Worker public endpoints
Public Apex Worker routes for event ingest, snippets, runtime config, landing pages, previews, and health checks.
The Apex Worker serves storefront-facing runtime routes. This page covers only the public subset: event ingest, runtime config, short install snippets, landing-page routes such as /guide, preview proxy routes, and health checks. Internal Worker routes are intentionally excluded.
Base hosts
Use the configured Worker base URL for your shop. Production installs usually use:
https://events.drip-apex.comCustom-domain edge traffic can also send events to:
/_drip/eventsPOST /events and POST /_drip/events
Use these endpoints for analytics event ingest. /events is accepted on control hosts. /_drip/events is accepted as the edge event path for custom-domain traffic.
POST /events
Content-Type: application/json
{
"events": [
{
"type": "goal",
"eventId": "evt_demo_1001",
"shopId": "11111111-1111-4111-8111-111111111111",
"visitorId": "visitor_demo_123",
"sessionId": "session_demo_123",
"data": {
"goalId": "__add_to_cart__"
},
"ts": 1783502400000
}
],
"_shopId": "11111111-1111-4111-8111-111111111111",
"_signature": "px_signed_ingest_token_here"
}Behavior:
| Rule | Implemented behavior |
|---|---|
| Method | POST only. Other methods return 405. |
| Auth | Requires ingest auth through x-drip-shop and x-drip-signature, body _shopId and _signature, or a valid tracking source key. |
| Body | Must be a JSON array of events or an object with events. |
| Batch size | Empty batches return 400. More than 200 events returns 413. |
| Rate limits | Per-shop event rate limits apply and can return 429 with Retry-After. |
| Invalid events | Invalid events can be quarantined; if every event is quarantined the response is 202 with ingested: 0. |
| Dedupe | Events with duplicate event_id values are filtered before publish. |
| Publish | Uses an event queue when configured and returns 202, otherwise forwards NDJSON to Tinybird and returns Tinybird's status/body. |
See Public event schema for fields and aliases.
GET /api/exp
/api/exp is the public runtime config endpoint served by the web app and fetched by the Worker snippet builder. It returns the shop's edge config payload: experiments, runtime settings, signals, profile, and delivery manifest.
GET /api/exp?shopId=11111111-1111-4111-8111-111111111111Query parameters:
| Parameter | Notes |
|---|---|
shopId | Required. |
env or environment | Optional runtime environment key. |
drip_qa, drip_force, drip_experiment_id, drip_variation_id | QA/forced assignment parameters used by preview and QA flows. |
drip_harness | Optional harness token when a forced QA preview includes a harness session. |
drip_debug, debug, apex_debug, apex_config_refresh | Debug/cache-bypass controls. |
Responses include ETag, Cache-Control, CDN-Cache-Control, Vercel-CDN-Cache-Control, and X-Apex-Config-Cache. QA and debug responses are no-store. Public responses cache briefly unless runtime delivery is disabled.
GET /s/{shopId}.js
The short snippet endpoint serves a synchronous JavaScript install script:
<script src="https://events.drip-apex.com/s/11111111-1111-4111-8111-111111111111.js"></script>The path must match /s/{uuid}.js. The response includes anti-flicker setup, SDK code, and inlined experiment config. Invalid shop IDs return JavaScript comments with a 400 status. Per-IP snippet rate limits can return 429 and Retry-After.
Landing-page paths such as /guide
The Worker does not hardcode a standalone /guide branch. It serves landing-page routes dynamically when a published route manifest exists for the request host and normalized path. That means /guide is public when Apex has registered a published landing page route for that host/path.
Landing-page responses:
| Behavior | Notes |
|---|---|
| Methods | GET and HEAD. |
| Routing | Host and normalized path are looked up in KV. |
| Storage | Published HTML and assets are read from R2. |
| Variants | If a landing-page experiment variant is configured, the Worker assigns by visitor ID and serves variant HTML. |
| Headers | Responses include x-apex-landing-page-id, version, publish ID, cache key, and x-drip-edge: landing-page. |
GET /api/preview and /api/preview/state
Preview routes run on the preview host and proxy a signed preview session.
| Endpoint | Purpose |
|---|---|
/api/preview?pst=...&url=https%3A%2F%2Fexample.com%2Fproducts%2Fdemo | Fetches the target page, rewrites HTML/CSS through the preview proxy, strips frame-blocking headers, injects the preview bridge, and stores cookies per session. |
/api/preview/state?pst=... | Returns preview session state as JSON. |
Rules:
pstis required. Missing tokens return 401.- Only
GET,HEAD,POST,PUT,PATCH,DELETE, andOPTIONSare accepted. /api/previewrequires aurlquery parameter.- The target host must be allowed by the signed preview session payload.
- Responses use no-store caching.
GET /health
The health endpoint returns Worker status on control hosts:
{
"ok": true,
"service": "apex-worker",
"environment": "production",
"release": "release-id-or-null",
"queue_enabled": true,
"queue_name": "event-queue",
"distributed_rate_limits": {
"events_per_shop": true,
"snippet_per_ip": true
},
"dead_letter_queue": {
"ok": true
},
"checked_at": "2026-07-08T12:00:00.000Z"
}The response always sets Cache-Control: no-store.