Ingestion
Datafly Signal’s ingestion layer is the entry point for all event data. It receives events from multiple sources, validates authentication, enriches the payload with identity data, and hands each event onward for processing.
How It Works
Every event — regardless of how it arrives — is normalised into a canonical event envelope before it moves on. This means downstream processing and vendor delivery never need to care about how the event was collected.
Input Methods
Datafly Signal supports five methods of ingesting events:
| Method | Endpoint | Authentication | Use Case |
|---|---|---|---|
| Browser (Datafly.js) | POST /v1/t, /v1/p, /v1/i, /v1/g | Pipeline key | Standard website/app tracking |
| Server-Side | POST /v1/events | HMAC-SHA256 | Backend event submission |
| Batch | POST /v1/batch | HMAC or pipeline key | Bulk imports, historical backfills |
| Tracking Pixel | GET /v1/pixel/{type} | Pipeline key (query param) | Email opens, no-JS environments |
| Webhook | POST /v1/webhook | Per-source signature | Third-party service events |
Key Capabilities
Pipeline Key Validation
Every request is authenticated via a pipeline key (dk_...). Invalid or revoked keys are rejected with a 401 Unauthorized response.
Anonymous Identity
On browser requests, Signal sets a first-party cookie carrying a stable anonymous identifier:
- httpOnly — not accessible to client-side JavaScript
- Secure — only sent over HTTPS
- SameSite=Lax — prevents CSRF while allowing top-level navigations
- 2-year TTL — persistent anonymous identity across sessions
This cookie serves as the anonymous identifier for the visitor, providing consistent identity without relying on third-party cookies.
Vendor identifiers
Signal provisions vendor-specific first-party identifiers on the customer’s own subdomain so they remain durable across browser sessions and aren’t lost to ad-blocker rules. Supported vendor coverage is shown in the Integrations catalog.
Click ID Capture
Advertising click IDs are automatically captured from URL query parameters and included in the event payload:
| Parameter | Vendor |
|---|---|
gclid | Google Ads |
fbclid | Meta / Facebook |
ttclid | TikTok |
li_fat_id | |
ScCid | Snapchat |
epik | |
tduid | The Trade Desk |
CORS Handling
Browser-based endpoints respond to OPTIONS preflight requests and include the appropriate Access-Control-Allow-* headers. The allowed origins are derived from the source configuration for each pipeline key.
Sections
- HTTP Endpoints — Browser-facing event collection endpoints used by Datafly.js
- Server-Side Events — Server-to-server event submission with HMAC authentication
- Batch API — Submit multiple events in a single request
- Tracking Pixel — 1x1 transparent GIF for email and no-JS tracking
- Webhooks — Accept events from third-party services