeyAuth

Request Body^required

application/json

object

dnt

When true, HitKeep drops the record consistently with browser tracker privacy behavior.

boolean

name

required

Custom event name.

string

properties

object

key

additional properties

any

referrer

string

session_id

Optional visitor grouping key. If omitted, this event gets its own standalone session.

string format: uuid

timestamp

required

Canonical analytics time in RFC3339 format.

string format: date-time

url

required

Absolute page or event context URL. The hostname resolves the configured HitKeep site.

string format: uri

user_agent

required

User agent from the original visitor request context.

string

visitor_ip

required

Trusted transient visitor IP context. Used to derive country, region, city, provider, and ASN metadata. HitKeep does not store the raw visitor IP.

string format: ip

Example^generated

{
  "dnt": true,
  "name": "example",
  "properties": {},
  "referrer": "example",
  "session_id": "2489E9AD-2EE2-8E00-8EC9-32D5F69181C0",
  "timestamp": "2026-04-15T12:00:00Z",
  "url": "https://example.com",
  "user_agent": "example",
  "visitor_ip": "example"
}

Responses

Example^generated

{
  "message": "example"
}

Ingest server-side event REST API

Authorizations

Request Bodyrequired

Examplegenerated

Responses

202

400

Examplegenerated

401

Examplegenerated

403

Examplegenerated

404

Examplegenerated

429

Examplegenerated

503

Examplegenerated

Request Body^required

Example^generated

Example^generated

Example^generated

Example^generated

Example^generated

Example^generated

Example^generated