> ## Documentation Index > Fetch the complete documentation index at: https://docs.immutable.com/llms.txt > Use this file to discover all available pages before exploring further. # Web SDK > Typed tracking SDK for websites and web games. Tracks player progressions, spend, sign-ups, and attribution signals The Web SDK is currently in **alpha**. APIs and behavior may change between releases. **Who is this for?** Web developers building web games, marketing sites, or SPAs who need explicit event tracking, user identity, or SPA support. Works with any framework (React, Next.js, Svelte, vanilla JS). The Immutable Web SDK is a typed package for tracking player behavior as part of the Immutable attribution system. UTM parameters, click IDs, and referrer data are captured automatically, connecting ad campaigns to the players they drove. Session lifecycle (`session_start`, `session_end`) is handled automatically. Page views are tracked by calling `page()` on each route change, and in-game moments like progressions, purchases, and sign-ups are triggered by your code. All events flow to the same pipeline as the [Tracking Pixel](/docs/products/audience/tracking-pixel), [Unity SDK](/docs/products/audience/unity-sdk), and [REST API](/docs/products/audience/rest-api). ## What You Need * An [Immutable Hub](https://hub.immutable.com) account with a project ([get started here](/docs/products/hub/getting-started)) * A publishable key from your project settings ([API keys guide](/docs/products/hub/api-keys)) ## Installation ```bash theme={null} npm install @imtbl/audience ``` ```bash theme={null} yarn add @imtbl/audience ``` ```bash theme={null} pnpm add @imtbl/audience ``` ```html theme={null} ``` The CDN bundle attaches `ImmutableAudience` to `window` with the same API surface: `init`, `AudienceEvents`, `IdentityType`, `canTrack`, `canIdentify`, and `version`. If your site uses a Content Security Policy, see [Content Security Policy](#content-security-policy) for the directives CDN users need to allow. ## Quick Start ```typescript theme={null} import { Audience, AudienceEvents, IdentityType } from '@imtbl/audience'; const audience = Audience.init({ publishableKey: 'YOUR_PUBLISHABLE_KEY', }); ``` ```html theme={null} ``` Subsequent steps call methods on the `audience` variable. `AudienceEvents` and `IdentityType` are available as `ImmutableAudience.AudienceEvents` and `ImmutableAudience.IdentityType`. Consent defaults to `'none'`. The SDK won't track anything until you explicitly set a consent level. The SDK uses a three-tier consent model (`'none'`, `'anonymous'`, `'full'`). The SDK does not provide a consent UI. Build your own cookie banner or privacy prompt, then call `setConsent` with the appropriate level when the user responds. ```typescript theme={null} // User accepts anonymous tracking audience.setConsent('anonymous'); // User logs in and accepts full tracking audience.setConsent('full'); ``` At `'anonymous'`, page views and events are tracked but `identify()` and `alias()` calls are dropped. At `'full'`, all methods are available. See the [Data Dictionary](/docs/products/audience/data-dictionary#consent-model) for what is collected at each level. Call `page()` on each route change. The first call in each session includes [attribution](/docs/products/audience/data-dictionary#attribution-signals) parameters. ```typescript theme={null} audience.page(); ``` Log player actions with `track()`. The SDK ships with [predefined events](/docs/products/audience/data-dictionary#predefined-events) for common player actions (purchases, sign-ups, progression, wishlist actions, and more) that give you typed properties and autocomplete. You can also pass any custom event string. ```typescript theme={null} // Predefined event — typed properties audience.track(AudienceEvents.SIGN_UP, { method: 'email' }); audience.track(AudienceEvents.PURCHASE, { currency: 'USD', value: 9.99 }); // Custom event — any properties audience.track('tutorial_complete', { stepCount: 5 }); ``` ```javascript theme={null} // Predefined event — typed properties audience.track(ImmutableAudience.AudienceEvents.SIGN_UP, { method: 'email' }); audience.track(ImmutableAudience.AudienceEvents.PURCHASE, { currency: 'USD', value: 9.99 }); // Custom event — any properties audience.track('tutorial_complete', { stepCount: 5 }); ``` Identifies the player by associating their userId with their activity and traits. Call at login or account connection. Requires `'full'` consent. ```typescript theme={null} audience.identify('player-123', IdentityType.Passport, { email: 'user@example.com', }); ``` ```javascript theme={null} audience.identify('player-123', ImmutableAudience.IdentityType.Passport, { email: 'user@example.com', }); ``` Flushes the queue and sends a `session_end` event (if consent is above `'none'`). ```typescript theme={null} audience.shutdown(); ``` ### Complete Example ```typescript theme={null} import { Audience, AudienceEvents, IdentityType } from '@imtbl/audience'; // 1. Initialize const audience = Audience.init({ publishableKey: 'YOUR_PUBLISHABLE_KEY', }); // 2. Set consent after cookie banner audience.setConsent('anonymous'); // 3. Track page views on route changes audience.page(); // 4. Track player actions audience.track(AudienceEvents.PURCHASE, { currency: 'USD', value: 9.99 }); // 5. Identify after login (requires 'full' consent) audience.setConsent('full'); audience.identify('player-123', IdentityType.Passport, { email: 'user@example.com' }); // 6. Clean up on exit audience.shutdown(); ``` ```html theme={null} ``` ## Verify the Integration Initialize with `debug: true` to see SDK activity in the browser console: ```typescript theme={null} const audience = Audience.init({ publishableKey: 'YOUR_PUBLISHABLE_KEY', debug: true, }); ``` 1. **Console**: Look for log entries showing `session_start`, `page`, and any `track()` calls 2. **Network tab**: Look for POST requests to `https://api.immutable.com`. Events flush every 5 seconds or when 20 events accumulate Remove `debug: true` before deploying to production. ## Content Security Policy If your site enforces a Content-Security-Policy header, add the event endpoint so the SDK can deliver events: ``` connect-src: https://api.immutable.com ``` If you load the SDK from Immutable's CDN, also add the script host: ``` script-src: https://cdn.immutable.com ``` If you install the SDK as a package dependency (npm/yarn/pnpm), only `connect-src` is required. The CDN directive is only needed for the ` ``` ## API Reference Creates and returns an `Audience` instance. Call once when your app loads to set up tracking. | Parameter | Type | Required | Default | Description | | ---------------- | --------------------------------- | -------- | -------------- | --------------------------------------------------------------------------------------------------------------- | | `publishableKey` | `string` | Yes | — | API key from [Hub](https://hub.immutable.com) | | `consent` | `'none' \| 'anonymous' \| 'full'` | No | `'none'` | Initial consent level | | `debug` | `boolean` | No | `false` | Log SDK activity to the browser console | | `testMode` | `boolean` | No | `false` | When `true`, stamps all events with `test: true` so they can be filtered from production analytics. | | `cookieDomain` | `string` | No | Current domain | Share cookies across subdomains (e.g. `'.studio.com'`). The Tracking Pixel uses `domain` for this same setting. | | `flushInterval` | `number` | No | `5000` | How often the queue flushes, in milliseconds | | `flushSize` | `number` | No | `20` | Number of queued messages that triggers a flush | | `baseUrl` | `string` | No | Immutable API | Override the default API base URL | | `onError` | `(err: AudienceError) => void` | No | `undefined` | Callback for flush and consent sync failures | ```typescript theme={null} const audience = Audience.init({ publishableKey: 'YOUR_PUBLISHABLE_KEY', consent: 'none', debug: true, cookieDomain: '.studio.com', onError: (err) => console.error(err.code, err.message), }); ``` Controls what the SDK is allowed to collect. Call when the user accepts or changes their cookie preferences. Takes effect immediately, no page reload needed. See the [Data Dictionary](/docs/products/audience/data-dictionary#consent-model) for consent levels and [downgrade behavior](/docs/products/audience/data-dictionary#downgrading-consent). ```typescript theme={null} // Upgrade after cookie banner audience.setConsent('anonymous'); // Downgrade — stops tracking, clears cookies audience.setConsent('none'); ``` Checks whether a consent level allows tracking. Returns `true` when `level` is `'anonymous'` or `'full'`. Use before calling `track()` or `page()` when you need to guard behavior based on the current consent level, for example when conditionally showing a tracking-dependent UI element. | Parameter | Type | Description | | --------- | --------------------------------- | -------------------------- | | `level` | `'none' \| 'anonymous' \| 'full'` | The consent level to check | ```typescript theme={null} import { canTrack } from '@imtbl/audience'; if (canTrack(currentConsentLevel)) { // safe to call track() and page() } ``` Checks whether a consent level allows player identification. Returns `true` when `level` is `'full'`. Use before calling `identify()` or `alias()` when you need to guard identity-dependent logic, for example to only prompt a player to link accounts when consent allows it. | Parameter | Type | Description | | --------- | --------------------------------- | -------------------------- | | `level` | `'none' \| 'anonymous' \| 'full'` | The consent level to check | ```typescript theme={null} import { canIdentify } from '@imtbl/audience'; if (canIdentify(currentConsentLevel)) { // safe to call identify() and alias() } ``` Records a page view. Call on every route change to track which pages players visit and in what order. The first call in each session includes [attribution](/docs/products/audience/data-dictionary#attribution-signals) parameters. | Parameter | Type | Description | | ------------ | ------------------------- | -------------------------- | | `properties` | `Record` | Optional custom properties | **Requires:** `'anonymous'` or `'full'` consent. Calls at `'none'` are silently dropped. Records a player action. Call when a player does something you want to measure, such as a purchase, sign-up, level completion, or any custom action. [Predefined events](/docs/products/audience/data-dictionary#predefined-events) give you typed properties with autocomplete. | Parameter | Type | Description | | ------------ | ------------------------- | ----------------------------------------------------------------------------------------------------------------- | | `event` | `string` | An `AudienceEvents` value (e.g. `AudienceEvents.PURCHASE`) or any custom string | | `properties` | `Record` | Event properties. Required for predefined events that have required fields (e.g. `purchase`), optional otherwise. | **Requires:** `'anonymous'` or `'full'` consent. Calls at `'none'` are silently dropped. ```typescript theme={null} // Predefined event — typed properties audience.track(AudienceEvents.PURCHASE, { currency: 'USD', value: 9.99, itemName: 'Sword' }); // Custom event — any properties audience.track('tutorial_complete', { stepCount: 5 }); ``` Associates the player's userId with their activity and traits. Call at login or account connection. | Parameter | Type | Description | | -------------- | -------------- | ---------------------------------------------------- | | `id` | `string` | The player's identifier in that provider | | `identityType` | `IdentityType` | Which provider the ID comes from (see table below) | | `traits` | `object` | Optional. `email`, `name`, or custom key-value pairs | **Requires:** `'full'` consent. ```typescript theme={null} audience.identify('player-456', IdentityType.Passport, { email: 'user@example.com', }); ``` **Identity types:** | Value | Provider | | ------------ | ---------------------- | | `'passport'` | Immutable Passport | | `'steam'` | Steam | | `'epic'` | Epic Games | | `'google'` | Google | | `'apple'` | Apple | | `'discord'` | Discord | | `'email'` | Email address | | `'custom'` | Custom identity system | Links two account IDs that belong to the same player. Call when a player connects a second account with a different provider, for example a player previously identified via Steam who later links a Passport account. | Parameter | Type | Description | | --------- | -------------------------------------------- | ------------------------- | | `from` | `{ id: string, identityType: IdentityType }` | The account being linked | | `to` | `{ id: string, identityType: IdentityType }` | The player's main account | **Requires:** `'full'` consent. ```typescript theme={null} audience.alias( { id: 'steam-user-789', identityType: IdentityType.Steam }, { id: 'player-456', identityType: IdentityType.Passport }, ); ``` Wipes the current player's identity and starts a fresh anonymous session. Call when a player logs out so the next player on the same device isn't mixed up. ```typescript theme={null} audience.reset(); ``` Sends all queued events to the server immediately. Call when you need events delivered right now instead of waiting for the next automatic flush. Returns a `Promise` that resolves when the batch is sent. ```typescript theme={null} await audience.flush(); ``` Sends any remaining events and shuts down the SDK. Call when the app unmounts or the page is about to unload. Fires a `session_end` event if consent is above `'none'`. ## Event Delivery * Events are batched and flushed every **5 seconds** or when **20 events** accumulate (configurable via `flushInterval` and `flushSize`) * On page unload (navigate away, close tab), the queue flushes remaining events so they are not lost ## FAQ Yes, they're complementary, not alternatives. The [Tracking Pixel](/docs/products/audience/tracking-pixel) handles passive capture (page views, attribution, form submissions, outbound clicks) with no code beyond a snippet. The Web SDK handles explicit events, user identity, and SPA route tracking. Use both on the same site if you need passive and custom tracking. All events flow to the same pipeline. See the [Data Dictionary](/docs/products/audience/data-dictionary) for the full per-event schema. The call is a no-op. No events are queued or sent. Once you call `setConsent('anonymous')` or higher, subsequent calls will be tracked. Chrome 80+, Firefox 78+, Safari 14+, Edge 80+. Erasure is a server-side operation. Call `DELETE /v1/audience/data` from your backend with the user's `userId` or `anonymousId`. See [Deleting User Data](/docs/products/audience/rest-api#deleting-user-data) in the REST API docs for the full request shape. On the client side, call `reset()` after the erasure is accepted. This clears the user's identity, wipes the event queue, and generates a fresh anonymous ID so the next session is not linked to the erased user: ```typescript theme={null} audience.reset(); ``` ## Next Steps How tracking data powers player attribution and Hub reports Full reference of event schemas and consent levels Passive tracking snippet for marketing sites and landing pages In-game tracking for Unity desktop builds Send events from your backend or game server Send attributed conversions back to ad networks to improve campaign optimisation Manage your publishable and secret keys