Hacker News new | ask | show | jobs
by marvinblum 1954 days ago
I've found the same issue. A lot of traffic will get blocked if you use a simple JavaScript integration. The solution is (obviously) to track from the backend and provide a simple dashboard for it. I've started building a library [0] written in Go, which I could integrate into my website and until the end of last year, it became a product (in beta right now) called Pirsch [1]. We offer a JS integration to onboard customers more easily, but one of the main reasons we build it is, that you can use it from your backend through our API [2]. We plan to add more SDKs and plugins (Wordpress, ...) to make the integration easier, but it should be fairly simple already.

I would love to hear feedback, as we plan to fully release it soon :)

[0] https://github.com/pirsch-analytics/pirsch

[1] https://pirsch.io/

[2] https://docs.pirsch.io/get-started/backend-integration/

[Edit]

I forgot to mention my website, which I initially created Pirsch for. The article I wrote about the issue and my solution is here: https://marvinblum.de/blog/server-side-tracking-without-cook...
1 comments
fatsdomino001 1954 days ago
Is it possible to integrate pirsch into a heroku deployment?
link
marvinblum 1954 days ago
I haven't worked with heroku yet, but if you can make an API request, yes. You can read about how that works here: https://docs.pirsch.io/api-sdks/api/
link
fatsdomino001 1954 days ago
Looks very interesting.

Yeah I mean, I'm just running a django site, so I imagine I could add a custom middleware that makes an API request on every page load. I guess it would have to try and see if the access token is expired first? and if so grab a new one then make the hit. Is that the recommended setup?

Would I be able to pass extra information to be included in the logs, like e.g. username?

Also, I know you have good privacy policies, but still sending this information through a request makes me nervous nevertheless, even though it's of course miles better than js-based solutions. But what are your thoughts on how possible is it for these requests to be intercepted and this logged data siphoned off by someone else?

link
marvinblum 1954 days ago
> I guess it would have to try and see if the access token is expired first? and if so grab a new one then make the hit. Is that the recommended setup?

Exactly. The token expires after 15 minutes, so you need to check the response and issue a new token should it have expired. You can read our docs on how to do that or take a look at our Go SDK [0] and re-implement it in Python. Unfortunately, I don't have enough time to provide one right now.

> Would I be able to pass extra information to be included in the logs, like e.g. username?

That's not possible right now, but you will be able to send custom events in the future.

> But what are your thoughts on how possible is it for these requests to be intercepted and this logged data siphoned off by someone else?

Highly unlikely. All traffic is SSL encrypted, the internal communication of our server cluster is encrypted, the database, ... I mean, software can always be hacked, but I spend a lot of my time on infrastructure and security.

[0] https://github.com/pirsch-analytics/pirsch-go-sdk/blob/maste...

link