How do I connect Meta Ads?

Generate a long-lived Meta System User token with ads_management and ads_read permissions, then paste it into Settings > Integrations > Meta. No Meta App Review required.

How do I connect Google Ads?

Use the Google OAuth Playground or your own OAuth client to obtain a refresh token with the adwords scope. Paste it along with your 10-digit Customer ID in Settings > Integrations > Google.

What can the AI agent do?

The agent can summarize performance, find waste, and execute pause / enable / budget changes on ad sets and campaigns. Every mutation is confirmed before execution and recorded in adSyncLogs.

How long do Meta tokens last?

Meta long-lived tokens expire after 60 days. Admaxxer warns the workspace owner 7 days before expiry and offers a one-click rotation flow.

Admaxxer documentation · the single source of truth.

Every metric that matters, then let Claude act on it.

Admaxxer is a DTC analytics platform with built-in Meta + Google ad ops. Install the pixel, connect Meta and Google, and ship revenue attribution, blended MER, cohort LTV, MMM, forecasting, and AI-driven ad ops in under ten minutes.

Start your free trial See pricing

7-day free trial on every plan. No credit card required.

Deep dives

Six focused sub-pages cover the platform in depth. Start with the topic closest to your goal:

Analytics — first-party pixel, revenue attribution, blended MER, cohort LTV (7/30/90d), MMM, forecasting, incrementality, CAPI match rate.
Claude AI agent — six tools, prompt caching, SSE streaming, destructive-action confirmation gates, the ⌘J keyboard shortcut.
Connect any AI agent (MCP) — use Admaxxer from Claude Desktop, Claude Code, ChatGPT, Cursor, Windsurf, OpenClaw, Cline, Zed, or any MCP-compatible AI client. Setup walkthroughs, tool catalog, FAQs.
Meta + Google connections — paste-token model, Graph API v21, GAQL, refresh-token rotation, AES-256-GCM at rest.
Billing & plans — AD_STARTER / AD_PRO / AD_AGENCY, quotas, Stripe Checkout + Customer Portal, trial mechanics, refund policy.
Developer — REST API under /api/v1/*, webhooks, rate limits, architecture, SDK examples.

Quickstart — four steps to live data

Most teams are reporting blended MER and ad-level LTV inside an hour. Run these four steps in order:

Sign up. Create your workspace at admaxxer.com/signup. Magic-link, Google, and Apple sign-in are all supported. Workspaces are multi-tenant from day one — you can invite teammates immediately.
Install the pixel. Drop one <script> tag into your site head. Twenty platform-specific install guides cover Shopify, WordPress, Webflow, Next.js, Google Tag Manager, Wix, Squarespace, Magento, BigCommerce, custom React/Vue/Svelte builds, and more. See the install index.
Connect Meta Ads. Generate a long-lived user token from Meta for Developers and paste it into Settings › Integrations › Meta. Tokens are encrypted with AES-256-GCM at rest and never written to logs. No Meta App Review is required because the token is user-supplied.
Connect Google Ads. Paste a Google OAuth refresh token plus your approved developer token. Admaxxer handles token refresh, GAQL batching, and the cost_micros → USD conversion automatically.

From that point, your dashboard, attribution view, and the Claude agent are all reading the same Tinybird pipes — no duplicated data layer.

Analytics surface

Analytics is the primary surface in Admaxxer. The first-party pixel feeds 33+ Tinybird pipes that power every chart, every cohort, every model. Pipes are grouped by category:

Visitors and sessions

Visitors — unique visitors, sessions, page views, bounce rate, dwell time, geography, device.
Funnels — multi-step conversion funnels with drop-off, time-between-steps, and step-level segmentation.
Retention — cohort retention curves at day, week, and month grain.
LLM traffic — the slice of inbound traffic attributable to AI assistants (ChatGPT, Claude, Perplexity, etc.).

Revenue and orders

Revenue — gross revenue, refunds, net revenue, AOV, orders by channel, by source, by campaign, by ad creative.
Cohorts — revenue cohorts by acquisition week, month, or campaign — the foundation for cohort LTV.
Cohort LTV — 7-day, 30-day, and 90-day customer LTV, sliced by acquisition channel and creative.
Ad-level LTV — the same 7/30/90d LTV view but resolved down to the individual Meta ad or Google ad-group, so you can compare creatives on long-tail revenue, not just first-purchase ROAS.

Blended efficiency

MER (Marketing Efficiency Ratio) — blended ROAS across paid channels, computed as total revenue divided by total ad spend. The headline number on the dashboard.
Channel ROAS — per-platform ROAS for Meta and Google, side-by-side with blended MER for sanity-checking.
Spend share — how spend is distributed across platforms, campaigns, and creatives over time.

Attribution

Cross-platform creative grid — a Datafast-style grid of every creative across Meta and Google, with spend, revenue, ROAS, CPA, and ad-level LTV in one view.
CAPI match rate — a Hyros-style monitor that scores how well your server-side conversion signal matches Meta's pixel signal. Low match rates mean Meta's optimization is flying blind.
Drill-down — every row is clickable to the session, order, and ad creative that drove it.

Forecasting (v0.1)

Admaxxer ships a lightweight OLS forecast with weekly seasonality. It is good enough to steer weekly decisions — "are we on pace for this month's revenue target?" — but it does not pretend to be Prophet. The OLS coefficients are exposed in the API so you can audit assumptions. v1.5 will upgrade to Prophet (or an equivalent state-space model) for richer seasonality and changepoint detection.

Marketing-mix modeling (MMM, v0.1)

Channel contribution is estimated with OLS plus geometric adstock (no priors in v1). The output is a per-channel contribution to revenue, with adstock-decayed spend as the regressor. v1.5 will replace this with a Robyn-style Bayesian MMM that accepts priors and produces credible intervals. The current implementation is fast, transparent, and good enough to flag obvious channel imbalances — not to replace a full MMM consulting engagement.

Incrementality (v0.1)

The incrementality module compares conversion rates between paid-exposed and organic-only cohorts using a two-proportion z-test. It returns a lift estimate and a p-value. v1.5 will add geo-lift testing — randomly holding out paid traffic to a subset of geos and measuring revenue delta — for a more defensible causal estimate.

Analytics AI chat

The analytics chat is a Sonnet-powered drawer (open from anywhere with ⌘J) that gives natural-language access to the same Tinybird pipes the dashboards read. It exposes 8 read-only tools, gated by a PIPE_ALLOWLIST so it can never query an unapproved pipe. Prompts are cached on the system block and tools array for low latency and predictable cost.

Claude AI agent — campaign operator

The Claude agent is the secondary surface: a data operator first, a campaign operator second. Model: claude-sonnet-4-6. Streaming SSE keeps tokens flowing as they're generated. Prompt caching is preserved on the system block and the tools array — cache regressions are treated as cost regressions.

Six tools

The agent has six tools. The first three are read-only and run without confirmation. The last three are destructive and require an explicit confirmed: true from the user before they fire:

list_campaigns — read-only. Returns the user's Meta and Google campaigns with status, budget, and last-7-day spend.
get_campaign_insights — read-only. Pulls campaign-level performance metrics over a chosen window.
get_account_insights — read-only. Returns ad-account-level rollups (spend, revenue, ROAS, CPA) for a chosen window.
create_campaign — destructive. Creates a new Meta or Google campaign. Requires confirmed: true.
update_campaign — destructive. Updates campaign budget, status, or bid strategy. Requires confirmed: true.
pause_all_low_roas — destructive. Pauses every ad set under a user-supplied ROAS floor. Requires confirmed: true.

An additional read-only tool, query_metrics, gives the agent access to the same Tinybird analytics pipes the dashboards use — so anything you can chart, the agent can read.

Confirmation flow

If you ask the agent to "pause all ad sets with ROAS below 1.5", it will draft the call, surface the candidate list in chat, and wait for explicit confirmation before firing. Clicking Confirm in the UI sets confirmed: true on the next tool call. There is no "auto-pilot" mode — destructive intent is always explicit.

Where to talk to the agent

Two surfaces: the /chat page (full-screen) and the global drawer triggered with ⌘J from anywhere in the app. Both stream the same conversation back-end. Sessions are per-workspace.

Meta Ads operations

Admaxxer talks to Meta via the Marketing API on the Graph API surface (default v21.0; configurable via META_API_VERSION). Two auth modes are supported:

Paste-token — you generate a long-lived user token from Meta for Developers and paste it into Admaxxer. Tokens last roughly 60 days; we warn you 7 days before expiry and provide a one-click rotation flow. No Facebook App Review is required because the token is user-supplied.
OAuth — for teams that prefer browser-based auth, Admaxxer also supports a standard Meta OAuth flow.

Rate limits are respected aggressively: the practical user-token ceiling is roughly 200 calls per hour, and Admaxxer auto-backoffs on the documented error codes (17, 32, 613). Ad account safety is the top priority — we never spam the Graph API on your behalf.

Read the Platforms deep dive for token rotation, error handling, and the full list of operations the agent can perform.

Google Ads operations

Google Ads requires both an OAuth refresh token (per-user) and an approved developer token (per-platform). Paste both into Settings › Integrations › Google. Admaxxer:

Refreshes access tokens automatically before they expire.
Builds GAQL queries against the v17 Google Ads API surface (configurable via GOOGLE_ADS_API_VERSION).
Batches queries to stay under the default 15,000 operations per day quota.
Converts cost_micros to USD by dividing by 1e6 — never displayed to users in micros.
Supports manager (MCC) accounts via the login-customer-id header, configurable per workspace.

Refresh tokens are revoked under three conditions: (1) the user revokes consent, (2) the OAuth client hits the 50-refresh-token cap, or (3) the token has been unused for 6 months. Admaxxer surfaces the revocation state in the connection panel and prompts you to re-authorize.

Connection lifecycle and token security

Every ad-platform credential is encrypted at rest with AES-256-GCM. The encryption key is derived via scrypt from the ENCRYPTION_KEY environment variable, with per-record nonces. Key rotation is supported via dual-key decrypt: during a rotation window, decryption tries the new key first, falls back to the old key, and re-encrypts on read so the old key can be retired cleanly. No raw token is ever written to logs, audit trails, or error reports.

Connection state lives in ad_platform_connections with a status enum (active, expiring_soon, expired, revoked, error). A nightly cron checks expiry windows and emails you 7 days before a Meta token lapses. Rotated tokens reset the status to active without touching downstream sync state.

Workspaces, multi-tenancy, and team invites

Every account starts with a personal workspace. From there:

Multi-tenancy — data is isolated at the database layer; every query includes workspace_id in the predicate. Cross-workspace reads are impossible.
Roles — each member has either owner or member. Owners control billing, integrations, and seat assignments; members consume.
Invites — email an invite from Settings › Team. Invites are single-use, expire in 7 days, and are stored in workspace_invites until accepted.
Seat caps — AD_STARTER allows 1 seat, AD_PRO allows 3 seats, AD_AGENCY allows 10 seats. Quota is enforced at the API layer.

Workspaces can be switched from the header workspace picker without re-authentication.

Authentication

Three sign-in methods, all funneling into the same session model:

Magic link — we email a one-time link valid for 24 hours. No password to leak.
Google OAuth — standard Google Sign-In. The Google ad-platform connection is a separate flow (refresh token + developer token); signing in with Google does not grant ad access.
Apple OAuth — Sign in with Apple, including private-relay email support.

Sessions are HTTP-only cookies, signed with SESSION_SECRET, defaulting to 30 days (SESSION_MAX_AGE_DAYS). Sessions are revoked server-side on logout — no JWT replay risk.

REST API

Programmatic access lives under /api/v1/*. Every route is session-auth or API-key auth, zod-validated, and rate-limited via Upstash Redis. The API surface is intentionally narrow:

Connections — GET /api/v1/connections, POST /api/v1/connections/meta, POST /api/v1/connections/google, DELETE /api/v1/connections/:id.
Campaigns — GET /api/v1/campaigns, GET /api/v1/campaigns/:id, PATCH /api/v1/campaigns/:id (subject to plan quota).
Insights — GET /api/v1/insights/account, GET /api/v1/insights/campaign with windowed queries (since, until, level).
Pixel analytics — POST /api/v1/pixel/jwt mints scoped Tinybird JWTs (120s TTL) for any pipe in the public allowlist; POST /api/v1/pixel/event ingests server-to-server events; POST /api/v1/pixel/identify attaches an external ID.
Chat — POST /api/v1/chat/sessions, POST /api/v1/chat/messages (SSE streaming), GET /api/v1/chat/sessions/:id.
Webhooks — POST /api/v1/webhooks, GET /api/v1/webhooks, DELETE /api/v1/webhooks/:id. Outbound deliveries are HMAC-signed with X-Admaxxer-Signature.

API keys are issued from Settings › API Keys. Keys are workspace-scoped and shown once at creation — we store only the SHA-256 hash. See the Developer deep dive for full schemas, error codes, and SDK examples.

Plans and pricing

Three published plans, billed monthly through Stripe Checkout. Self-serve upgrades and downgrades from the Customer Portal — proration is handled by Stripe. 7-day free trial on every plan. No credit card required. 14-day money-back guarantee on monthly plans.

AD_STARTER — $29/mo. 2 ad-platform connections, 100 chat messages per month, 1 seat. Solo operators and small DTC stores.
AD_PRO — $79/mo. 10 ad-platform connections, 1,000 chat messages per month, 3 seats. Growing brands. The most popular plan.
AD_AGENCY — $199/mo. 999 ad-platform connections, 10,000 chat messages per month, 10 seats. Agencies running multiple client accounts.

Quotas are enforced at the API layer, not the UI layer — you cannot bypass them by hitting the REST endpoints directly. When you hit a quota, you'll see an X-Admaxxer-Quota-Remaining header and a 402 with a structured error body. See the Billing & plans deep dive for plan transitions, dunning, and the recovery flow.

Pixel install — 20 platforms

The Admaxxer pixel is a single first-party <script> tag, cookieless-compatible, that powers every analytics surface. Twenty platform-specific install guides are linked from the install index:

Hosted commerce — Shopify, BigCommerce, WooCommerce, Magento, Wix, Squarespace.
Site builders & CMS — WordPress, Webflow, Ghost, Framer.
Frameworks — Next.js, Nuxt, React, Vue, Svelte, Astro.
Tag managers and proxies — Google Tag Manager, Cloudflare Workers, Vercel/Netlify edge functions, Apache/Nginx reverse proxies.

Average install time is under three minutes. The pixel works on any site where you can edit <head> — the universal snippet is the fallback when no platform-specific guide applies.

Security and data handling

Encryption at rest — AES-256-GCM with scrypt key derivation. Per-record nonces. Dual-key decrypt for clean rotation.
Encryption in transit — TLS 1.2+ everywhere. Database connections require sslmode=require; Redis uses rediss://.
PII handling — visitor emails and phone numbers are SHA-256 hashed before storage. Raw values never leave the request thread.
Audit logs — every destructive ad-platform mutation, every AI agent action, and every billing event is recorded in an append-only audit log with workspace, user, and timestamp.
Secret hygiene — tokens are never logged. Error reports redact authorization headers and request bodies that contain credentials.

Reliability and rate limits

Admaxxer leans hard on Upstash Redis for queues, caches, and rate limiters. BullMQ runs background workers for ad-platform sync and token expiry checks. Rate limits are layered: a per-IP limit on auth endpoints, a per-workspace limit on the REST API, and a per-token limit on outbound Meta and Google calls. The outbound limits exist to protect your ad account — we never spam.

The full rate-limit table is documented in the Developer deep dive. Cache TTLs are tuned conservatively: insights cache for 15 minutes, account metadata for 1 hour, pixel JWTs for 120 seconds. Sync workers operate on a back-pressured queue so that a Meta or Google API outage cannot stall the rest of the app — user-facing dashboards continue to serve from the last cached snapshot, with a banner indicating staleness.

Background jobs are observable: every BullMQ worker emits structured logs on enqueue, start, success, and failure, and exposes its queue depth on a private metrics endpoint. Failed jobs land in a dead-letter queue with a 7-day retention so we can replay them once an upstream issue is resolved. Crashes never silently lose work.

Data architecture — what lives where

Admaxxer separates state across three storage layers, each chosen for its strengths:

Postgres (Neon) — the source of truth for structured, relational state: users, workspaces, sessions, ad-platform connections, chat sessions and messages, billing mirror tables, API keys, and webhook subscriptions. Drizzle ORM defines the schema in shared/schema.ts. Migrations are idempotent raw SQL; destructive changes keep the old column populated until the new one is verified.
Tinybird — the analytics column-store. The first-party pixel ingests events directly to Tinybird; the 33+ pipes are versioned SQL files in tinybird/pipes/. Pipes are deployed via npm run tb:push — the production deploy pipeline does not push pipe SQL automatically, so a postbuild canary warns if HEAD touches tinybird/ without a manual push.
Upstash Redis — queues (BullMQ), caches (insights, account metadata), and distributed rate limiters. One shared ioredis connection across queues and workers; never one connection per queue. TLS-only via rediss://.

The Claude agent reads from all three: Postgres for connection state and chat history, Tinybird via query_metrics for analytics, and the live Meta/Google APIs (via cached service classes) for campaign mutations. There is no separate "agent data layer" — the agent uses exactly the same internal endpoints the UI uses, which means anything a human can see or do, the agent can see or do.

Observability and audit

Every billable or destructive event is observable. Stripe webhooks land in an audit table before they're processed, so we have a verifiable record of every subscription state change. Ad-platform mutations — pause, scale, launch, budget update — write to ad_sync_logs with the request body, response code, and outcome. AI agent tool calls are recorded with input, output, and the user's confirmed flag where applicable. Authentication events (sign-in, sign-out, magic-link consume) are logged with IP and user agent. None of these logs include secret values — tokens, keys, and bearer headers are scrubbed at the logger boundary.

For customer-facing visibility, the in-app activity feed surfaces recent agent actions and connection events in plain English. For team-level visibility, owners can export the audit trail to CSV from Settings › Audit Log.

Internal links

Once you've finished the quickstart, the deep-dive sub-pages cover everything else:

Analytics — pixel, attribution, MER, LTV, MMM, forecasting, incrementality.
Claude AI agent — six tools, prompt caching, confirmation gates, ⌘J shortcut.
Connect any AI agent (MCP) — setup guides for Claude Desktop, Claude Code, ChatGPT, Cursor, Windsurf, OpenClaw, Cline, Zed.
Meta + Google connections — auth modes, rate limits, token rotation, security.
Billing & plans — AD_STARTER / AD_PRO / AD_AGENCY, quotas, Stripe.
Developer — REST API, webhooks, architecture, SDK examples, rate limits.
Pixel install — 20 platforms.
Revenue attribution dashboard — cross-platform creative grid.
Analytics dashboard — MER, cohorts, MMM, forecast.
Integrations — Meta and Google connection management.
Claude chat — full-screen conversation surface.
Pricing — published plan tiers.
Security — full data-handling and compliance details.
Changelog — what shipped this week.

Need help?

Email support@admaxxer.com for product help, integration questions, or anything else. We typically respond within one business day. For Stripe billing questions, the Customer Portal handles invoices, payment methods, and plan changes directly.

Found a bug? Include your workspace ID (visible in Settings), the time of the incident, and a one-line repro. We will respond with a fix or a workaround.