Ingest API overview
The Ingest API receives organization-scoped events from your application and stores them for analytics and organization health. It is designed for high-throughput, low-latency event submission.
Endpoint
POST https://receive.saastracker.eu/v1/events
Use the full ingest URL. You can also see the URL in your app settings (Settings → Applications → [App] → App settings).
Authentication
The API uses HMAC-SHA256 over the raw request body:
x-app-uuid– your application’s UUID (from app settings)x-signature–HMAC-SHA256(api_secret, raw_body)as lowercase hex
Signatures are validated server-side before any event processing. The API secret is never sent in the request; it is used only to compute the signature. See Authentication for details.
Request format
- Method: POST
- Headers:
Content-Type: application/json,x-app-uuid,x-signature - Body: One event per request – a single JSON object. The endpoint does not accept an array of events.
The request body must be valid UTF-8 JSON (no trailing commas). The signature must be computed over the exact raw body bytes as sent; any difference (e.g. whitespace, key order if you re-serialize) will cause validation to fail.
See Event schema for required and optional fields.
Plan limits and ingest
Plan limits (e.g. events per month) are enforced at the account level and do not interrupt ingest in normal operation. Ingest is decoupled from billing enforcement to avoid impacting production traffic. If you exceed limits, the system flags overage and may suggest an upgrade; events continue to be accepted and stored.
Retry strategy
- For 5xx responses, implement exponential backoff with jitter.
- Do not retry 4xx responses except for 429 (rate limit, if applicable). For 401 (invalid signature) or 404 (unknown app_uuid), fix credentials or app configuration first.
What happens after send
Events are validated, then stored in the analytics backend. Events are immutable once accepted; they cannot be updated or deleted via the API.
They appear in:
- Event stream – raw event feed
- Event explorer – queryable event data
- Dashboards – aggregated metrics (activity, pages, adoption, org health)
All data is aggregated primarily at the organization (customer_org_id) level. Data is scoped by company and app; only your app’s credentials can write to your app’s data.
Next: Authentication or Event schema.