Server-Side Tracking

Analytics from your
backend, not the browser

Q: Can I send events with custom properties?

Yes. The POST /api/v1/collect/event endpoint accepts a props field containing any key-value object up to 4 KB. You can include revenue figures, plan names, user roles, or any metadata relevant to your business without it containing personal data.

Q: Can I backfill historical data with a custom timestamp?

Yes. Both the pageview and event endpoints accept an optional timestamp field as a Unix timestamp in seconds. When provided, the pageview or event is recorded at that time rather than the current server time, allowing you to import or backfill historical data.

Q: Is server-side tracking GDPR compliant?

Yes. The same privacy guarantees that apply to the browser JavaScript snippet apply to the server-side API. No personal data is stored, no IP addresses are retained, no cookies are used, and visitor identity is represented only by an anonymous daily-rotating hash. No cookie consent banner is required.

Send pageviews and custom events directly from your server using a single HTTP request. Track SSR pages, API routes, queue jobs, and any backend context where a JavaScript snippet cannot run. The same privacy guarantees apply: no IP addresses are stored, no cookies are set, and every visitor is identified by an anonymous daily-rotating hash.

Get started free View API reference

Track every page, including the ones the browser never sees

The GhostlyX JavaScript snippet works well for traditional client-rendered pages. But modern applications serve a significant share of their traffic server-side: Next.js and Nuxt SSR pages render on the server before the browser loads, API routes return JSON rather than HTML, and background jobs process actions with no HTTP response at all.

Server-side tracking fills that gap. You send a POST request from your application code with the URL, pathname, and optional visitor context. GhostlyX processes it through the same privacy pipeline as the browser script and records it to your dashboard.

Pageviews recorded server-side appear alongside browser-recorded pageviews in the same dashboard with no distinction. Sessions, bounce rates, and geo data all behave identically.

SSR framework pages

Track every page load from Next.js, Nuxt, SvelteKit, Laravel Blade, and any other server-rendered framework by sending a beacon at render time.

API route tracking

Record hits to your REST or GraphQL API endpoints. Understand which routes are used most and track error rates alongside traffic volume.

Background job events

Fire a custom event from a queue job, a webhook handler, or a cron task. Track imports, exports, subscription renewals, and any business event that happens outside the browser.

Timestamp backfilling

Pass a Unix timestamp to record a pageview or event at a historical time. Useful for importing data from another analytics platform or replaying events after an outage.

Custom event props

Attach key-value metadata to any event: revenue amounts, plan names, user roles, or feature flags. Props are stored as JSON and queryable from the dashboard.

Scoped write tokens

Server-side beacons are authenticated with API tokens scoped to the collect:write ability. Tokens are revocable at any time from your account settings.

Privacy

The same privacy guarantees as the browser script

Server-side tracking does not change the privacy model. Every field passes through the same anonymisation pipeline used by the JavaScript snippet.

IP addresses are never stored

The IP you pass in the request is held in memory for two operations: computing the visitor hash and resolving a geo location. Once both are done, the address is discarded. It is never written to any table, log, or file.

Anonymous daily-rotating hash

Visitor identity is a SHA-256 hash of the IP, User-Agent, site ID, and today's date. The hash changes every 24 hours, making cross-day re-identification cryptographically infeasible. No cookies or persistent identifiers are involved.

No consent banner required

Because no personal data is collected and no cookies are set, GDPR, CCPA, and PECR do not require a consent banner for analytics data collected via the server-side API. This applies to both the pageview and event endpoints.

What developers track with server-side analytics

Next.js and Nuxt SSR

Call the pageview endpoint inside getServerSideProps, a React Server Component, or a Nuxt server route. Every rendered page is tracked even if the visitor has JavaScript disabled or uses an ad blocker.

Laravel and Rails backends

Drop a single HTTP call into a middleware or after-hook to record every page request from your server-rendered application. Works with any framework that can make an outbound HTTP request.

SaaS conversion events

Fire a Purchase or Subscription Created event from your payment webhook handler the moment Stripe confirms a charge. Revenue data lands in your analytics the instant it is confirmed, not when a thank-you page loads.

API usage analytics

Instrument your public or private API to track which endpoints are called, how often, and from which geographic regions. Build a real-time picture of API adoption without server logs.

Import from another platform

Use the timestamp field to replay historical pageviews from a CSV export of another analytics provider. Migrate to GhostlyX without losing your historical data.

Offline and queued processing

Record events from background jobs, cron tasks, and import pipelines. Track file exports, email sends, and data processing milestones that have no visible frontend.

Frequently asked questions

What is server-side tracking in web analytics?

Server-side tracking is a method of recording pageviews and events by sending data directly from your backend server to an analytics API, rather than relying on a JavaScript snippet in the browser. It is used to track pages rendered server-side, API routes, and any backend context where a browser does not execute JavaScript.

Does GhostlyX server-side tracking store IP addresses?

No. The IP address you pass in the request is used in memory only to resolve a country and city and to compute an anonymous visitor hash. It is never written to any database table, log file, or storage system. Once those two operations complete, the address is discarded.

How does GhostlyX anonymise visitors without cookies?

GhostlyX generates a daily-rotating visitor hash using SHA-256(ip + user_agent + site_id + date). The hash changes every 24 hours, making cross-day re-identification cryptographically infeasible. No cookies are set, no fingerprinting is performed, and no persistent identifier is ever created.

Which plans include server-side tracking?

Server-side tracking is available on the Business plan and above. It uses the same API token system as the REST API. You can create a token with the collect:write ability from your account settings.

Can I send events with custom properties?

Yes. The event endpoint accepts a props field containing any key-value object up to 4 KB. You can include revenue figures, plan names, user roles, or any metadata relevant to your business.

Can I backfill historical data with a custom timestamp?

Yes. Both endpoints accept an optional timestamp field as a Unix timestamp in seconds. When provided, the record is stored at that time rather than the current server time.

Is server-side tracking GDPR compliant?

Yes. No personal data is stored, no IP addresses are retained, no cookies are used, and visitor identity is represented only by an anonymous daily-rotating hash. No cookie consent banner is required.

Track everything, not just what the browser sees

Get started free and get your server-side tracking token in under five minutes.