Developer

Worker public endpoints

Public Apex Worker routes for event ingest, snippets, runtime config, landing pages, previews, and health checks.

The Apex Worker serves storefront-facing runtime routes. This page covers only the public subset: event ingest, runtime config, short install snippets, landing-page routes such as /guide, preview proxy routes, and health checks. Internal Worker routes are intentionally excluded.

Base hosts

Use the configured Worker base URL for your shop. Production installs usually use:

text
https://events.drip-apex.com

Custom-domain edge traffic can also send events to:

text
/_drip/events

POST /events and POST /_drip/events

Use these endpoints for analytics event ingest. /events is accepted on control hosts. /_drip/events is accepted as the edge event path for custom-domain traffic.

http
POST /events
Content-Type: application/json
 
{
  "events": [
    {
      "type": "goal",
      "eventId": "evt_demo_1001",
      "shopId": "11111111-1111-4111-8111-111111111111",
      "visitorId": "visitor_demo_123",
      "sessionId": "session_demo_123",
      "data": {
        "goalId": "__add_to_cart__"
      },
      "ts": 1783502400000
    }
  ],
  "_shopId": "11111111-1111-4111-8111-111111111111",
  "_signature": "px_signed_ingest_token_here"
}

Behavior:

RuleImplemented behavior
MethodPOST only. Other methods return 405.
AuthRequires ingest auth through x-drip-shop and x-drip-signature, body _shopId and _signature, or a valid tracking source key.
BodyMust be a JSON array of events or an object with events.
Batch sizeEmpty batches return 400. More than 200 events returns 413.
Rate limitsPer-shop event rate limits apply and can return 429 with Retry-After.
Invalid eventsInvalid events can be quarantined; if every event is quarantined the response is 202 with ingested: 0.
DedupeEvents with duplicate event_id values are filtered before publish.
PublishUses an event queue when configured and returns 202, otherwise forwards NDJSON to Tinybird and returns Tinybird's status/body.

See Public event schema for fields and aliases.

GET /api/exp

/api/exp is the public runtime config endpoint served by the web app and fetched by the Worker snippet builder. It returns the shop's edge config payload: experiments, runtime settings, signals, profile, and delivery manifest.

http
GET /api/exp?shopId=11111111-1111-4111-8111-111111111111

Query parameters:

ParameterNotes
shopIdRequired.
env or environmentOptional runtime environment key.
drip_qa, drip_force, drip_experiment_id, drip_variation_idQA/forced assignment parameters used by preview and QA flows.
drip_harnessOptional harness token when a forced QA preview includes a harness session.
drip_debug, debug, apex_debug, apex_config_refreshDebug/cache-bypass controls.

Responses include ETag, Cache-Control, CDN-Cache-Control, Vercel-CDN-Cache-Control, and X-Apex-Config-Cache. QA and debug responses are no-store. Public responses cache briefly unless runtime delivery is disabled.

GET /s/{shopId}.js

The short snippet endpoint serves a synchronous JavaScript install script:

html
<script src="https://events.drip-apex.com/s/11111111-1111-4111-8111-111111111111.js"></script>

The path must match /s/{uuid}.js. The response includes anti-flicker setup, SDK code, and inlined experiment config. Invalid shop IDs return JavaScript comments with a 400 status. Per-IP snippet rate limits can return 429 and Retry-After.

Landing-page paths such as /guide

The Worker does not hardcode a standalone /guide branch. It serves landing-page routes dynamically when a published route manifest exists for the request host and normalized path. That means /guide is public when Apex has registered a published landing page route for that host/path.

Landing-page responses:

BehaviorNotes
MethodsGET and HEAD.
RoutingHost and normalized path are looked up in KV.
StoragePublished HTML and assets are read from R2.
VariantsIf a landing-page experiment variant is configured, the Worker assigns by visitor ID and serves variant HTML.
HeadersResponses include x-apex-landing-page-id, version, publish ID, cache key, and x-drip-edge: landing-page.

GET /api/preview and /api/preview/state

Preview routes run on the preview host and proxy a signed preview session.

EndpointPurpose
/api/preview?pst=...&url=https%3A%2F%2Fexample.com%2Fproducts%2FdemoFetches the target page, rewrites HTML/CSS through the preview proxy, strips frame-blocking headers, injects the preview bridge, and stores cookies per session.
/api/preview/state?pst=...Returns preview session state as JSON.

Rules:

  • pst is required. Missing tokens return 401.
  • Only GET, HEAD, POST, PUT, PATCH, DELETE, and OPTIONS are accepted.
  • /api/preview requires a url query parameter.
  • The target host must be allowed by the signed preview session payload.
  • Responses use no-store caching.

GET /health

The health endpoint returns Worker status on control hosts:

json
{
  "ok": true,
  "service": "apex-worker",
  "environment": "production",
  "release": "release-id-or-null",
  "queue_enabled": true,
  "queue_name": "event-queue",
  "distributed_rate_limits": {
    "events_per_shop": true,
    "snippet_per_ip": true
  },
  "dead_letter_queue": {
    "ok": true
  },
  "checked_at": "2026-07-08T12:00:00.000Z"
}

The response always sets Cache-Control: no-store.