Skip to main content
The analytics dashboard at l402kit.com/dashboard shows real-time stats for all payments flowing through your API: total sats received, per-endpoint breakdown, 7-day trend, and recent transactions.

Setup

The dashboard is protected by a secret token — DASHBOARD_SECRET. You generate it once and store it wherever you keep your other secrets.

1. Generate a secret

openssl rand -hex 32
# → shdp_dash_a1b2c3d4e5f6...
Or use any password manager to generate a strong random string.

2. Set it in your provider

Cloudflare Workers: 
cd cloudflare/
wrangler secret put DASHBOARD_SECRET
# paste your secret when prompted
Node.js / other: 
# .env
DASHBOARD_SECRET=shdp_dash_a1b2c3d4e5f6...

3. Login

Go to l402kit.com/dashboard, enter your secret, and you’re in. No email, no OAuth, no cookie — the secret is sent as x-dashboard-secret on every stats request.

What you see

MetricDescription
Total paymentsAll-time count of verified L402 payments
Total satsSum of all amount_sats across payments
7-day trendPayments and sats vs prior 7-day window
By endpointBreakdown of which routes earned what
Recent 20Latest payments with hash, endpoint, amount, timestamp

API

The same data is available directly via the API — useful for building your own dashboard or piping into Grafana. 
curl https://l402kit.com/api/stats \
  -H "x-dashboard-secret: YOUR_SECRET"

{
  "totalPayments": 142,
  "totalSats": 14200,
  "shinydappsFee": 42,
  "trend": {
    "payments7d": 38,
    "payments7dPrev": 21,
    "sats7d": 3800,
    "sats7dPrev": 2100
  },
  "byOwner": {
    "you@blink.sv": { "count": 142, "sats": 14200 }
  },
  "recent": [...]
}

Security model

  • The secret never leaves your environment — it is compared server-side in the Cloudflare Worker using strict equality
  • No session token is issued — every request re-validates the secret
  • The secret has read-only access — it can only call /api/stats, not write or delete data
  • Generate a new secret anytime by updating DASHBOARD_SECRET via wrangler secret put
Never commit DASHBOARD_SECRET to git. Add it to your .gitignore and use wrangler secret put or your CI/CD secrets manager.

Rotate the secret

# Generate new secret
openssl rand -hex 32

# Update in Cloudflare Workers
wrangler secret put DASHBOARD_SECRET

# Done — old secret is immediately invalid
No database entries to update. The Worker reads the secret from environment on every request.