Cloudflare Pages + Functions

Safe Event Receiver

A tiny demo API that accepts safe JSON events only. It rejects sensitive fields like passwords, cookies, tokens, API keys, and secrets.

Test with curl

Run this from your terminal after setting your local API key in .dev.vars.

curl -X POST http://127.0.0.1:8788/api/events \
  -H "Content-Type: application/json" \
  -H "X-API-Key: change-this-local-demo-key" \
  -d '{"event":"signup_test","message":"Hello from my app","source":"local-demo"}'

Important

• Do not send passwords, cookies, tokens, or private data.
• Do not put your API key in frontend JavaScript.
• Store secrets in .dev.vars locally and Cloudflare secrets in production.