This article has been written to help you understand the different ways in which Piano Analytics can be implemented and to help you choose the right method for your organization.
Note
For more information, please reach out to the support centre.The Data collection can be split in two distinct categories:
- Where do events come from?
- Where are they sent to?
For each part, multiple solutions exist. Privacy also remains a key component that is not invalidated by any of those solutions.
Where do events come from?
Note
Tag Management Systems (TMS) handle this part of the data collection in most cases. They can be used no matter which endpoint is chosen.Client-Side
Implementations where the analytics data is sent from the visitor device (browser, native app, ...). Most of the time, such implementations use the Piano Analytics SDK but it is not mandatory.
The main attraction of client-side based implementations is the overall simplicity, on the other hand the data collection can be disturbed by the many resources present on the client (i.e. browser used, plugins).
Server-Side
Server - Piano Analytics Collection API
Implementations where the analytics data originates from a server (not visible by the visitor).
Client - Server - Piano Analytics Collection API
Implementations can also be hybrid where some information originates from the server (page loaded) but others originate from the client (scroll, click or other events the server has no access to).
Server-side implementation can be done with or without the Piano Analytics SDK.
Where is the data sent to?
Piano Analytics default collection domain
Implementation where the data is sent to the default Piano Analytics collection endpoint available in the Data Collection Portal interface.
This domain cannot be configured whatsoever. It is managed by Piano Analytics.
Even though server-side cookies are possible through this implementation choice, it will be a 3rd party cookie. This configuration will now provide robust cookies for Firefox, Safari or Brave. As a reminder, 3rd party cookies will no longer be available by the end of 2024 as Google Chrome, the last browser on the market still supporting this technology also initiated its sunset.
Custom Domain Data Collection (CDDC)
CDDC is a delegation of a subdomain dedicated to Piano Analytics for analytics purposes. Piano Analytics is responsible for managing the subdomain infrastructure.
Two choices exist for the TLS certificates management:
- Domain validated certificates as a free option. Piano Analytics is responsible for the certificate creation and renewal.
- Custom TLS certificates as a paid subscription. The customer is responsible for its TLS certificate creation and renewal.
We offer two ways of delegating the customer’s subdomain: CNAME or Domain delegation.
Note
By design, cookies are sent with any request to domain matching the cookie domain. As such, sensitive cookies deposited by the customer on the parent domain will be sent to our collection API. We ignore them but this can be seen as a security breach for some customers.CNAME
Based on the CNAME DNS record, the data is sent to your subdomain and redirected to the Piano Analytics collection API.
Domain delegation
Based on the NS DNS record, the data is sent to your subdomain and redirected to the Piano Analytics collection API. The sub-zone is fully delegated to Piano Analytics.
CDN data collection / reverse proxy
The CDN (or any reverse proxy mechanism) helps cleaning the request before it is sent to the Piano Analytics collection API. Amongst the information you can modify, you are also expected to clean the different cookies that would be automatically sent to our servers without any action on your part. This makes it a very secure and flexible solution.
The documentation is available here.
Cookies
While server-side cookies are superior to client-side cookies in terms of expected lifetime, server-side cookies from a CNAME or a delegated domain are not: it remains best using client-side cookies as a result on those two implementations.
Server-side cookies are only recommended for CDN and Server-side data collection as these are the only cookies for which the ITP (Safari browser policy) can be properly followed. Otherwise, client-side cookies remain the best in terms of cookie lifetime.