{"__v":21,"_id":"57202967a0acd42000af9668","category":{"__v":0,"_id":"5719767ec863120e0012a045","project":"56008ba98c0c9d0d00dcaeb0","version":"5719767ec863120e0012a042","sync":{"url":"","isSync":false},"reference":true,"createdAt":"2016-01-25T21:10:29.130Z","from_sync":false,"order":0,"slug":"api","title":"API Documentation"},"parentDoc":null,"project":"56008ba98c0c9d0d00dcaeb0","user":"56008b651503430d007cc929","version":{"__v":4,"_id":"5719767ec863120e0012a042","hasDoc":true,"hasReference":true,"project":"56008ba98c0c9d0d00dcaeb0","createdAt":"2016-04-22T00:55:26.295Z","releaseDate":"2016-04-22T00:55:26.295Z","categories":["5719767ec863120e0012a043","5719767ec863120e0012a044","5719767ec863120e0012a045","5719767ec863120e0012a046","5719767ec863120e0012a047","5719767ec863120e0012a048","5719767ec863120e0012a049","57f45a18da14e71700d12e4a","582b71b15403840f008c0410","58c060cf3eee111b00a8b210"],"is_deprecated":false,"is_hidden":false,"is_beta":true,"is_stable":true,"codename":"","version_clean":"2.0.0","version":"2.0"},"updates":[],"next":{"pages":[],"description":""},"createdAt":"2016-04-27T02:52:23.243Z","link_external":false,"link_url":"","githubsync":"","sync_unique":"","hidden":false,"api":{"results":{"codes":[]},"settings":"","auth":"required","params":[],"url":""},"isReference":true,"order":7,"body":"We've created a JavaScript library which will help you track activity on your website better. It can be used when people are logged out, logged in, or both.\n\nYou're off to a great start when you use one of our SDKs to send tracking events server-side. By using JavaScript we can get details which are inaccessible to the server. It's a bit like Google Analytic's tracking pixel: we grab a few extra details about the persons browser, and send them to our API. Things like screen dimensions, what plugins they have installed, and so on. It helps us build a better picture of good and bad behaviour.\n\nWe also add a cookie to your user's browser, so that we can identify them between requests.\n[block:api-header]\n{\n  \"type\": \"basic\",\n  \"title\": \"Adding our JavaScript to your site\"\n}\n[/block]\nAt the bottom of your pages, add the following code snippet:\n\n```\n<script type=\"text/javascript\">\n  window.thisdata=window.thisdata||[],thisdata.load=function(a){if(!(\"ThisData\"in window||window.thisdata.loading)){window.thisdata.loading=!0,window.thisdata.options=a;var b=document.createElement(\"script\");b.src=\"https://thisdata.com/js/thisdata-LATEST.js\",b.async=!0;var c=document.getElementsByTagName(\"script\")[0];c.parentNode.insertBefore(b,c)}};\n\n  thisdata.load({\"apiKey\" : \"YOUR JAVASCRIPT WRITE KEY HERE\"});\n</script>\n```\n\nEasy peasy!\n\nThis Javascript loads and executes asynchronously, so that your page load times are unaffected.\n[block:api-header]\n{\n  \"type\": \"basic\",\n  \"title\": \"Where should I add it?\"\n}\n[/block]\nWe recommend adding this Javascript to the following pages:\n\n  * Log In page\n  * Sign Up page\n  * Forgotten Password page\n  * Reset Password page\n  * Any higher-risk action pages\n[block:api-header]\n{\n  \"type\": \"basic\",\n  \"title\": \"Sending tamper-proof parameters\"\n}\n[/block]\nIf you want to specify a user id, or other tamper proof attributes, you need to do it with signed params. This allows us to confirm that the signed attributes have not been edited by someone, and are really from you. \n\nThe signature is derived from the attributes you want to send, and your javascript secret. More technically, it's a *sha256* digest of a JSON string using your Javascript Secret as the key.\n\nYour Javascript Secret can be found and set in your API settings page.\n\nSee the following examples for how to do this in your language\n\n[.Net Example](https://thisdata.com/blog/how-to-securely-sign-parameters-in-net/)\n[Ruby on Rails Example](https://thisdata.com/blog/how-to-sign-javascript-parameters-in-ruby-on-rails/)\n[Node + Express Example](https://thisdata.com/blog/using-thisdata-with-node-express-and-passport/)\n[Pretty much all other languages check here](https://gist.github.com/thewheat/7342c76ade46e7322c3e)\n[block:api-header]\n{\n  \"type\": \"basic\",\n  \"title\": \"What is the Javascript Write Key\"\n}\n[/block]\nThe Javascript Write Key is how your javascript tracking code identifies itself to ThisData. It's like your regular API key, except this one will be visible to anyone who views the source of your page.\nFor this reason we keep them seperate. Your API Key is secret, your Javascript Write key is not secret.\n\nYou can find your Javascript Write Key on the API Settings page. If you think someone is misusing your javascript write key, you can regenerate it.","excerpt":"Learn about our JavaScript library, which gives you more insight into your website's visitors","slug":"better-tracking-using-javascript","type":"basic","title":"JavaScript Tracking Code"}

JavaScript Tracking Code

Learn about our JavaScript library, which gives you more insight into your website's visitors

We've created a JavaScript library which will help you track activity on your website better. It can be used when people are logged out, logged in, or both. You're off to a great start when you use one of our SDKs to send tracking events server-side. By using JavaScript we can get details which are inaccessible to the server. It's a bit like Google Analytic's tracking pixel: we grab a few extra details about the persons browser, and send them to our API. Things like screen dimensions, what plugins they have installed, and so on. It helps us build a better picture of good and bad behaviour. We also add a cookie to your user's browser, so that we can identify them between requests. [block:api-header] { "type": "basic", "title": "Adding our JavaScript to your site" } [/block] At the bottom of your pages, add the following code snippet: ``` <script type="text/javascript"> window.thisdata=window.thisdata||[],thisdata.load=function(a){if(!("ThisData"in window||window.thisdata.loading)){window.thisdata.loading=!0,window.thisdata.options=a;var b=document.createElement("script");b.src="https://thisdata.com/js/thisdata-LATEST.js",b.async=!0;var c=document.getElementsByTagName("script")[0];c.parentNode.insertBefore(b,c)}}; thisdata.load({"apiKey" : "YOUR JAVASCRIPT WRITE KEY HERE"}); </script> ``` Easy peasy! This Javascript loads and executes asynchronously, so that your page load times are unaffected. [block:api-header] { "type": "basic", "title": "Where should I add it?" } [/block] We recommend adding this Javascript to the following pages: * Log In page * Sign Up page * Forgotten Password page * Reset Password page * Any higher-risk action pages [block:api-header] { "type": "basic", "title": "Sending tamper-proof parameters" } [/block] If you want to specify a user id, or other tamper proof attributes, you need to do it with signed params. This allows us to confirm that the signed attributes have not been edited by someone, and are really from you. The signature is derived from the attributes you want to send, and your javascript secret. More technically, it's a *sha256* digest of a JSON string using your Javascript Secret as the key. Your Javascript Secret can be found and set in your API settings page. See the following examples for how to do this in your language [.Net Example](https://thisdata.com/blog/how-to-securely-sign-parameters-in-net/) [Ruby on Rails Example](https://thisdata.com/blog/how-to-sign-javascript-parameters-in-ruby-on-rails/) [Node + Express Example](https://thisdata.com/blog/using-thisdata-with-node-express-and-passport/) [Pretty much all other languages check here](https://gist.github.com/thewheat/7342c76ade46e7322c3e) [block:api-header] { "type": "basic", "title": "What is the Javascript Write Key" } [/block] The Javascript Write Key is how your javascript tracking code identifies itself to ThisData. It's like your regular API key, except this one will be visible to anyone who views the source of your page. For this reason we keep them seperate. Your API Key is secret, your Javascript Write key is not secret. You can find your Javascript Write Key on the API Settings page. If you think someone is misusing your javascript write key, you can regenerate it.