Features Pricing Docs Get Started

Tapback Documentation

Everything you need to integrate microfeedback into your application

Quick Start

Get up and running with Tapback in just 3 steps. No API keys required for basic integration!

Create a Site in Dashboard

Sign up and create your first site in the Tapback dashboard. This gives you a unique site ID for your feedback collection.

Dashboard URL

https://tapback.dev/register

Add Widget to Your Page

Add the widget container to your HTML where you want the feedback form to appear:

HTML Code

')" class="text-blue-600 hover:text-blue-700 text-sm"> Copy

<div data-widget-id="YOUR_WIDGET_UUID" data-source="homepage"></div>

Include the Widget Script

Add the Tapback widget script to your page (preferably before the closing </body> tag):

Script Tag

<script src="https://tapback.dev/widget.js"></script>

That's it!

Your feedback widget is now live and collecting reactions from your users. Check your dashboard to see the results!

Interactive Demo

Try out the Tapback widget with different customization options. See how it looks and behaves in real-time!

Customize Your Widget

Question

Emoji Set

Primary Color

Background Color

Layout

Show Tapback branding

Generated Code

HTML

<div data-tapback-widget="demo-site" data-source="demo"></div>

Live Preview

Widget Embedding

The Tapback widget automatically initializes when the page loads. Simply add a container element with the appropriate data attributes.

Basic Usage

HTML Code

<!-- Basic widget with widget UUID -->
<div data-widget-id="your-widget-uuid"></div>

<!-- Widget with custom source tracking -->
<div data-widget-id="your-widget-uuid" data-source="product-page"></div>

<!-- Widget with custom API base -->
<div data-widget-id="your-widget-uuid" data-api-base="https://api.example.com/api"></div>

Required Attributes

data-tapback-widget - Your site or widget UUID
data-source - Identifier for the page/section (optional, defaults to "default")

Customization

Customize the appearance and behavior of your Tapback widgets using data attributes.

Attribute	Values	Default	Description
data-primary-color	CSS color	#3B82F6	Active emoji button color
data-secondary-color	CSS color	#6B7280	Button border color
data-background-color	CSS color	#FFFFFF	Widget background
data-text-color	CSS color	#1F2937	Text color
data-font-size	small, medium, large	medium	Font size
data-border-radius	small, medium, large	medium	Border radius
data-show-branding	true, false	true	Show Tapback branding
data-layout-type	horizontal, vertical, grid, compact	horizontal	Layout arrangement

Customization Example

<div 
  data-widget-id="your-widget-uuid"
  data-source="hero-section"
  data-primary-color="#10B981"
  data-secondary-color="#374151"
  data-background-color="#F9FAFB"
  data-text-color="#111827"
  data-font-size="large"
  data-border-radius="large"
  data-layout-type="vertical"
  data-show-branding="false"
></div>

API Overview

Tapback provides a RESTful API for managing sites, widgets, and reactions. All API endpoints are versioned under /api/v1.

Base URL

https://your-domain.com/api/v1

Authentication

Most API endpoints require authentication using API tokens. Include your token in the Authorization header:

Authorization: Bearer YOUR_API_TOKEN

Response Format

All API responses are returned in JSON format with appropriate HTTP status codes.

Sites API

The Sites API is the recommended way to organize your feedback collection. Sites can contain multiple widgets and provide better organization.

List Sites

GET /api/v1/sites

Retrieve all sites for the authenticated user

curl -H "Authorization: Bearer YOUR_TOKEN" \
  https://your-domain.com/api/v1/sites

Create Site

POST /api/v1/sites

Create a new site

curl -X POST \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"name": "My Website", "domain": "example.com"}' \
  https://your-domain.com/api/v1/sites

Request Body

{
  "name": "string (required, max 255 chars)",
  "domain": "string (optional, max 255 chars)",
  "settings": "object (optional)"
}

Get Site

GET /api/v1/sites/{uuid}

Retrieve a specific site with its reactions

curl -H "Authorization: Bearer YOUR_TOKEN" \
  https://your-domain.com/api/v1/sites/SITE_UUID

Update Site

PUT /api/v1/sites/{uuid}

Update site settings

curl -X PUT \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"name": "Updated Name"}' \
  https://your-domain.com/api/v1/sites/SITE_UUID

Delete Site

DELETE /api/v1/sites/{uuid}

Delete a site and all associated data

curl -X DELETE \
  -H "Authorization: Bearer YOUR_TOKEN" \
  https://your-domain.com/api/v1/sites/SITE_UUID

Site Analytics

GET /api/v1/sites/{uuid}/analytics

Get analytics data for a site

curl -H "Authorization: Bearer YOUR_TOKEN" \
  https://your-domain.com/api/v1/sites/SITE_UUID/analytics

Widgets API

The Widgets API is maintained for backwards compatibility. For new implementations, consider using the Sites API instead.

List Widgets

GET /api/v1/widgets

Retrieve all widgets for the authenticated user

Create Widget

POST /api/v1/widgets

Create a new feedback widget

curl -X POST \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Product Feedback",
    "question": "How helpful was this feature?",
    "emoji_set": ["👍", "👎"]
  }' \
  https://your-domain.com/api/v1/widgets

Request Body

{
  "name": "string (required, max 255 chars)",
  "question": "string (optional, max 255 chars)",
  "emoji_set": "array (required, 1-10 emojis, max 8 chars each)"
}

Update Widget

PUT /api/v1/widgets/{uuid}

Update widget settings

curl -X PUT \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"emoji_set": ["👍", "😐", "👎"]}' \
  https://your-domain.com/api/v1/widgets/WIDGET_UUID

Widget Analytics

GET /api/v1/widgets/{uuid}/analytics

Get analytics data for a widget

Reactions API

The Reactions API handles collecting and retrieving user feedback. It supports both site-based and widget-based reactions.

Submit Reaction

POST /api/v1/reactions

Submit a reaction to a widget or site

curl -X POST \
  -H "Content-Type: application/json" \
  -d '{
    "widget_id": "SITE_OR_WIDGET_UUID",
    "source": "homepage",
    "emoji": "👍"
  }' \
  https://your-domain.com/api/v1/reactions

Request Body

{
  "widget_id": "string (required, UUID of site or widget)",
  "source": "string (required, max 64 chars, alphanumeric + dash)",
  "emoji": "string (required, max 8 chars, valid emoji)"
}

Headers (Optional)

X-Session-Hash: "unique_session_identifier"

Get Reactions

GET /api/v1/reactions

Retrieve reactions (rate limited)

curl https://your-domain.com/api/v1/reactions

Important Notes

• Reactions are rate limited to 20 per minute per IP/session
• Duplicate reactions from the same session are prevented
• The API automatically detects whether you're using a site or widget UUID
• Session tracking helps prevent spam while maintaining user privacy

Authentication

API tokens are used to authenticate requests to protected endpoints. You can manage your tokens through the API.

Create Token

POST /api/v1/tokens

Create a new API token

curl -X POST \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"name": "My API Token"}' \
  https://your-domain.com/api/v1/tokens

Response

{
  "token": "plain_text_token_here",
  "id": "token_id",
  "name": "My API Token"
}

List Tokens

GET /api/v1/tokens

List all your API tokens

Delete Token

DELETE /api/v1/tokens/{id}

Revoke an API token

Security Best Practices

• Keep your API tokens secure and never expose them in client-side code
• Use different tokens for different applications or environments
• Regularly rotate your tokens
• Monitor token usage for any suspicious activity

Code Examples

Ready-to-use code examples for popular frameworks and languages. Copy, paste, and customize!

React Component

React Hook

import { useEffect } from 'react';

function FeedbackWidget({ siteId, source = 'default', className = '' }) {
  useEffect(() => {
    const script = document.createElement('script');
    script.src = 'https://tapback.dev/widget.js';
    script.async = true;
    document.body.appendChild(script);
    
    return () => {
      const existingScript = document.querySelector('script[src="https://tapback.dev/widget.js"]');
      if (existingScript) {
        document.body.removeChild(existingScript);
      }
    };
  }, []);

  return (
    <div 
      data-tapback-widget={siteId} 
      data-source={source}
      className={className}
    ></div>
  );
}

export default FeedbackWidget;

Usage Example

App.js

import React from 'react';
import FeedbackWidget from './components/FeedbackWidget';

function App() {
  return (
    <div className="App">
      <h1>My Website</h1>
      <p>Welcome to our amazing product!</p>
      
      <FeedbackWidget 
        siteId="your-site-uuid" 
        source="homepage"
        className="mt-8"
      />
    </div>
  );
}

export default App;

Vue.js Component

FeedbackWidget.vue

<template>
  <div 
    :data-tapback-widget="siteId" 
    :data-source="source"
    :class="className"
  ></div>
</template>

<script>
export default {
  name: 'FeedbackWidget',
  props: {
    siteId: {
      type: String,
      required: true
    },
    source: {
      type: String,
      default: 'default'
    },
    className: {
      type: String,
      default: ''
    }
  },
  mounted() {
    const script = document.createElement('script');
    script.src = 'https://tapback.dev/widget.js';
    script.async = true;
    document.body.appendChild(script);
  },
  beforeUnmount() {
    const existingScript = document.querySelector('script[src="https://tapback.dev/widget.js"]');
    if (existingScript) {
      document.body.removeChild(existingScript);
    }
  }
}
</script>

Svelte Component

FeedbackWidget.svelte

<script>
  import { onMount, onDestroy } from 'svelte';
  
  export let siteId;
  export let source = 'default';
  export let className = '';
  
  onMount(() => {
    const script = document.createElement('script');
    script.src = 'https://tapback.dev/widget.js';
    script.async = true;
    document.body.appendChild(script);
  });
  
  onDestroy(() => {
    const existingScript = document.querySelector('script[src="https://tapback.dev/widget.js"]');
    if (existingScript) {
      document.body.removeChild(existingScript);
    }
  });
</script>

<div 
  data-tapback-widget={siteId} 
  data-source={source}
  class={className}
></div>

Node.js API Client

tapback-client.js

const axios = require('axios');

class TapbackClient {
  constructor(apiKey, baseURL = 'https://tapback.dev/api/v1') {
    this.client = axios.create({
      baseURL,
      headers: {
        'Authorization': `Bearer ${apiKey}`,
        'Content-Type': 'application/json'
      }
    });
  }

  // Sites
  async createSite(name, domain) {
    const response = await this.client.post('/sites', { name, domain });
    return response.data;
  }

  async getSites() {
    const response = await this.client.get('/sites');
    return response.data;
  }

  async getSite(siteId) {
    const response = await this.client.get(`/sites/${siteId}`);
    return response.data;
  }

  async updateSite(siteId, data) {
    const response = await this.client.put(`/sites/${siteId}`, data);
    return response.data;
  }

  async deleteSite(siteId) {
    const response = await this.client.delete(`/sites/${siteId}`);
    return response.data;
  }

  // Analytics
  async getSiteAnalytics(siteId) {
    const response = await this.client.get(`/sites/${siteId}/analytics`);
    return response.data;
  }

  // Tokens
  async createToken(name, expiresAt) {
    const response = await this.client.post('/tokens', { name, expires_at: expiresAt });
    return response.data;
  }

  async getTokens() {
    const response = await this.client.get('/tokens');
    return response.data;
  }

  async deleteToken(tokenId) {
    const response = await this.client.delete(`/tokens/${tokenId}`);
    return response.data;
  }
}

module.exports = TapbackClient;

Usage Example

example.js

const TapbackClient = require('./tapback-client');

async function main() {
  const client = new TapbackClient('your-api-key');
  
  try {
    // Create a new site
    const site = await client.createSite('My Website', 'example.com');
    console.log('Created site:', site);
    
    // Get analytics
    const analytics = await client.getSiteAnalytics(site.uuid);
    console.log('Analytics:', analytics);
    
  } catch (error) {
    console.error('Error:', error.response?.data || error.message);
  }
}

main();

Python API Client

tapback_client.py

import requests
from typing import Optional, Dict, Any

class TapbackClient:
    def __init__(self, api_key: str, base_url: str = 'https://tapback.dev/api/v1'):
        self.api_key = api_key
        self.base_url = base_url
        self.headers = {
            'Authorization': f'Bearer {api_key}',
            'Content-Type': 'application/json'
        }
    
    def _request(self, method: str, endpoint: str, data: Optional[Dict] = None) -> Dict[str, Any]:
        url = f'{self.base_url}{endpoint}'
        response = requests.request(method, url, headers=self.headers, json=data)
        response.raise_for_status()
        return response.json()
    
    # Sites
    def create_site(self, name: str, domain: Optional[str] = None) -> Dict[str, Any]:
        return self._request('POST', '/sites', {'name': name, 'domain': domain})
    
    def get_sites(self) -> Dict[str, Any]:
        return self._request('GET', '/sites')
    
    def get_site(self, site_id: str) -> Dict[str, Any]:
        return self._request('GET', f'/sites/{site_id}')
    
    def update_site(self, site_id: str, data: Dict[str, Any]) -> Dict[str, Any]:
        return self._request('PUT', f'/sites/{site_id}', data)
    
    def delete_site(self, site_id: str) -> None:
        self._request('DELETE', f'/sites/{site_id}')
    
    # Analytics
    def get_site_analytics(self, site_id: str) -> Dict[str, Any]:
        return self._request('GET', f'/sites/{site_id}/analytics')
    
    # Tokens
    def create_token(self, name: str, expires_at: Optional[str] = None) -> Dict[str, Any]:
        return self._request('POST', '/tokens', {'name': name, 'expires_at': expires_at})
    
    def get_tokens(self) -> Dict[str, Any]:
        return self._request('GET', '/tokens')
    
    def delete_token(self, token_id: str) -> None:
        self._request('DELETE', f'/tokens/{token_id}')

PHP API Client

TapbackClient.php

<?php

class TapbackClient
{
    private string $apiKey;
    private string $baseUrl;
    
    public function __construct(string $apiKey, string $baseUrl = 'https://tapback.dev/api/v1')
    {
        $this->apiKey = $apiKey;
        $this->baseUrl = $baseUrl;
    }
    
    private function request(string $method, string $endpoint, ?array $data = null): array
    {
        $url = $this->baseUrl . $endpoint;
        $headers = [
            'Authorization: Bearer ' . $this->apiKey,
            'Content-Type: application/json'
        ];
        
        $ch = curl_init();
        curl_setopt($ch, CURLOPT_URL, $url);
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
        curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
        curl_setopt($ch, CURLOPT_CUSTOMREQUEST, $method);
        
        if ($data) {
            curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data));
        }
        
        $response = curl_exec($ch);
        $httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
        curl_close($ch);
        
        if ($httpCode >= 400) {
            throw new Exception('API request failed: ' . $response);
        }
        
        return json_decode($response, true);
    }
    
    // Sites
    public function createSite(string $name, ?string $domain = null): array
    {
        return $this->request('POST', '/sites', ['name' => $name, 'domain' => $domain]);
    }
    
    public function getSites(): array
    {
        return $this->request('GET', '/sites');
    }
    
    public function getSite(string $siteId): array
    {
        return $this->request('GET', '/sites/' . $siteId);
    }
    
    public function updateSite(string $siteId, array $data): array
    {
        return $this->request('PUT', '/sites/' . $siteId, $data);
    }
    
    public function deleteSite(string $siteId): void
    {
        $this->request('DELETE', '/sites/' . $siteId);
    }
    
    // Analytics
    public function getSiteAnalytics(string $siteId): array
    {
        return $this->request('GET', '/sites/' . $siteId . '/analytics');
    }
    
    // Tokens
    public function createToken(string $name, ?string $expiresAt = null): array
    {
        return $this->request('POST', '/tokens', ['name' => $name, 'expires_at' => $expiresAt]);
    }
    
    public function getTokens(): array
    {
        return $this->request('GET', '/tokens');
    }
    
    public function deleteToken(string $tokenId): void
    {
        $this->request('DELETE', '/tokens/' . $tokenId);
    }
}

Rate Limiting

Tapback implements rate limiting to ensure fair usage and prevent abuse of the API.

Endpoint	Limit	Window	Description
POST /reactions	20 requests	1 minute	Submit reactions
GET /reactions	60 requests	1 minute	Retrieve reactions
Public endpoints	60 requests	1 minute	Emoji sets, analytics

Rate Limit Headers

API responses include rate limit information in headers:

X-RateLimit-Limit: 20
X-RateLimit-Remaining: 15
X-RateLimit-Reset: 1640995200

Need help? Check out our support page or visit our GitHub repository.

API Overview

Tapback provides a comprehensive RESTful API for managing sites, widgets, and reactions. All endpoints are versioned and include rate limiting.

Base URL

API Endpoint

https://tapback.dev/api/v1

Authentication

Most endpoints require API key authentication

Authorization: Bearer YOUR_API_KEY

Quick Start with API

Get started with the API by creating your first site and generating an API key.

View Authentication → Try API Playground →

API Playground

Test API endpoints directly in your browser. No setup required!

Make API Request

Method

Endpoint

https://tapback.dev/api/v1/

API Key (Optional)

Request Body (JSON)

Response

Response will appear here...

Authentication

API tokens are used to authenticate requests to protected endpoints. You can manage your tokens through the dashboard or API.

Creating API Tokens

Create API tokens through your dashboard or using the API. Each token has a name and optional expiration date.

Create Token Request

POST https://tapback.dev/api/v1/tokens
Authorization: Bearer YOUR_EXISTING_TOKEN
Content-Type: application/json

{
  "name": "My API Token",
  "expires_at": "2024-12-31T23:59:59Z"
}

Response

{
  "id": "123",
  "name": "My API Token",
  "key": "tb_ABC123DEF456GHI789JKL012",
  "is_active": true,
  "expires_at": "2024-12-31T23:59:59Z",
  "created_at": "2024-01-01T00:00:00Z"
}

Security Best Practices

• Keep your API tokens secure and never expose them in client-side code
• Use different tokens for different applications or environments
• Regularly rotate your tokens
• Monitor token usage for any suspicious activity

Sites API

The Sites API is the recommended way to organize your feedback collection. Sites can contain multiple widgets and provide better organization.

List Sites

GET

Retrieve all sites for the authenticated user

Request

curl -H "Authorization: Bearer YOUR_TOKEN" https://tapback.dev/api/v1/sites

Create Site

POST

Create a new site for feedback collection

Request

curl -X POST \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"name": "My Website", "domain": "example.com"}' \
  https://tapback.dev/api/v1/sites

Response

{
  "id": "123",
  "uuid": "550e8400-e29b-41d4-a716-446655440000",
  "name": "My Website",
  "domain": "example.com",
  "user_id": "456",
  "created_at": "2024-01-01T00:00:00Z",
  "updated_at": "2024-01-01T00:00:00Z"
}