Get Active Integrations
tenant
Get Active Integrations
Public: browser-safe view of the tenant’s enabled integrations.
The storefront’s <IntegrationsBootstrap /> hits this endpoint once
on the first paint to know which third-party scripts to load
(Iubenda CMP, GTM, Sentry, …). The Consent Mode v2 dance then runs
on top of the returned config.
Security:
- Only
is_active=truerows are returned. - Secret fields (CAPI tokens, MP API secrets, Sentry auth tokens) are stripped here — the public payload is safe to embed in the HTML of an unauthenticated page.
- The endpoint is public-no-auth but tenant-scoped: the
middleware resolves the tenant from Host header / X-Tenant-Slug,
same as
/tenant/brand.
Cache hint: the storefront can cache this for ~5 minutes; a longer TTL would delay the operator’s “I just disabled Pixel” intent.
GET
Get Active Integrations