# HTTP tracking API source

The HTTP Tracking API is used to track **events** from any website, application or server. The data is collected by our servers, and then processed and routed to any configured destination. It is often used for server-to-server use case.

To manage users, check instead the dedicated [User API](https://doc.commandersact.com/features/sources/sources-catalog/import-crm-users/api-users), and for products, the [Product API](https://doc.commandersact.com/features/sources/sources-catalog/import-conversions/api-conversions-and-product-catalog).

## Endpoint URL

The API's collect endpoint is available at the following URL:

```
https://collect.commander1.com/events?tc_s={siteId}&token={sourceKey}
```

HTTP method: `POST`

## Parameters

* `tc_s` (required): site id
* `token` (required): source key

{% hint style="info" %}
The source key is displayed in the settings of any [source](https://doc.commandersact.com/features/sources/overview).
{% endhint %}

## Headers

### Content type <a href="#content-type" id="content-type"></a>

The endpoint requires a `Content-Type` header set to `application/json`:

```
Content-Type: application/json
```

## Payload

The properties of the event must be provided in the request body in JSON format.

Find details on **best practices in event naming** as well as the **`event` method payload** in our [specifications](https://doc.commandersact.com/developers/tracking-and-integrations/tracking/about-events).

{% hint style="warning" %}
The format of the payload evolved on Nov. 2022. The old format will still be supported during one year. [More information here](https://doc.commandersact.com/features/sources/sources-catalog/server/http-tracking-api/http-tracking-api1_0).
{% endhint %}

{% hint style="info" %}
Timestamps must be in milliseconds (ms).
{% endhint %}

{% hint style="info" %}
`consistent_anonymous_id` corresponds to a unique identifier for a user, used on the CAX platform to identify a user. It is the equivalent of CAID cookie on a Web source.
{% endhint %}

## Errors

The endpoint returns a 200 HTTP response to all API requests. Thus, debugging should be done using the platform interface or our [config API](https://doc.commandersact.com/developers/config-api) (event inspector or event delivery API).

As an exception, a 400 HTTP code is returned in case the request is too large or the payload JSON is invalid.

## Max Request Size <a href="#max-request-size" id="max-request-size"></a>

There is a maximum of `32KB` per API request.

The `batch` API endpoint accepts a maximum of `500KB` per request, with a limit of `32KB` per event in the batch.

## Rate limit

There is no real rate limit above which the system will discard your data. But if you need to import at a rate faster than **500 requests per second**, please [contact us](mailto:support@commandersact.com) beforehand.

## Example

Example of an API request:

```
POST https://collect.commander1.com/events?tc_s=29&token=7183b9d4-1031-11ee-be56-0242ac120002
```

```json
{
  "event_name": "search",
  "search_term": "t-shirts",
  "user": {
    "id": "12345",
    "consistent_anonymous_id": "67892",
    "email": "toto@domain.fr",
    "consent_categories": [
      "1",
      "3"
    ]
  },
  "context": {
    "event_id": "202110130000000000",
    "page": {
      "title": "Search page",
      "url": "https://shop.com/search?q=...",
      "lang": "en",
      "referrer": "https://www.google.fr",
      "viewport": {
        "width": 320,
        "height": 568
      }
    },
    "device": {
      "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.86 Safari/537.36",
      "ip": "102.3.4.56",
      "lang": "fr",
      "cookie": "_fbp=123; _fbc=456; _ga=789",
      "timezone": "Europe/Paris"
    },
    "event_timestamp": "1639044446636"
  }
}
```

## OpenAPI Specification

Download OpenAPI specification:

{% file src="<https://1259070148-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-Mk6XpTQ2LaRLcr2tA-d%2Fuploads%2Fgit-blob-13e95de64d4ab4443d61f8734b3f67dc98bbf070%2Fhttp_tracking_api_spec.yaml?alt=media>" %}

## Security and Authentication

Our API operates over HTTPS, a standard for secure communication on the internet. This protocol ensures that data is encrypted and transmitted securely.

In conjunction with HTTPS, we employ an API token-based authentication system. Each created source is assigned a unique token that remains consistent across all API requests for this specific source. This design offers both security and convenience, allowing clients to manage multiple sources each with their own dedicated token. The ability for clients to create, manage, and deactivate sources at will via our interface adds an additional layer of control, ensuring that tokens can be invalidated as necessary for security or operational reasons. Our security approach is tailored to the diverse needs of our clients. We focus on providing a secure, efficient, and user-friendly experience. Our choice of HTTPS and token-based authentication aligns with our commitment to delivering robust security while ensuring ease of integration and operational flexibility for our clients. This approach is chosen over more complex systems like Mutual TLS (mTLS), OpenID Connect (OIDC), or IP filtering.

## Batch

The `batch` method lets you send a series of `event` requests in a single batch, saving on outbound requests.

There is a maximum of `500KB` per batch request and `32KB` per call.

The BATCH API's collect endpoint is available at the following URL:

<pre><code><strong>https://collect.commander1.com/events/batch?tc_s={siteId}&#x26;token={sourceKey}
</strong></code></pre>

### Batch Example

Example of an API request:

```
POST https://collect.commander1.com/events/batch?tc_s=29&token=7183b9d4-1031-11ee-be56-0242ac120002
```

<pre class="language-json"><code class="lang-json"><strong>{
</strong>  "batch": [
      {
        "event_name": "add_payment_info",
        "payment_method": "card",
        "revenue": 16.00,
        "value": 22.53,
        "currency": "EUR",
        "user": {
            "id": "12345",
            "consistent_anonymous_id": "67892",
            "consent_categories": [1,3]
        },
        "context": {
          "event_id": "202210310000000000",
          "page": {},
          "device": {}
        },
        "event_timestamp": "1639044446636"
<strong>      },
</strong>      {
        "event_name": "generate_lead",
        "method": "LinkedIn",
        "user": {
            "consistent_anonymous_id": "5689865"
            "consent_categories": [1,2,3]
        },
        "context": {
          "event_id": "202210180000000000",
          "page": {},
          "device": {}
        },
        "event_timestamp": "1639094446633"
      }
  ]
}
</code></pre>