Identify the browser context
getBilyTrackingId() returns the Bily identifier for the current browser context.
null.
The browser tracking ID:
- is not a login identity;
- is not a secret;
- does not authorize a request;
- can change when browser storage is cleared or unavailable.
Add authenticated customer context
Attach your stable account identifier asclient.userId only to events that need it.
identify(), alias(), or reset(). client.userId is approved customer context on an event—not an identity-merge command.
If the same person uses more than one browser or device, use the same stable internal user ID when your consent and data policy allow it. Never use email as authorization or assume that matching contact fields merge records.
Handle sign-in transitions explicitly
Use this sequence:- Track signed-out behavior without authenticated customer fields.
- After your application verifies the login, include the stable internal user ID on later events that need it.
- Stop attaching the previous account’s context immediately after logout.
- Test shared-device login and logout flows.
Preserve page and acquisition inputs
These fields preserve where an event occurred and where the browser came from:| Field | Use |
|---|---|
sourceUrl | Current page URL for an explicit event |
pageTitle | Current page title |
referrer | Referring URL when your policy permits it |
category | Controlled event or content category |
| Custom properties | Approved campaign IDs or channel labels from your application |
Rely on documented attribution
Bily’s public API and MCP expose normalized analytics and customer-journey reads where available. Treat the returned fields as the reporting contract. The JavaScript SDK contract does not define:- an automatic first-touch or last-touch rule;
- cross-domain browser-ID sharing;
- anonymous-to-known identity merging;
- exactly-once delivery from an
event_id.
Correlate one logical outcome
The SDK generatesevent_id when it is missing. Provide a stable value when more than one system can observe the same logical outcome.
Confirm the identity model
- Browser IDs and authenticated user IDs have separate names and purposes.
- Protected actions always use your verified session or server credential.
- Customer fields appear only on events that require them.
- Login, logout, shared-device, storage-cleared, and consent-denied flows are tested.
- Attribution rules come from verified analytics output, not assumptions about the SDK.