Analytics & Tracking Integrations
En bref
Analytics & Tracking Integrations gives every tenant a privacy-first analytics stack — Plausible (cloud or self-hosted) and Umami as cookie-free defaults, optional Google Analytics 4 gated strictly on cookie consent, PostHog for product analytics, feature flags, and funnel analysis, and a per-tenant CookieConsentConfig that drives the consent banner across four standard categories, integrates with the existing CookieConsentRecord, and honours Do Not Track signals out of the box.
Comment ça fonctionne
PlausibleConfig holds Key Vault credential refs (api_key_ref), site_id, instance_url (cloud or self-hosted), enable_custom_events, enable_revenue_tracking, allowed_domains, and AnalyticsUsageMetrics; AnalyticsEvent is a shared collection across providers with config_id, provider, event_name, event_properties, user_id, anonymous_id, page_url, referrer, user_agent, and idempotency_key. POST /analytics/plausible/events/ ships events via the Plausible Events API — fully GDPR-compliant and cookie-free. UmamiConfig is the self-hosted alternative with credentials (api_key_ref, username_ref, password_ref), instance_url, website_id, share_url, enable_custom_events, and track_outbound_links; events flow through POST /analytics/umami/events/ to the Umami Collect API, also cookie-free.
GA4Config carries measurement_id, api_secret_ref, optional service_account_json_ref for server-side calls, property_id, data_stream_id, require_cookie_consent (default true), anonymize_ip, enable_enhanced_measurement, enable_ecommerce, debug_mode, and usage; POST /analytics/ga4/events/ uses the GA4 Measurement Protocol with client_id, but the integration refuses to fire until a CookieConsentRecord with the analytics category exists for the visitor. CookieConsentConfig is the per-tenant control panel — a ConsentBannerConfig (position, style, primary/background/text colors, show_reject_all, show_preferences), four ConsentCategoryConfig blocks (necessary, functional, analytics, marketing) with enabled/required/default_accepted/display_name/description/cookie_names, privacy_policy_url, cookie_policy_url, consent_expiry_days (1–730), geo_targeting_enabled, and respect_do_not_track. The config integrates with the existing CookieConsentRecord (privacy.py) so individual visitor decisions are persisted, scoped per category, and revisited on expiry.
PostHog rounds out the stack with event tracking for product analytics, feature flags, and funnel analysis under per-tenant configuration so federations can experiment safely.
Capacités clés
- Plausible (cloud or self-hosted) cookie-free analytics with custom events
- Umami self-hosted alternative with Collect API and outbound-link tracking
- Google Analytics 4 via Measurement Protocol, gated on cookie consent
- PostHog for product analytics, feature flags, and funnels
- CookieConsentConfig with banner styling, four standard categories, and expiry control
- CookieConsentRecord integration for per-visitor decisions and revocation
- respect_do_not_track and geo_targeting flags for jurisdictional compliance
En pratique
A federation launches a new CMS site. The webmaster activates a PlausibleConfig pointing at their self-hosted Plausible instance, no consent banner needed for analytics traffic. They also enable PostHog for funnel analysis on the registration flow, since both providers run cookie-free.
A regional sponsor later asks for GA4 reach reporting, so the webmaster creates a GA4Config and publishes a CookieConsentConfig with analytics defaulting off, banner copy in Swedish, expiry 365 days, and respect_do_not_track=true. Visitors now see the banner; those who accept analytics generate GA4 events, those who reject still feed Plausible cookie-free totals, and the consent store records every decision with the right category granularity.
Fonctionnalités de ce sous-système
24| ID | Status | Fonctionnalités |
|---|---|---|
| F14.16.01 | Livré | Plausible analytics (privacy-respecting) — PlausibleConfig-samling tenant-scopad med display_name/credentials (PlausibleCredentialRefs api_key_ref)/site_id/instance_url (cloud eller self-hosted)/enable_custom_events/enable_revenue_tracking/allowed_domains/usage (AnalyticsUsageMetrics); CRUD /analytics/plausible/configs/ med livscykel (draft→active→paused→error→decommissioned); AnalyticsEvent-samling med config_id/provider/event_name/event_properties/user_id/anonymous_id/page_url/referrer/user_agent/idempotency_key; POST /analytics/plausible/events/ skickar via Plausible Events API; GDPR-kompatibel utan cookies ✅ PL-F1416 |
| F14.16.02 | Livré | Umami analytics som självhostat alternativ — UmamiConfig-samling tenant-scopad med display_name/credentials (UmamiCredentialRefs api_key_ref/username_ref/password_ref)/instance_url/website_id/share_url/enable_custom_events/track_outbound_links/usage; CRUD /analytics/umami/configs/ med livscykel; POST /analytics/umami/events/ skickar via Umami Collect API; privacy-fokuserad, cookiefri ✅ PL-F1416 |
| F14.16.03 | Livré | Google Analytics 4 (opt-in per tenant) — GA4Config-samling tenant-scopad med display_name/credentials (GA4CredentialRefs measurement_id/api_secret_ref/service_account_json_ref)/property_id/data_stream_id/require_cookie_consent (default true)/anonymize_ip/enable_enhanced_measurement/enable_ecommerce/debug_mode/usage; CRUD /analytics/ga4/configs/ med livscykel; POST /analytics/ga4/events/ skickar via GA4 Measurement Protocol med client_id; kräver cookie-samtycke (analytics-kategori) innan spårning aktiveras ✅ PL-F1416 |
| F14.16.04 | Livré | Per-tenant cookie consent — CookieConsentConfig-samling tenant-scopad med display_name/status/banner (ConsentBannerConfig position/style/primary_color/background_color/text_color/show_reject_all/show_preferences)/categories (necessary/functional/analytics/marketing med ConsentCategoryConfig enabled/required/default_accepted/display_name/description/cookie_names)/privacy_policy_url/cookie_policy_url/consent_expiry_days (1–730)/geo_targeting_enabled/respect_do_not_track; CRUD /analytics/cookie-consent/configs/ med PATCH-uppdatering; integrerar med befintlig CookieConsentRecord (privacy.py) för individuella samtyckesbeslut ✅ PL-F1416 |
| F14.16.05 | Livré | PostHog event tracking integration for product analytics, feature flags, and funnel analysis with per-tenant configuration ✅ PL-F1416 |
| F14.16.06 | Livré | API usage analytics aggregation per developer/tier — RateLimitWindow flushes till ApiUsageRecord-buckets; admin /admin/api/usage-vy med stacked area chart per tier, drilldown per utvecklare ✅ PL-T215 |
| F14.16.07 | Livré | Per-record provenance metadata — _meta.dataset_version + _meta.provenance_uri + field_provenance på alla data-product-svar för spårning av källdataset och version ✅ PL-T215 |
| F14.01.10 | Livré | Developer portal self-service — POST /developer/keys, GET/DELETE /developer/keys/{id}, GET /developer/keys/{id}/usage med 256-bit-key + SHA-256-hash; X-Developer-Id-bootstrap-header för första key-issuance ✅ PL-T215 |
| F14.01.11 | Livré | Sandbox-tenant provisioning — POST /developer/sandbox med 4 seed-templates (minimal, national_federation, club, competition_in_progress), separat Cosmos-databas, 30-dagars auto-expiry, 10× rate-limit ✅ PL-T215 |
| F14.01.12 | Livré | OAuth 2.0 client-credentials grant — POST /v1/oauth/token med scope-baserad authorization (api:read, webhooks:write, data:integrity etc.); 3600s opaque token-livslängd; key-id-blacklist vid revoke ✅ PL-T215 |
| F14.01.13 | Livré | Public OpenAPI surface — GET /v1/openapi.json filtrerat till canonical tags (CANONICAL_DOMAINS frozenset i domains.py) ✅ PL-T215 |
| F14.01.14 | Livré | API-versionering policy + middleware — /v{N} URL-prefix, X-API-Version/X-API-Version-Deprecated/Sunset headers, route-aware aliasing (explicit /v1/X-routes passerar genom oförändrade) ✅ PL-T215 |
| F14.01.15 | Livré | Sliding-window rate-limit per client + tier — Redis sorted-set per (client_id, bucket); per-endpoint-buckets (default, webhook_management, data_product_query, oauth_token); fail-open vid Redis-utfall ✅ PL-T215 |
| F14.01.16 | Livré | Legacy federation field-mapping — dokumentation per nation (SBF/NBoF/FFPJP/FBP/FIB/FEP) + FIPJP/CEP, tenant.field_mapping_overrides för per-fält translations utan kodändring ✅ PL-T215 |
| F14.03.07 | Livré | Webhook signed payload v2 — canonical f"{timestamp}.{body}" HMAC-SHA256 (Stripe-format), 5min replay-fönster, X-Petanque-Signature/-Timestamp/-Event-Id/-Delivery/-Attempt-headers ✅ PL-T215 |
| F14.03.08 | Livré | Self-service webhook CRUD + debugging — POST/GET/DELETE /developer/webhooks, GET /webhooks/{id}/deliveries med per-delivery-status, POST /test-endpoint, POST /deliveries/{id}/replay med X-Petanque-Replay-Of-header ✅ PL-T215 |
| F14.03.09 | Livré | DLQ + auto-disable — efter 8 retries (exponential backoff base=30s) flyttas leverans till DLQ; endpoint auto-disablas efter 24h med 100% failure-rate (disabled_reason="too_many_failures") ✅ PL-T215 |
| F14.03.10 | Livré | Sandbox-säker webhook-routing — sandbox-tenants kan endast skicka webhooks till whitelist (webhook.site-domän) eller utvecklarens egen URL, aldrig till partner-system konfigurerade i production ✅ PL-T215 |
| F14.03.11 | Livré | ed25519-overlay för integrity-events — X-Petanque-Signature: ed25519:<key_id>=<hex> som tillägg till HMAC; kvartalsvis key-rotation; public key via GET /v1/integrity/public-key ✅ PL-T215 |
| F14.04.10 | Livré | Insurance risk-feed (aggregerad) — GET /v1/insurance/snapshots/{period} med månads-/kvartalssnapshots; competitions/venues/incidents-aggregat per region (NUTS-2), surface, capacity-band; väderdata per outdoor-event-hours; inga PII ✅ PL-T215 |
| F14.05.07 | Livré | GraphQL analytics-endpoint — POST /v1/analytics/graphql query-only med complexity-limit (count("{")*10 + count("(")*2, default 1000); per-tier-tak; field-level scope-gating ✅ PL-T215 |
| F14.05.08 | Livré | Research cohort query — POST /v1/research/cohorts/{id}/query med pseudonymized k=5-anonymity, consent-version per record, ethics-committee-approval-flow ✅ PL-T215 |
| F14.05.09 | Livré | Integrity event stream (SSE) — GET /v1/integrity/events/{event_id}/stream med Last-Event-ID-reconnect, p50<250ms latency-SLA, 15s heartbeat ✅ PL-T215 |
| F14.05.10 | Livré | Sanctions-list för betting-operatörer — GET /v1/integrity/sanctions med since/jurisdiction-filter, player_pseudo_id, ed25519-signerat _meta ✅ PL-T215 |