Basic Configuration
Configure PULSE for your environment
Basic Configuration
Configure your PULSE instance for your specific use case.
API Key Management
Create an API Key
# Via Cloudflare Dashboard:
# 1. Workers & Pages → Deployments
# 2. Select your PULSE worker
# 3. Settings → Environment Variables
# 4. Add API_SECRET
# Or via CLI:
wrangler secret put API_SECRET --env productionUse API Keys in Requests
All API requests require authentication:
curl https://your-api.example.com/api/v1/stats \
-H "Authorization: Bearer YOUR_API_KEY"Site Configuration
Register sites to track:
curl -X POST https://your-api.example.com/api/v1/bootstrap \
-H "Content-Type: application/json" \
-d '{
"site_name": "My Website",
"domain": "example.com",
"public": false
}'Response:
{
"success": true,
"data": {
"site_id": "site_abc123",
"api_key": "pulse_prod_xxxxx",
"tracker_script_url": "https://your-api.example.com/tracker.js"
}
}Data Retention Policy
Set how long events are stored:
# Default: 90 days
# Configure in wrangler.toml:
[vars]
DATA_RETENTION_DAYS = "90"
GDPR_RETENTION_DAYS = "30"Events older than the retention period are automatically deleted.
Database Configuration
Connection Settings
PULSE uses D1 (SQLite) for data storage:
[[d1_databases]]
binding = "DB"
database_name = "pulse_analytics"
database_id = "YOUR_DATABASE_ID"Database Migrations
Apply migrations to set up the schema:
# View all migrations
ls -la migrations/
# Apply migrations
wrangler d1 execute pulse_analytics --batch migrations/*.sql
# Or individually:
wrangler d1 execute pulse_analytics --file=migrations/001_initial_schema.sqlKV Cache Configuration
Configure caching for performance:
[[kv_namespaces]]
binding = "CACHE"
id = "YOUR_KV_NAMESPACE_ID"KV is used for:
- API key validation caching (60s TTL)
- Webhook endpoint caching (5min TTL)
- Session tokens (1 hour TTL)
- Rate limiting state
Rate Limiting
Configure rate limits to protect your API:
# In wrangler.toml
[vars]
# Auth endpoint: 10 requests per minute per IP
RATE_LIMIT_AUTH = "10"
# Session endpoint: 10 requests per minute per IP
RATE_LIMIT_SESSION = "10"
# Bootstrap endpoint: 5 requests per minute per IP
RATE_LIMIT_BOOTSTRAP = "5"Monitoring Configuration
Datadog Integration
# Set Datadog API key
wrangler secret put DATADOG_API_KEY --env production
# Configure in wrangler.toml
[vars]
DATADOG_SITE = "datadoghq.com"
DATADOG_API_KEY = "${DATADOG_API_KEY}" # From secretsCloudflare Analytics
PULSE automatically reports to Cloudflare Analytics. View in the Workers Dashboard.
Security Configuration
API Key Rotation
Regularly rotate your API keys:
# Create new key
wrangler secret put API_SECRET_NEW --env production
# Update applications to use new key
# Then remove old key:
wrangler secret delete API_SECRET_OLD --env productionHTTPS/TLS
PULSE requires HTTPS in production. Cloudflare provides automatic TLS.
CORS Configuration
Configure allowed origins:
# Default: allows all origins
# For production, restrict in your application:
const ALLOWED_ORIGINS = [
'https://app.example.com',
'https://analytics.example.com'
]Custom Tracker Configuration
Customize the tracking script for your domain:
# The tracker script is served from:
https://your-api.example.com/tracker.js
# Include in your website:
<script src="https://your-api.example.com/tracker.js"></script>
<script>
window.PULSE = {
siteId: 'site_abc123',
apiKey: 'YOUR_API_KEY',
endpoint: 'https://your-api.example.com'
}
</script>Environment Variables Reference
| Variable | Default | Description |
|---|---|---|
API_SECRET | Required | API authentication key |
DATA_RETENTION_DAYS | 90 | Days to keep events |
GDPR_RETENTION_DAYS | 30 | GDPR compliance retention |
DATADOG_API_KEY | Optional | Datadog monitoring |
DATADOG_SITE | datadoghq.com | Datadog region |
RATE_LIMIT_AUTH | 10 | Auth requests/minute |
RATE_LIMIT_SESSION | 10 | Session requests/minute |
RATE_LIMIT_BOOTSTRAP | 5 | Bootstrap requests/minute |
Verification
Test your configuration:
# Health check
curl https://your-api.example.com/health
# Readiness probe (checks all dependencies)
curl https://your-api.example.com/health/ready
# Authentication check
curl https://your-api.example.com/api/v1/auth \
-H "Authorization: Bearer YOUR_API_KEY"Next Steps
- Send First Event — Start tracking
- Event Ingestion API — Event format reference
- Security — Security best practices
Configuration Checklist
- API key configured
- Site registered
- Data retention policy set
- Database migrations applied
- KV namespace configured
- Rate limiting configured
- Monitoring enabled (optional)
- Health checks passing
Last updated: April 3, 2026