Umami Analytics

Umami is an open-source, self-hosted web analytics platform that collects cookieless, privacy-respecting pageview and event data with a REST API for querying stats, sessions, events, and funnels.

Evaluated Mar 06, 2026 (0d ago) vcurrent

Homepage ↗ Repo ↗ Other web-analytics cookieless privacy-first open-source self-hosted gdpr plausible-alternative nodejs

⚙ Agent Friendliness

/ 100

Can an agent use this?

🔒 Security

/ 100

Is it safe for agents?

⚡ Reliability

/ 100

Does it work consistently?

Score Breakdown

⚙ Agent Friendliness

MCP Quality

Documentation

Error Messages

Auth Simplicity

Rate Limits

🔒 Security

TLS Enforcement

Auth Strength

Scope Granularity

Dep. Hygiene

Secret Handling

Self-hosted deployments must enforce TLS at the infrastructure layer. No scope-based access control — all tokens have full user-level access. Cookieless by design is a privacy strength.

⚡ Reliability

Uptime/SLA

Version Stability

Breaking Changes

Error Recovery

Best When

You self-host a privacy-first analytics stack and need a clean REST API to query cookieless pageview and event data without depending on Google Analytics.

Avoid When

You need advanced cohort analysis, A/B testing integrations, or do not want to manage your own infrastructure.

Use Cases

• Fetching pageview and unique visitor counts for a website over a date range for automated reporting
• Querying top pages, referrers, and UTM campaign performance to feed a marketing dashboard
• Pulling custom event data (button clicks, form submissions) to analyze funnel conversion rates
• Monitoring real-time active visitor counts as part of a site health check workflow
• Comparing traffic trends across multiple websites managed in a single Umami instance

Not For

• Session recording or heatmap analysis — Umami does not support visual replays
• E-commerce conversion tracking requiring persistent identity and cross-device attribution
• Enterprise-scale analytics requiring BigQuery or Redshift export connectors

Interface

REST API

Yes

GraphQL

gRPC

MCP Server

SDK

Webhooks

OpenAPI Spec ↗

Authentication

Methods: bearer_token

OAuth: No Scopes: No

Authentication uses a Bearer token obtained by POSTing credentials to /api/auth/login. Tokens expire and must be refreshed. Umami Cloud also supports API keys. No OAuth or granular scopes — all tokens have full access to the authenticated user's data.

Pricing

Model: open_source

Free tier: Yes

Requires CC: No

Self-hosted deployment (PostgreSQL or MySQL) is free and open-source under MIT license. Umami Cloud is the managed SaaS option.

Agent Metadata

Pagination

offset

Idempotent

Read_only

Retry Guidance

Not documented

Known Gotchas

⚠ Auth token must be obtained via login endpoint first — there is no static API key by default in self-hosted deployments
⚠ Token expiry is not documented with a specific TTL; agents must handle 401s and re-authenticate
⚠ Website UUID (websiteId) must be looked up before most queries — no way to query by domain name directly
⚠ Date/time parameters require specific ISO 8601 format; undocumented timezone handling can cause off-by-one day errors
⚠ Self-hosted API behavior may differ from Umami Cloud depending on version; no versioned API path (e.g., /v1/)

Alternatives

plausible-api pirsch-api google-analytics-api fathom-api

Full Evaluation Report

Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for Umami Analytics.

AI-powered analysis · PDF + markdown · Delivered within 30 minutes

$99

Package Brief

Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.

Delivered within 10 minutes

Score Monitoring

Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.

Continuous monitoring

$3/mo

API endpoint ↗ Agent guide ↗ Report inaccuracy

Scores are editorial opinions as of 2026-03-06.