Some browsers use mechanisms that disable third-party tracking scripts. This disables Synerise tracking. To avoid this, you can serve the Synerise tracking tools from your own subdomain. When you complete the instructions in this article, the tracking domain will change from a Synerise domain to your sub-domain. Third-party tracking blockers will not affect Synerise tracking. The process involves: 1. [Preparing the domain](#preparing-the-domain). 2. [Creating a tracking code](#creating-a-tracking-code). 3. [Updating Synerise API requests made from the site](#updating-your-synerise-api-requests).
If you're changing to a custom domain in a workspace where Dynamic Content is used to inject Synerise API requests into the website, you will need to update the Dynamic Content too.
## Preparing the domain 1. In your hosting, create a subdomain for Synerise tracking, for example `api.example.com`
The domain name should **NOT**: contain indications that it is used for tracking; refer to Synerise; or include strings typical to Synerise elements, such as `synerise`, `snr`, or `snrs`.
2. Configure a CNAME DNS entry for the created subdomain: 
// For Azure Cloud deployments:
   NAME                    TYPE   VALUE
   --------------------------------------------------
   api.example.com.        CNAME  web.snrbox.com.

   // For Azure Cloud USA deployments:
   NAME                    TYPE   VALUE
   --------------------------------------------------
   api.example.com.        CNAME  web.azu.snrbox.com

   // For Google Cloud Platform deployments (currently only available in Belgium):
   NAME                    TYPE   VALUE
   --------------------------------------------------
   api.example.com.        CNAME  web.geb.snrbox.com.
After creating a DNS entry, you may need to wait 24-72 hours before it becomes active.
1. **If you want to use your own certificate**:1. Prepare an X.509-format certificate. 2. Deliver the following files to Synerise Support: - private key (`key.pem`) - Fullchain certificate (`fullchain.pem`): - The leaf certificate **must be the first** in the file. - Intermediate certificates must follow, from the lowest-level to the highest. - **Do not** include the root CA.
- When you use your own certificate, it is your responsibility to monitor its expiration time and re-generate it. - Ensure that the `fullchain.pem` file is complete. Missing certificates or wrong certificate order may cause SSL/TLS errors.
2. **If you want Synerise Support to provide a certificate for you**: 1. Contact Synerise Support to request the certificate. Synerise Support generates a certificate by using third-party solutions such as letsencrypt.org. 1. If your domain has CAA records, add the following record to the root domain or subdomains used with Synerise: ``` api.example.com. IN CAA 0 issue “letsencrypt.org” ```
If your domain does not use CAA records, **you do not have to add them**.
## Creating a tracking code Create a tracking code (or update an existing one) with your custom domain as described in [Getting started](/developers/web/installation-and-configuration) and add it to your website.
Insert the tracking code directly into the code of your website.
Don't use Google Tag Manager for this, because GTM can be treated as third-party and blocked.
## Updating your Synerise API requests In Synerise API requests authorized with the tracker key (for example, [Recommendations](https://developers.synerise.com/AIRecommendations/AIRecommendations.html#tag/Recommendations), [Search](https://developers.synerise.com/AISearch/AISearch.html#tag/Search), [AI events](https://developers.synerise.com/DataManagement/DataManagement.html#tag/AI-Events) APIs), you must: 1. Change the domain to your custom domain. 2. Add `ai/` to the beginning of the endpoint path.
API calls inserted into the page with Dynamic Content must be updated in the same way.
These endpoints can be recognized by the availability of authorization methods other than JWT: - the `X-Api-Key` header (legacy). - the `token` parameter in the query, for example: ``` api.synerise.com/search/v2/indices/123/query?query=q&token=B264B70A-1111-1111-1111-AC35EEFA0B59 |------ tracker key authentication ------| ```
Workspace JWT authorization is available for these endpoints, but should only be used for server-to-server communication.
**Example**: If you make requests to the following endpoint: ``` https://api.synerise.com/search/v2/indices/123/query?query=q&token=B264B70A-1111-1111-1111-AC35EEFA0B59 ``` the new query is: 
https://api.example.com/ai/search/v2/indices/123/query?query=q&token=B264B70A-1111-1111-1111-AC35EEFA0B59