Skip to content

API Reference

MikroAnalytics exposes a small ingestion and reporting API. The OpenAPI document is available at /openapi.json.

MethodPathPurpose
GET/Dashboard app.
GET/m.jsBrowser tracker.
GET/config.jsonBrowser runtime config and public auth routes.
GET/healthService health.
GET/openapi.jsonOpenAPI 3.1 document.
POST/api/collectIngests pageviews and custom events.
MethodPathPurpose
GET/api/auth/meReturns current dashboard session.
POST/api/auth/magic-linkAccepts a sign-in link request without revealing whether the email is allowed.
POST/api/auth/verifyVerifies a magic-link token and sets the session cookie.
POST/api/auth/logoutClears the session cookie.

These require either the HttpOnly dashboard session cookie or an Authorization: Bearer ... admin token.

MethodPathPurpose
GET/api/sitesLists dashboard-managed sites and script snippets.
POST/api/sitesCreates a site.
PUT/api/sites/:idUpdates a site.
DELETE/api/sites/:idDeletes a site and its stored analytics data.
GET/api/report?site=site_marketing&days=30Returns aggregate analytics report.
GET/api/collect-attempts?site=site_marketingReturns recent in-memory collect attempts for install checks.
POST/api/cleanupDeletes expired aggregate and raw debug records.
{
"site": "site_marketing",
"kind": "event",
"event": "signup",
"host": "example.com",
"path": "/pricing",
"referrer": "https://search.example/results",
"campaign": {
"utm_source": "newsletter",
"utm_medium": "email",
"utm_campaign": "launch"
},
"properties": {
"plan": "team"
}
}

The collect endpoint returns 202 for accepted and privacy-ignored requests. Privacy-ignored requests include a reason such as privacy_signal, unknown_site, or host_not_allowed.

{
"id": "site_marketing",
"name": "Marketing site",
"domains": ["example.com", "www.example.com"],
"allowedEventProperties": ["plan", "source"]
}

GET /api/report returns:

  • totals for pageviews, events, and daily unique estimates,
  • comparison with the previous same-length period and percentage deltas,
  • series with daily points,
  • top pages,
  • top events,
  • top referrers,
  • top campaigns,
  • top browsers,
  • top os,
  • top devices,
  • optional top countries.

GET /api/collect-attempts returns the latest accepted or ignored collect attempts held in server memory. This is meant for setup diagnostics, not durable analytics history. The response includes accepted, reason, siteId, host, path, kind, eventName, and timestamp.

Terminal window
curl \
-H "Authorization: Bearer $MIKROANALYTICS_ADMIN_TOKEN" \
"https://analytics.example.com/api/report?site=site_marketing&days=30"

Use /openapi.json for generated clients or operational documentation.