All endpoints are mounted under /api/v1/pixel/. The caller workspace is always derived from the API key; no request body or query parameter can override it.
Lists all non-deleted pixel websites in the workspace. Returns at most 1,000 rows (GL#83 cap).
Scope: pixel:read
curl https://admaxxer.com/api/v1/pixel/websites -H 'Authorization: Bearer $KEY'{ "data": [{ "id": "admx_…", "domain": "example.com", "name": "Main site", "createdAt": "2026-04-17T00:00:00Z" }], "meta": { "request_id": "req_…" } }Server-side proxy to the named analytics pipeline (GL#318). Returns pipe rows directly — no JWT minting, no second our analytics warehouse hop. Allowed pipes include the live-visitors feed, the top-pages report, the referrers report, the locations report, the devices report, the technology report, the languages report, the traffic-sources report, the funnel report, the funnel report, the goal-conversions report, the attributed-revenue report, the retention-cohort report, the sessions report, the visitor-profile report, the visitor-timeline report, the AI-traffic report, the events catalog, the tracking-health check, the metric-series report.
Scope: pixel:read · Query: website_id (optional — IDOR-checked against the API-key workspace, then forwarded to the pipe), from, to (optional date range), plus any allowlisted filter (country, device, utm_*, …).
curl 'https://admaxxer.com/api/v1/pixel/metrics/the top-pages report?website_id=admx_123&from=2026-04-01&to=2026-04-17' \
-H 'Authorization: Bearer $KEY'{
"status": "success",
"data": {
"data": [{ "path": "/pricing", "visitors": 1245, ... }, ...],
"meta": [{ "name": "path", "type": "String" }, ...],
"rows": 50,
"statistics": { "elapsed": 0.018, "rows_read": 15234, "bytes_read": 482912 },
"data_status": "ok"
},
"meta": { "request_id": "req_..." }
}Breaking change history: previous versions of this endpoint returned a short-lived our analytics warehouse JWT ({ token, pipe, workspace_id }) and expected the caller to query our analytics warehouse directly. The JWT signing secret was never registered with our analytics warehouse workspace, so every token was rejected with 401 — meaning no working integration ever existed against the old contract. URLs are unchanged; only the response body differs.
Lists configured conversion goals (name, selector, created_at).
Scope: pixel:read
Lists anomaly detection rules (metric, threshold, channel).
Scope: pixel:read
Lists scheduled email/Slack reports (cadence, recipients, last_sent_at).
Scope: pixel:read
Lists public dashboard share links (token prefix, expires_at, password-protected flag). Raw tokens are never returned.
Scope: pixel:read
Server-side-proxied query against the visitor-profile report. Returns the visitor’s session count, first/last seen, country, device, LLM engine, and recent events. Same response envelope as /pixel/metrics/{pipe}. (Pre-GL#318 this minted a JWT — same rationale as /pixel/metrics/{pipe} applies.)
Scope: pixel:read
Ingests a single event server-to-server. Routes to the correct analytics datasets based on name: pageview → pageviews, custom → your custom-goals store, payment → visitor_payments.
Scope: pixel:write
curl -X POST https://admaxxer.com/api/v1/pixel/events \
-H 'Authorization: Bearer $KEY' \
-H 'Content-Type: application/json' \
-d '{
"website_id": "admx_123",
"name": "payment",
"visitor_id": "v_abc",
"amount": 99.00,
"currency": "USD"
}'The response contains the visitor_id Admaxxer attached (either the one you supplied or a fresh UUID if omitted).
Attaches an external identifier (email, user_id) to a pixel visitor. The external id is SHA-256 hashed before being written to our analytics warehouse, so raw PII never lands in the analytics store.
Scope: pixel:write
curl -X POST https://admaxxer.com/api/v1/pixel/identify \
-H 'Authorization: Bearer $KEY' \
-H 'Content-Type: application/json' \
-d '{
"website_id": "admx_123",
"visitor_id": "v_abc",
"external_id": "jane@example.com",
"traits": { "plan": "pro" }
}'Every response (success or error) includes a meta object with a request_id for support triage:
{ "data": …, "meta": { "request_id": "req_abc123" } }Nine. All are mounted under /api/v1/pixel/ and the caller workspace is always derived from the API key — no request body or query parameter can override it.
GET /pixel/metrics/{pipe} proxy?The 20 allowlisted analytics pipes including the live-visitors feed, the top-pages report, the referrers report, the locations report, the devices report, the technology report, the languages report, the traffic-sources report, the funnel report, the funnel report, the goal-conversions report, the attributed-revenue report, the retention-cohort report, the sessions report, the visitor-profile report, the visitor-timeline report, the AI-traffic report, the events catalog, the tracking-health check, and the metric-series report. Anything else returns 400 invalid_pipe.
POST /pixel/events accept batched event arrays?No. v1 accepts a single event per call to keep the failure blast radius small. For bulk historical backfills, contact support for our analytics warehouse direct-append token, or parallelize across multiple keys per workspace within the rate-limit budget. See Rate Limits.
POST /pixel/identify handle email and phone PII?The external identifier is SHA-256 hashed on the server before being written to our analytics warehouse. Raw PII never lands in the analytics store. The original external_id echoes back in the response only for client-side reconciliation; it is not persisted.
Pre-GL#318 it returned a short-lived our analytics warehouse JWT ({ token, pipe, workspace_id }) and the caller queried our analytics warehouse directly. The JWT signing secret was never registered with our analytics warehouse workspace, so every minted token was rejected with 401 — no working integration ever existed against the old contract. URLs are unchanged; the new response body is the literal pipe payload wrapped in the standard v1 envelope.
GET /pixel/websites returns?1,000 rows per call (GL#83 cap). Workspaces with more would need pagination — none exist in production today, so pagination is not yet implemented.
Overview · Auth · Errors · Rate Limits