Developers
Stats API & API keys
Authenticate with a personal access token and read your stats programmatically.
The Stats API gives you programmatic, read-only access to your workspace's numbers — build status pages, internal dashboards, README badges, or pipe stats into your own tooling.
Get a key
Generate an API key in Settings → API keys (workspace owner only). The plaintext key is shown ONCE at creation — store it in your secret manager. Keys are scoped to a single workspace, are read-only, and can be revoked instantly.
Authentication
Pass the key as a Bearer token on every request:
curl http://localhost:3000/api/v1/stats \ -H "Authorization: Bearer dw_live_…"
GET /api/v1/stats
Workspace-wide totals plus a list of your sites. No query parameters — the key itself selects the workspace.
{
"sites": [
{ "id": "…", "name": "example.com", "domain": "example.com", "status": "active" }
],
"totals": {
"visitors": 1280,
"pageviews": 4310,
"counter_views": 9120,
"form_submissions": 64
}
}Response fields
- sites[] — every site in the workspace: id (UUID), name, domain, status (pending | active | paused).
- totals.visitors (number) — all-time unique visitors summed across sites (daily-salted hashes; privacy-safe).
- totals.pageviews (number) — all-time page views across sites.
- totals.counter_views (number) — lifetime total across all view counters.
- totals.form_submissions (number) — all-time stored submissions across all forms.
Errors
- 401 { "error": "Invalid or missing API key…" } — bad/revoked key or missing Authorization header.
- Any other non-200 — treat as transient and retry with backoff.
CORS & usage
The endpoint allows cross-origin GETs, but never ship dw_live_ keys in browser code — anyone can read them there. Call it from your server (or a serverless function) and forward what you need to the client. Last-used time per key is visible in Settings.
Public alternatives (no key needed)
- Counter JSON: GET https://cdn.devlune.in/counter/<COUNTER_ID> → { total, unique } — safe for client-side fetches.
- SVG badge: https://cdn.devlune.in/badge/<COUNTER_ID>.svg — zero-JS image for READMEs.
- Public stats page — opt-in per site (Sites → Public stats), shareable read-only dashboard.
Key storage
We store only a SHA-256 hash of each key — never the plaintext. If a key leaks, revoke it instantly from Settings; revocation is immediate. Use a separate key per integration so you can rotate them independently.
