See your traffic, not your visitors

You can now see how your site is doing without us watching who visits it.

Every site you deploy gets a small set of aggregate counters, sampled once a minute at the edge:

• Requests — how many requests your site served in the last minute. A running per-minute count, nothing more.
• Concurrency — how many requests were in flight at the moment of the sample. The "how busy is this right now" number.

That is the whole per-site record. The only identity in it is your site's own hostname — the analytics carry no field for who made the request, what they asked for, or where they came from. The numbers are keyed to your site, not to the people hitting it.

Reading your own counts

Your analytics are visible only to you, behind your bearer token — never on a public page. Reading them is one authenticated call:

curl "https://api.yo.urspace.net/v1/sites/my-blog/metrics?metric=requests&window=1d" \
  -H "Authorization: Bearer $YOURSPACE_TOKEN"

You get back a plain per-minute time series scoped to the one site named in the path. The same counts back the traffic charts on the status dashboard.

Aggregate by design

This is the part we wrote down before writing the first counter: the analytics have one dimension — your site — and no per-visitor dimension to attach an identity to. There's no per-visitor row to mine, sell, or leak. Site-level health metrics, not per-person surveillance.

• No sessions, funnels, or live-visitor lists. Per-site means per-site, not per-visitor.

"Aggregate-only" is the design, not a setting you switch on. Because the numbers carry no per-visitor data, a visitor's Do Not Track or Global Privacy Control preference is respected by design — there's nothing in them to suppress.

The full contract — what your analytics measure, the shape of that data, and how long it lives — is written down at /docs/analytics, where you can read it before you trust it.