Skip to content

Moved Tinybird tracker token to the analytics service#13

Merged
jloh merged 1 commit into
mainfrom
analytics-service-tracker-token
Jul 9, 2025
Merged

Moved Tinybird tracker token to the analytics service#13
jloh merged 1 commit into
mainfrom
analytics-service-tracker-token

Conversation

@cmraible
Copy link
Copy Markdown
Contributor

@cmraible cmraible commented Jul 9, 2025
edited
Loading

This moves the TINYBIRD_TRACKER_TOKEN environment variable out of Ghost's configuration, and passes it directly to the analytics service.

The Tinybird tracker token grants write access to the analytics_events datasource in Tinybird. Before we had the analytics service sitting between Ghost and Tinybird, Ghost needed to send this token with each tracking event request, or else Tinybird would return a 401 error. This isn't very secure, since the tracker token is exposed in plain text in the network tab whenever visiting a Ghost site's frontend.

Now that we have the analytics service sitting between Ghost and Tinybird, we can add the token to each request there, which means Ghost no longer needs to pass the token with each request, and in fact doesn't need to use the tracker token at all.

@cmraible cmraible requested a review from jloh July 9, 2025 00:36
@cmraible cmraible marked this pull request as ready for review July 9, 2025 00:48
@jloh jloh merged commit 1585fe0 into main Jul 9, 2025
1 check passed
@jloh jloh deleted the analytics-service-tracker-token branch July 9, 2025 00:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jloh jloh jloh approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@cmraible @jloh