Skip to main content
All server APIs require: 
X-API-Key: YOUR_SITE_API_KEY

Scope Rules

  • Keys are site-scoped.
  • site_id in payload must match key’s authorized site.
  • Unauthorized site mismatch returns 403.

Key Management

  • Generate/revoke in Dashboard: Integrations -> Conversion Tracking -> Script/API -> API tab
  • Store keys in backend secrets only
  • Rotate keys periodically