Skip to main content
The Radar API lets external applications read the analytics collected by Taapit Radar (the Visitors product): aggregate metrics, time series, realtime visitors and top breakdowns (pages, sources, locations, devices).

Base URL

https://taap.it/api/v1/radar

Authentication

Radar endpoints are authenticated with a project-scoped API key. Every key belongs to a single Radar project (one website), so you never pass a projectId — the project is resolved from the key itself. Send the key as a Bearer token: 
Authorization: Bearer taapit_your_api_key_here
You can also use the x-api-key header instead: 
x-api-key: taapit_your_api_key_here
API keys are created from the Radar dashboard under Project settings → API. The full key is shown only once at creation — store it securely and never expose it client-side.

Permissions

Each key carries a permission level (All, Read only or Restricted). All current Radar endpoints are read-only, so any permission level can call them. Write scopes are reserved for future write endpoints.

Endpoints

Metrics

Aggregate metrics over a date range (people, visits, pageviews, revenue…).

Time series

Time-bucketed series of the core metrics.

Realtime

Active visitors in a rolling window.

Breakdowns

Top pages, sources, locations and devices.

People

List people (visitors) with their key attributes and filters.

Person details

A single person with their sessions and activity heatmap.

Last visitors

Visitors active in the last few minutes (live feed).

Custom events

Most frequent custom events tracked for the project.

Date parameters

Endpoints that accept a date range use the start and end query parameters in ISO 8601 format (UTC), for example 2026-01-01T00:00:00Z.

Rate limits & quotas

Radar endpoints are backed by an analytics engine that bills per query, so each API key has per-key rate limits to keep usage (and your costs) under control:
WindowDefault limit
Second3 requests / second
Minute60 requests / minute
Day5,000 requests / day
Month50,000 requests / month
The per-second cap is a burst guard: a single key can never spike above a few requests per second, keeping usage comfortably under the analytics engine’s per-second billing threshold. Every response includes rate-limit headers so you can track your remaining budget: 
X-RateLimit-Limit: 5000        # daily limit
X-RateLimit-Remaining: 4987    # requests left today
X-RateLimit-Reset: 1769990400  # UTC epoch seconds when the daily window resets
When a limit is exceeded the API returns 429 Too Many Requests with a Retry-After header (seconds to wait) and a scope field indicating which window was hit (second, minute, day or month).
Usage is logged per key and per endpoint. Polling endpoints like realtime and last-visitors consume quota on every call — cache responses and avoid sub-minute polling unless you really need it. Each call to breakdowns runs several aggregations, so it counts as one request but is heavier than a single metric read.

Errors

{
  "error": "Invalid API key"
}