Analytics
    • Docs
    • Auth
      • /v2/auth/token
        GET
    • Activity Log
      • /v2/activity-log
        GET
      • /v2/activity-log
        DELETE
      • /v2/activity-log/csv
        GET
      • /v2/activity-log/realtime
        GET
    • Data Availability
      • /v2/data-availability
        GET
    • Statistics
      • /v2/statistic/timeseries
        GET
      • /v2/statistic/timeseries/{group}
        GET
      • /v2/statistic/count
        GET
      • /v2/statistic/count/{group}
        GET
      • /v2/statistic/trend/{group}
        GET
    • Admin Actions
      • /v2/admin-action
        GET
    • Clients
      • /v2/client
        GET
      • /v2/client
        DELETE
      • /v2/client/alias/{endpointId}/{clientId}
        DELETE
      • /v2/client/alias/{endpointId}/{clientId}
        PUT
    • Schemas
      • Column
      • DeleteClientResponse
      • GetAdminActionLogResponse
      • CountGroupResponse
      • GetClientResponse
      • AdminActionLogItem
      • GeoIPData
      • QueryData
      • PaginationData
      • ClientActivity
      • TrendResponse
      • CountResponse
      • TimeSeriesGroupResponse
      • TimeSeriesResponse
      • ErrorResponse
      • Trigger
      • Datetime
      • DataAvailability
      • HistoricalQueriesResponse
      • IP
      • Domain

    Docs

    This is the specification for the Control D Analytics API.

    Endpoints#

    The API is served from various endpoints, depending on account type and region.
    RegionAccount TypeEndpoint
    AmericaUserus-east1-usr01.analytics.controld.com
    AmericaOrgus-east1-org01.analytics.controld.com
    AsiaUserasia-southeast1-usr01.analytics.controld.com
    AsiaOrgasia-southeast1-org01.analytics.controld.com
    EuropeUsereurope-west4-usr01.analytics.controld.com
    EuropeOrgeurope-west4-org01.analytics.controld.com

    Authentication#

    Requests are authenticated with "pseudo-bearer" authentication (via HTTP headers):
    Authorization: Bearer <token>
    You can generate your API tokens here. See here for more information.
    Authentication is not required for endpoints tagged as Public.

    Activity Log#

    The actual DNS queries of a user can be obtained via the Activity Log API if they are at most 33 days old.

    Admin Actions#

    Audit logs (admin actions) can be accessed through the Admin Actions API.

    Clients#

    The Clients API allows reading data about clients and endpoints, such as when they were last active, or client metadata.
    It also allows adding custom aliases for clients.

    Statistics API#

    Processed and aggregated information about DNS queries, can be retrieved through the Statistics API.
    This API uses pre-aggregated data with varying granularity.

    Columns#

    The Statistics and Activity Log APIs support filtering based on the following dimensions.
    Important: Filtering and grouping by columns marked "no" in the year column is not possible for data older than 33 days.
    namemeaningtypeyearexample
    endpointIdthe id of the endpoint to which the query was madestringyesabc123
    clientIdthe id of the client which made the requeststringyesabc123
    profileIdthe id of the active profilestringyesabc123
    actionaction taken by ROBERTenum, see belowyes0
    triggerthe category of the trigger for actionenum, see belowyesfilter
    triggerValuethe name of the trigger for actionstringyesads
    spoofTargetin the event of a redirect, the target. Can be an IP, another domain, or an IATA codestringyesYYZ
    questionthe domain name of the requeststringyessubdomain.windscribe.com
    protocolthe DNS protocol used for the requestenum, see belownodoh
    statusCodethe DNS status codenumberno0
    rrTypethe response record typestringnoAAAA
    srcCountrycountry code of the country of the source IPstringyesCA
    dstCountrycountry code of the country of the destination IPstringyesDE
    srcIspsource ISP namestringyesWindscribe
    dstIspdestination ISP namestringyesAT&T
    srcAsnASN of the source ISPstringno15169
    dstAsnASN of the destination ISPstringno15169

    Enums#

    Action#

    -1: failed
    0: blocked
    1: bypassed
    2: redirected by IP
    3: redirected by Location

    Trigger#

    default: default rule
    grule: global (Control D) rule
    filter: a block made by a filter
    service: a service
    custom: a custom rule
    rebind: action taken due to optional rebind protection

    Protocol#

    legacy: legacy DNS
    doh: DNS-over-HTTPS
    dot: DNS-over-TLS
    doh3: DNS-over-HTTPS3
    doq: DNS-over-QUIC

    Impersonating a Sub-Organization#

    An Organization admin can impersonate a Sub-Organization by including a X-Force-Org-Id header. Single-use tokens obtained this way are scoped to the specified Sub-Organization.

    Dynamically Determining Endpoint#

    If you're building an application, you may wish to determine the analytics endpoint at runtime.
    This allows you to change storage regions without necessarily breaking clients.
    1.
    stats_endpoint is served over the User Data Endpoint
    a. For users, this will be under body > stats_endpoint
    b. For Organizations, this will be under body > org > stats_endpoint
    2.
    The Analytics Endpoint will be concat(stats_endpoint, ".analytics.controld.com")

    Maintenance mode#

    When Analytics is in maintenance mode, all calls will return a 503 Service Unavailable with the regular Error Response containing a code 50303.
    Modified at 2026-02-24 23:36:37
    Next
    /v2/auth/token
    Built with