Core Fields
| Field | Required | Description |
|---|---|---|
site_id | Yes | Tracking site identifier |
event_id | No | UUID for dedupe (auto-generated if omitted) |
event_time | No | Event timestamp (defaults to now) |
scan_session_id | No | Links event to QR scan session |
consent | No | granted, denied, pending |
Browser Event Fields (/collect)
| Field | Required | Notes |
|---|---|---|
event_type | Yes | Example: pageview, click, form_submit |
page_url | No | Current URL |
page_title | No | Page title |
referrer | No | Referrer URL |
device | No | Browser/device context |
metadata | No | Max 10KB, max depth 5, no raw emails |
Server Event Fields (/server-events)
| Field | Required | Notes |
|---|---|---|
event_name | Yes | Example: purchase, signup, lead |
user_identifiers | No | Hashed IDs (email_hash, phone_hash, external_id) |
conversion_value | No | amount + currency |
properties | No | Max 10KB, no raw emails |
Idempotency and Dedupe
- Prefer sending a stable
event_idfrom your backend. - Re-sending the same
event_idhelps prevent duplicate counting downstream.
Privacy Guardrails
- Do not send raw emails in browser metadata or server properties.
- Send hashed identifiers in
user_identifiersfor server events.