API reference
Every XTRACKER ingress endpoint in one place: POST /events, /bind, /clicks and GET /e, /bind — auth, parameters, and responses.
The complete ingress surface. Base URL: https://xtracker.cc.
Authentication
Two credentials, both per-space, from the API keys page:
- Bearer —
Authorization: Bearer <secret>for allPOSTendpoints. Server-side only. - Ingest token —
?token=<secret>for header-lessGETendpoints (postbacks).
Rotation keeps the previous secret valid for 24h so you can swap without downtime.
POST /events
Record a canonical event.
Body (JSON):
| Field | Type | Notes |
|---|---|---|
event |
string, required | contact / subscribed / registration / deposit |
uid |
string | the click id; optional but recommended |
value |
string/number | deposit amount |
currency |
string | defaults to USD |
eid |
string | external id for time-independent dedup |
occurred_at_ms |
int | epoch ms; defaults to receive time |
curl -X POST https://xtracker.cc/events \
-H "Authorization: Bearer <BEARER>" -H "Content-Type: application/json" \
-d '{"uid":"abc","event":"deposit","value":"25.00","currency":"USD","eid":"tx-1"}'
Response: {"ok": true, "status": "queued" | "duplicate", "inbox_id": "…"}
POST /bind
Bind a click uid to a Telegram user id (compare-and-set; safe to retry).
curl -X POST https://xtracker.cc/bind \
-H "Authorization: Bearer <BEARER>" -H "Content-Type: application/json" \
-d '{"uid":"abc","tg_id":555123}'
Response: {"ok": true, "matched": true} — matched is true when a click with that uid exists in the space.
POST /clicks
Back-fill a click and get a uid (only when the click didn't come from the tracker's own landing).
Body: link_slug, fbclid, campaign_name, raw_query (all optional).
Response: {"uid": "…"}
GET /e
Header-less event ingest — for postbacks. Same effect as POST /events.
Query: token (required), event (required), uid, value, currency, eid, t (epoch ms, optional → receive time).
https://xtracker.cc/e?token=<INGEST_TOKEN>&event=deposit&uid=abc&value=25¤cy=USD&eid=tx-1
Response: {"ok": true, "status": "queued" | "duplicate"} (or invalid_event / invalid_value / invalid_time).
GET /bind
Header-less bind.
https://xtracker.cc/bind?token=<INGEST_TOKEN>&uid=abc&tg=555123
Response: {"ok": true, "matched": true}
Status values
| Status | Meaning |
|---|---|
queued |
accepted, new |
duplicate |
deduped — also a success |
invalid_event |
not one of the four canonicals |
invalid_value |
value wasn't numeric |
invalid_time |
supplied t implausible |
Next
- Integration guide — the narrative version with a Python client.
- Idempotency — how
queuedvsduplicateis decided.
Keep reading
How to find and fix the leak in your funnel
A practical walkthrough: use the funnel breakdown and conversion gauge to pinpoint exactly where users drop off, form a hypothesis, fix one thing, and measure the lift.
PlaybookKeep your finger on the pulse: real-time conversion monitoring
A live dashboard isn't a vanity metric — it's an early-warning system. Here's how watching conversions in real time catches broken funnels and dead campaigns before they burn your budget.
PlaybookSame budget, more deposits: optimizing creatives with per-link data
Clicks lie. Deposits don't. Use per-link attribution to see which creative actually drives revenue — then move spend to the winner and kill the losers.