Feature Request: Support for Client ID/Secret in JSON Body for Cloudflare Zaraz Integration #316
Description
Currently, OpenPanel requires openpanel-client-id and openpanel-client-secret to be sent via HTTP Headers. However, many server-side tracking tools, most notably Cloudflare Zaraz (when using the official managed-components/http-request), do not allow the customization of HTTP Headers. These tools bundle all custom fields into the JSON POST body.
Describe the solution you'd like
I would like the OpenPanel /track endpoint to look for authentication credentials (client_id and client_secret) and device metadata (ip, user_agent) directly inside the JSON payload if they are not present in the HTTP Headers.
This would allow a seamless integration with Zaraz by simply configuring a "POST JSON" request like this:
JSON
{
"openpanel_client_id": "your-id",
"openpanel_client_secret": "your-secret",
"event": "pageview",
"properties": {
"url": "https://example.com"
}
}
Describe alternatives you've considered
I've considered using Cloudflare Workers as a proxy, but it adds complexity and maintenance overhead compared to a native Zaraz HTTP Request.
Additional context
Supporting this would make OpenPanel one of the easiest analytics solutions to deploy on Cloudflare's edge without being blocked by AdBlockers, as Zaraz is natively integrated into the proxy layer.