DataFast logoDataFast
"Best analytics tool I've used in 14 years"

Update website

PUT https://datafa.st/api/v1/admin/websites/{websiteId}

Update website settings such as name, timezone, currency, KPI, tracking rules, and notification preferences. Send only the fields you want to change.

Viewers cannot write. Members can update most settings; team management remains owner-only.

Request

Path parameters

websiteId
string
Website ObjectId. From List websites (_id field). Example: 665f0b3c4d2e1a0012345678.

Body parameters

domain
string
Tracked domain without https://. Example: "example.com". Must pass DataFast domain validation.
name
string|null
Name shown in the dashboard. Example: "My SaaS". Optional on create.
timezone
string
Timezone used to interpret dates and group analytics buckets. Defaults to the website timezone. IANA timezone for dashboard periods and API date grouping. Examples: "America/New_York", "Europe/Paris", "UTC".
currency
string
ISO 4217 currency for revenue. Example: "USD", "EUR".
kpi
string
Goal name used as the dashboard KPI card. Must match a tracked goal. Example: "signup". List names via List tracked goals.
kpiColorScheme
string
Dashboard KPI card color. Example: "orange", "blue".
revenueMetric
string
How revenue is summarized. Example: "revenue" or "mrr" when supported.
sendWeeklyReports
boolean
true to email weekly analytics summaries.
sendViralTrafficAlerts
boolean
true to notify on traffic spikes.
isPublicDashboardEnabled
boolean
true to enable a shareable public dashboard link.
isPublicDataEnabled
boolean
true to expose metrics on public dashboards/widgets.
isCookieless
boolean
true for cookieless tracking mode. See script configuration.
isAttackModeEnabled
boolean
true to enable attack-mode bot filtering.
includeRenewalRevenue
boolean
true to count renewal revenue in KPI totals.
allowedHostnames
string[]
Hostnames allowed to send events. Example: ["example.com", "www.example.com"].
isAllHostnamesAllowed
boolean
true to accept events from any hostname.
excludedIps
string[]
IPs excluded from tracking. Example: ["203.0.113.10"].
excludedPaths
string[]
URL paths excluded from tracking. Example: ["/admin", "/preview"].
excludedCountries
string[]
Country names or codes excluded from tracking.
excludedHostnames
string[]
Hostnames excluded from tracking.

Example request body

Send only fields you want to change:

{
  "name": "Renamed product",
  "timezone": "Europe/Paris",
  "currency": "EUR",
  "kpi": "signup",
  "includeRenewalRevenue": true,
  "excludedPaths": ["/admin", "/preview"]
}

Response

Returns a JSON object with status: "success" and endpoint-specific fields in data.

Response fields

data[]._id
string
Website ObjectId.
data[].domain
string
Website domain.
data[].name
string|null
Human-readable name for the resource or event. The exact meaning depends on the endpoint.
data[].trackingId
string
Script tracking ID.
data[].timezone
string
Timezone used to interpret dates and group analytics buckets. Defaults to the website timezone.
data[].currency
string
Currency code for money values, such as USD or EUR.
data[].kpi
string|null
Configured KPI goal or metric.
data[].kpiColorScheme
string|null
KPI color scheme.
data[].revenueMetric
string|null
Revenue metric preference.
data[].isCookieless
boolean
Whether cookieless tracking is enabled.
data[].includeRenewalRevenue
boolean
Whether renewal revenue is included in KPI calculations.
data[].allowedHostnames
string[]
Allowed hostnames.
data[].excludedIps
string[]
Excluded IPs.
data[].excludedPaths
string[]
Excluded paths.
data[].excludedCountries
string[]
Excluded countries.
data[].excludedHostnames
string[]
Excluded hostnames.

Authentication

Use a dft_ account token with settings:write.
A df_ website API key for the same website can also call this route when the path websiteId matches the key's website. Write access with a df_ key is capped at member level — owner-only actions such as team management require a dft_ token and owner role.

Errors

400 — No valid fields in body or invalid domain.

403 — Viewer role or website access denied.

See API errors for the standard error envelope, auth failures, validation errors, permission errors, and rate limits.

✍️ Something missing? Suggest features.

🤖 AI agent or LLM? Read this page as markdown

Example request
curl -X PUT "https://datafa.st/api/v1/admin/websites/{websiteId}" \
  -H "Authorization: Bearer dft_xxx" \
  -H "Content-Type: application/json" \
  -d '{"name":"New name","timezone":"Europe/Paris","kpi":"signup"}'
Success response
{
  "status": "success",
  "data": [{
    "_id": "665f0b3c4d2e1a0012345678",
    "domain": "example.com",
    "name": "Example",
    "trackingId": "dfid_abc123",
    "timezone": "America/New_York",
    "currency": "USD",
    "kpi": "signup",
    "isCookieless": false,
    "includeRenewalRevenue": true,
    "allowedHostnames": ["example.com"],
    "excludedIps": [],
    "excludedPaths": [],
    "excludedCountries": [],
    "excludedHostnames": []
  }]
}
PreviousAPI reference / Get websiteNextAPI reference / Delete website