Co-Managed Smart Tracking App

Use this guide when one owner wants to build a smart tracking app on 10xDotIn and share management with a small trusted group, such as four friends.

In v1, treat 10xDotIn as the hosted app, tracking, analytics, campaign, webhook, and MCP control plane. Do not treat it as a full private social-community backend. If the app needs durable friend-only state such as chat, profiles, private feeds, or custom database records, keep that state in an external HTTPS service and connect it through webhooks or function bindings.

What This Pattern Supports

Access Model

Use handle collaborators for co-management. The normal handle APIs authorize through handle collaboratorRoles, so this is the right v1 boundary for a small trusted group.

Keep exactly one accountable owner. Give most friends CREATOR; promote only the friend responsible for integrations to OPERATOR.

Build Workflow

1. Create the shared handle

Open https://app.10x.in, create or select the handle that will own the app, then confirm every co-manager has a user account.

Add the four friends as collaborators:

curl -sS -X PUT "${API_BASE}/v2/handles/${HANDLE}/collaborators" \
  -H "authorization: Bearer ${OWNER_JWT_TOKEN}" \
  -H "content-type: application/json" \
  -d '{
    "collaborators": [
      { "userId": "friend_user_1", "role": "CREATOR" },
      { "userId": "friend_user_2", "role": "CREATOR" },
      { "userId": "friend_user_3", "role": "CREATOR" },
      { "userId": "friend_user_4", "role": "OPERATOR" }
    ]
  }'

Use real 10x user IDs. The owner is preserved even if omitted from the request body.

2. Publish the app frontend

Use site_deploy_multifile from MCP when an AI client is building the app, or use the site deployment API with a PAT that has site.deployments.write.

Use multi-file publishing when the app needs JavaScript, CSS, routed pages, or assets:

{
  "files": [
    {
      "path": "index.html",
      "contentType": "text/html",
      "content": "<!doctype html><html><head><title>Shared Tracker</title></head><body><main id=\"app\"></main></body></html>"
    },
    {
      "path": "app.js",
      "contentType": "application/javascript",
      "content": "console.log('shared tracker loaded');"
    }
  ],
  "activate": true
}

After activation, verify that https://{handle}.10x.in/ loads and that the browser console does not show missing asset errors.

3. Create the tracked entry link

Create a campaign and point a short link to the app or to a campaign-specific app route.

curl -sS -X POST "${API_BASE}/v2/handles/${HANDLE}/campaigns" \
  -H "authorization: Bearer ${JWT_TOKEN}" \
  -H "content-type: application/json" \
  -d '{
    "campaignId": "friends-tracker-v1",
    "goalType": "LEAD_CAPTURE",
    "status": "ACTIVE"
  }'

Do not set primarySlug until the link exists. A campaign create call treats primarySlug as a reference to an existing link and returns primary_link_not_found if that slug has not been created yet.

curl -sS -X PUT "${API_BASE}/v2/handles/${HANDLE}/links/tracker" \
  -H "authorization: Bearer ${JWT_TOKEN}" \
  -H "content-type: application/json" \
  -d '{
    "destinationUrl": "https://'"${HANDLE}"'.10x.in/",
    "title": "Shared Tracker",
    "campaignId": "friends-tracker-v1",
    "trackingPolicy": {
      "mode": "DIRECT",
      "appendContextParam": true
    }
  }'

Share https://{handle}.10x.in/tracker as the entry URL. Use the direct app URL for owner QA, but use the short link for tracked traffic.

4. Add behavioral tracking

Use chain signals for app-level behaviors such as page dwell, comments viewed, CTA clicked, or repeated visits.

For public browser-side tracking, write a signal with the handle, session ID, consent mode, and event metadata:

SESSION_ID="sig_${HANDLE}_$(date +%s)_demo001"

curl -sS -X POST "${API_BASE}/v2/public/chain/signals" \
  -H "content-type: application/json" \
  -d '{
    "handle": "'"${HANDLE}"'",
    "sessionId": "'"${SESSION_ID}"'",
    "eventType": "comments_viewed",
    "consent": "basic",
    "signals": [
      {
        "signalKey": "comments",
        "signalValue": "viewed_30s",
        "confidence": 1,
        "source": "shared-tracker-app",
        "metadata": { "route": "/", "section": "comments" }
      }
    ]
  }'

Then resolve or prefetch decisions for the same session:

curl -sS -X POST "${API_BASE}/v2/public/chain/prefetch" \
  -H "content-type: application/json" \
  -d '{
    "handle": "'"${HANDLE}"'",
    "sessionId": "'"${SESSION_ID}"'",
    "triggerEvents": ["idle_30s", "comments_viewed"],
    "currentContext": {
      "device": "mobile",
      "source": "friend-share",
      "pageUrl": "https://'"${HANDLE}"'.10x.in/"
    }
  }'

Respect consent and retention. basic signals are short-lived; use full only when the app has explicit consent for longer retention.

5. Connect operations

Let co-managers operate from the control plane:

1. Open https://app.10x.in.
2. Select the shared handle.
3. Use Links and Campaigns to inspect routing and campaign state.
4. Use Analytics to inspect slug, country, device, referrer, or segment.
5. Use Integrations -> MCP & Tools to refresh MCP Builder and expose only the required tools.

If the app needs event notifications, create a webhook with an OPERATOR account or a scoped PAT:

curl -sS -X POST "${API_BASE}/v2/handles/${HANDLE}/webhooks" \
  -H "authorization: Bearer ${OPERATOR_JWT_TOKEN}" \
  -H "content-type: application/json" \
  -d '{
    "endpointUrl": "https://example.com/tenx-events",
    "eventTypes": ["link.clicked", "conversion.recorded", "personalization.resolved"],
    "enabled": true
  }'

6. Keep private app state outside 10x

Use this rule:

Function bindings are handle-scoped registry entries. They are not uploaded arbitrary backend code.

Validation Checklist

Access

• Owner can list and update collaborators.
• Each friend can sign in, open app.10x.in, and see the shared handle.
• CREATOR friends can manage links/campaigns but cannot create PATs or webhooks.
• OPERATOR friend can manage the integration surfaces assigned to them.
• No friend except the owner can transfer ownership.

App

• site_deploy_multifile or site deployment API returns an active deployment.
• https://{handle}.10x.in/ renders the app.
• JS and CSS assets load without 404s.
• Public custom routes, if any, are backed by nested index.html files.

Tracking

• https://{handle}.10x.in/{slug} redirects to the app.
• The tracked link appends or preserves ctx when tracking policy requires it.
• A test conversion posts within the ctx TTL.
• Invalid or expired ctx returns the expected failure instead of false success.

Signals

• Signal writes return success for a valid sessionId.
• prefetch returns decisions for the requested triggers.
• Consent mode matches the app's consent UX.
• Session IDs do not contain personal data.

Analytics and Webhooks

• Analytics are queried after the freshness window and show the expected slug or campaign.
• Webhook test call reaches the receiver.
• Real event delivery is verified by receiver logs, not only by 10x acceptance.

MCP

• MCP Builder preview refreshes successfully.
• The visible tool list is limited to the handle workflow.
• Each friend connects through OAuth or their own scoped token flow.
• No broad owner PAT is shared across the group.

Limits and Gaps

• Tenant-level team invites can create invite links, but email delivery is not the primary v1 path for handle API authorization. Use handle collaborators for co-management.
• Conversion attribution depends on short-lived ctx tokens. The default TTL is 15 minutes and the hard cap is 1 hour.
• Analytics are rollup-oriented and can lag. Use the freshness status before treating a dashboard as current.
• 10x does not store arbitrary custom app backend state in this pattern. Use an external backend for durable app-specific data.

Related

• Collaborators and Ownership
• Short Links
• Campaign Funnel Workflow
• Chain Signals and Prefetch
• Analytics Exports and Reconciliation
• Notifications and Alerting
• Apps and MCP Tools
• MCP Tools Reference
• API Tokens and Automations