Skip to content
trackrift

Documentation

SDK

Installation

Universal script, npm package, monorepo setup, and environment variables.

AI brief: Install via script tag <script async src="https://api.trackrift.com/v1/u.js?id=YOUR_PUBLIC_ID"></script> OR npm i @trackrift/sdk. Init with endpoint https://api.trackrift.com and publicId YOUR_PUBLIC_ID from dashboard. Never commit server ingest tokens.

Option A — Universal script (recommended)

Paste in <head> or GTM. No build step. Autocapture and page_view enabled by default. Updates to SDK logic ship server-side via u.js without redeploying your site.

head.html
<script async src="https://api.trackrift.com/v1/u.js?id=YOUR_PUBLIC_ID"></script>

Option B — npm / bundler

bash
npm install @trackrift/sdk
# Optional peers for framework wrappers:
# npm install react@^18 next@^13
init.ts
import { tracker } from '@trackrift/sdk';

tracker.init({
  endpoint: import.meta.env.VITE_TRACKRIFT_ENDPOINT ?? 'https://api.trackrift.com',
  publicId: import.meta.env.VITE_TRACKRIFT_PUBLIC_ID ?? 'YOUR_PUBLIC_ID',
  debug: import.meta.env.DEV,
});

Environment variables

VariableScopeExample
VITE_TRACKRIFT_PUBLIC_IDClient (Vite)pub_abc123…
VITE_TRACKRIFT_ENDPOINTClient{{ENDPOINT}}
TRACKRIFT_COLLECTOR_URLServer only{{ENDPOINT}}
SERVER_INGEST_TOKENServer only — secrettrk_live_…

Option C — Global bundle (sdk.js)

For WordPress, Webflow, or legacy PHP sites without a bundler. See Global bundle for data-* attributes.

Allowed origins

Configure domains in Settings → Tracking. Empty list = permissive (any origin). Production marketing sites should restrict origins to prevent third-party sites from sending events with your public_id.

Content Security Policy

Allow script-src and connect-src to your collector host (api.trackrift.com or CNAME). Example: connect-src https://api.trackrift.com https://t.yourdomain.com;