Heap documents client SDKs plus server-side REST ingestion at developers.heap.io, batching up to 1,000 events per call. Ingestion auth is a bare project app_id in the request body. There is no raw-event read API; egress runs through the paid Heap Connect warehouse sync.
Heap scores A on the API Report Card. Heap documents client SDKs plus server-side REST ingestion at developers.heap.io, batching up to 1,000 events per call. Ingestion auth is a bare project app_id in the request body. There is no raw-event read API; egress runs through the paid Heap Connect warehouse sync.
Heap has a workable official integration path. Most engineering teams can build against it directly. Open API: self-serve, documented, with SDKs
Heap (now 'Heap by Contentsquare') is a digital insights and product analytics platform that automatically captures every user interaction on a web or mobile app, clicks, form fills, page views, swipes, taps, scrolls, without requiring engineers to instrument individual events ahead of time.
Vertical: Product analytics / digital experience analytics (horizontal SaaS, not industry-specific). Product managers and growth teams drop the Heap snippet into their web/mobile app and immediately get every click, form field, and pageview captured retroactively, no event taxonomy required upfront.
Heap reports 10,000+ companies on the platform, holds 4.3/5 across thousands of G2 reviews, and is named in every '2026 best product analytics' comparison alongside Amplitude, Mixpanel, PostHog, and FullStory.
Yes, for any digital business that runs growth, product, or UX decisions on Heap, the platform holds the full behavioral dataset: every autocaptured click, form field, pageview, swipe, and scroll across web and mobile; identified user and account properties stitched across sessions and devices; session replays of real user sessions; defined events, segments, funnels, retention cohorts, and dashboards built on top of that history; and (for Heap Connect customers) the raw event stream mirrored to the warehouse.
Founded in 2013 in San Francisco by Matin Movassate and Ravi Parikh; YC-backed, raised a $55M Series D in 2019 at a reported $960M valuation.
Rate limits are enforced but undocumented, no published RPS, no rate-limit response headers, no Retry-After; clients must implement blind exponential backoff. Authentication for server-side ingestion is a bare app_id in the JSON body, no bearer token, no header-based auth, no fine-grained scoping. Full sourced list under Sources below.
Common alternatives include Amplitude, Mixpanel, Google Analytics 4, PostHog, FullStory, Pendo. Graded alternatives appear under "More from the report card" below.
Grades measure one thing: can a customer's engineering team get their own data out programmatically? We check six things (whether a real API exists, how access is gated, data coverage, auth quality, docs and developer experience, and stability) and roll them into a letter grade. Grades get re-verified, and they only move on evidence.