Skip to main content

Sites

A Site authorizes browser-based event tracking. When events come from a user's browser there's no member login to authenticate the request, so each Site instead issues a public site_id and declares an allow-list of origins that may send events on its behalf. Server-side query tracking uses a bearer token and needs no Site; Sites exist specifically to make anonymous, in-browser event submission safe.

Requires ClickHouse

Sites are part of User Behavior Insights, so they are available only when ClickHouse is configured. Without it the Sites API returns 404 and the Insights navigation is hidden.

How a site authorizes events

Every event carries the site_id of the Site it belongs to, and browser submissions are accepted only from the origins on that Site's allow-list. Events that don't come from an allowed origin for a registered Site are ignored.

Registering a site

From Insights → Sites, choose Create and provide:

  • A name, unique within the deployment.
  • One or more allowed origins - the origins your events are sent from, e.g. https://shop.example.com. An origin is a scheme, host, and optional port with no path. Use a single leftmost wildcard label to cover subdomains, e.g. https://*.example.com.
  • Optionally a description and an events-per-minute cap (see Rate limiting).

On creation Releval generates the Site's public site_id. The site_id is safe to embed in client-side code - it's an identifier, not a secret. The origin allow-list, not the site_id, is what constrains who can submit events.

Rate limiting

Each Site has a per-minute event cap - 600 events per minute by default, or the events-per-minute value you set on the Site. Events beyond the cap are dropped.