Sites
A Site authorizes browser-based event tracking.
When events come from a user's browser there's no member login to authenticate the request, so
each Site instead issues a public site_id and declares an allow-list of origins that
may send events on its behalf. Server-side query tracking
uses a bearer token and needs no Site; Sites exist specifically to make anonymous, in-browser
event submission safe.
Sites are part of User Behavior Insights, so they are available
only when ClickHouse is configured. Without it the
Sites API returns 404 and the Insights navigation is hidden.
How a site authorizes events
Every event carries the site_id of the Site it belongs to, and browser submissions are accepted
only from the origins on that Site's allow-list. Events that don't come from an allowed origin for a
registered Site are ignored.
Registering a site
From Insights → Sites, choose Create and provide:
- A name, unique within the deployment.
- One or more allowed origins - the origins your events are sent from, e.g.
https://shop.example.com. An origin is a scheme, host, and optional port with no path. Use a single leftmost wildcard label to cover subdomains, e.g.https://*.example.com. - Optionally a description and an events-per-minute cap (see Rate limiting).
On creation Releval generates the Site's public site_id. The site_id is safe to embed in
client-side code - it's an identifier, not a secret. The origin allow-list, not the site_id, is
what constrains who can submit events.
Rate limiting
Each Site has a per-minute event cap - 600 events per minute by default, or the events-per-minute value you set on the Site. Events beyond the cap are dropped.