Developers

Stats API & API keys

Authenticate with a personal access token and read your stats programmatically.

The Stats API gives you programmatic, read-only access to your workspace's numbers — build status pages, internal dashboards, README badges, or pipe stats into your own tooling.

Get a key

Generate an API key in Settings → API keys (workspace owner only). The plaintext key is shown ONCE at creation — store it in your secret manager. Keys are scoped to a single workspace, are read-only, and can be revoked instantly.

Authentication

Pass the key as a Bearer token on every request:

curl http://localhost:3000/api/v1/stats \
  -H "Authorization: Bearer dw_live_…"

GET /api/v1/stats

Workspace-wide totals plus a list of your sites. No query parameters — the key itself selects the workspace.

{
  "sites": [
    { "id": "…", "name": "example.com", "domain": "example.com", "status": "active" }
  ],
  "totals": {
    "visitors": 1280,
    "pageviews": 4310,
    "counter_views": 9120,
    "form_submissions": 64
  }
}

Response fields

  • sites[] — every site in the workspace: id (UUID), name, domain, status (pending | active | paused).
  • totals.visitors (number) — all-time unique visitors summed across sites (daily-salted hashes; privacy-safe).
  • totals.pageviews (number) — all-time page views across sites.
  • totals.counter_views (number) — lifetime total across all view counters.
  • totals.form_submissions (number) — all-time stored submissions across all forms.

Errors

  • 401 { "error": "Invalid or missing API key…" } — bad/revoked key or missing Authorization header.
  • Any other non-200 — treat as transient and retry with backoff.

CORS & usage

The endpoint allows cross-origin GETs, but never ship dw_live_ keys in browser code — anyone can read them there. Call it from your server (or a serverless function) and forward what you need to the client. Last-used time per key is visible in Settings.

Public alternatives (no key needed)

  • Counter JSON: GET https://cdn.devlune.in/counter/<COUNTER_ID> → { total, unique } — safe for client-side fetches.
  • SVG badge: https://cdn.devlune.in/badge/<COUNTER_ID>.svg — zero-JS image for READMEs.
  • Public stats page — opt-in per site (Sites → Public stats), shareable read-only dashboard.

Key storage

We store only a SHA-256 hash of each key — never the plaintext. If a key leaks, revoke it instantly from Settings; revocation is immediate. Use a separate key per integration so you can rotate them independently.