customerio-known-pitfalls
Identify and avoid Customer.io anti-patterns. Use when reviewing integrations, avoiding common mistakes, or optimizing existing Customer.io implementations. Trigger with phrases like "customer.io mistakes", "customer.io anti-patterns", "customer.io best practices", "customer.io gotchas".
Install
mkdir -p .claude/skills/customerio-known-pitfalls && curl -L -o skill.zip "https://mcp.directory/api/skills/download/8981" && unzip -o skill.zip -d .claude/skills/customerio-known-pitfalls && rm skill.zipInstalls to .claude/skills/customerio-known-pitfalls
About this skill
Customer.io Known Pitfalls
Overview
The 12 most common Customer.io integration mistakes, with the wrong pattern, the correct pattern, and why it matters. Use this as a code review checklist and developer onboarding reference.
The Pitfall Catalog
Pitfall 1: Wrong API Key Type
// WRONG — using Track API key for transactional messages
const api = new APIClient(process.env.CUSTOMERIO_TRACK_API_KEY!);
// Gets 401 because App API uses a DIFFERENT bearer token
// CORRECT — use the App API key
const api = new APIClient(process.env.CUSTOMERIO_APP_API_KEY!);
Why: Customer.io has two separate authentication systems. Track API uses Basic Auth (Site ID + Track Key). App API uses Bearer Auth (App Key). They are not interchangeable.
Pitfall 2: Millisecond Timestamps
// WRONG — JavaScript Date.now() returns milliseconds
await cio.identify("user-1", {
created_at: Date.now(), // 1704067200000 → year 55976
});
// CORRECT — Customer.io expects Unix seconds
await cio.identify("user-1", {
created_at: Math.floor(Date.now() / 1000), // 1704067200
});
Why: Customer.io accepts millisecond values without error but interprets them as seconds, resulting in dates thousands of years in the future. Segments using date comparisons silently break.
Pitfall 3: Track Before Identify
// WRONG — tracking before identifying creates orphaned events
await cio.track("new-user", { name: "signed_up", data: {} });
// User profile doesn't exist yet — event may be lost
// CORRECT — always identify first
await cio.identify("new-user", { email: "[email protected]" });
await cio.track("new-user", { name: "signed_up", data: {} });
Why: Track calls on non-existent users may be silently dropped. Always identify() before track().
Pitfall 4: Using Email as User ID
// WRONG — email can change, creating duplicate profiles
await cio.identify("[email protected]", { email: "[email protected]" });
// When user changes email, old profile orphaned, new one created
// CORRECT — use immutable database ID
await cio.identify("usr_abc123", {
email: "[email protected]", // Email as attribute, not ID
});
Why: The first argument to identify() is the permanent user ID. If you use email and the user changes it, you get two profiles. Use your database primary key instead.
Pitfall 5: Missing Email Attribute
// WRONG — user can't receive email campaigns
await cio.identify("user-1", {
first_name: "Jane",
plan: "pro",
// No email attribute!
});
// CORRECT — always include email for email campaigns
await cio.identify("user-1", {
email: "[email protected]",
first_name: "Jane",
plan: "pro",
});
Why: Without an email attribute, the user profile exists but can't receive any email campaigns or transactional messages.
Pitfall 6: Dynamic Event Names
// WRONG — creates hundreds of unique event names
await cio.track("user-1", {
name: `viewed_${productId}`, // "viewed_SKU-12345"
data: {},
});
// CORRECT — use a static name with data properties
await cio.track("user-1", {
name: "product_viewed", // Consistent, filterable
data: { product_id: productId }, // Dynamic data in properties
});
Why: Dynamic event names pollute your event catalog and make it impossible to create campaign triggers. Use a fixed set of event names and pass variations as data properties.
Pitfall 7: Blocking Request Path
// WRONG — API call adds 200ms+ to every request
app.post("/api/action", async (req, res) => {
const result = await doBusinessLogic(req.body);
await cio.track(req.user.id, { name: "action_taken", data: {} }); // BLOCKS response
res.json(result);
});
// CORRECT — fire-and-forget for non-critical tracking
app.post("/api/action", async (req, res) => {
const result = await doBusinessLogic(req.body);
cio.track(req.user.id, { name: "action_taken", data: {} })
.catch((err) => console.error("CIO track failed:", err.message));
res.json(result); // Returns immediately
});
Why: Customer.io tracking is non-critical analytics. Don't add 200ms+ latency to every user request.
Pitfall 8: No Bounce Handling
// WRONG — keep sending to bounced addresses, damaging sender reputation
// (No webhook handler for bounces)
// CORRECT — suppress users who bounce
async function handleBounceWebhook(event: { customer_id: string }) {
await cio.suppress(event.customer_id);
console.warn(`Suppressed bounced user: ${event.customer_id}`);
}
Why: Continuing to send to bounced addresses damages your sender reputation, eventually causing all your emails to go to spam.
Pitfall 9: New Client Per Request
// WRONG — creates a new TCP connection for every API call
app.post("/track", async (req, res) => {
const cio = new TrackClient(siteId, apiKey, { region: RegionUS });
await cio.track(req.body.userId, req.body.event);
res.sendStatus(200);
});
// CORRECT — singleton, created once
const cio = new TrackClient(siteId, apiKey, { region: RegionUS });
app.post("/track", async (req, res) => {
await cio.track(req.body.userId, req.body.event);
res.sendStatus(200);
});
Why: Each new TrackClient() creates fresh connections. Singleton reuses TCP connections, reducing latency by 50-80%.
Pitfall 10: Inconsistent Event Names
// WRONG — multiple naming conventions
await cio.track(userId, { name: "UserSignedUp" }); // PascalCase
await cio.track(userId, { name: "user-signed-up" }); // kebab-case
await cio.track(userId, { name: "user signed up" }); // spaces
// CORRECT — consistent snake_case everywhere
await cio.track(userId, { name: "user_signed_up" });
Why: Event names are case-sensitive. Inconsistent naming means campaign triggers only match one variant, and your event catalog becomes a mess.
Pitfall 11: No Rate Limiting
// WRONG — blasting API at full speed during import
for (const user of allUsers) {
await cio.identify(user.id, user.attrs); // 1000+ req/sec → 429 errors
}
// CORRECT — rate-limited processing
import Bottleneck from "bottleneck";
const limiter = new Bottleneck({ maxConcurrent: 10, minTime: 15 });
for (const user of allUsers) {
await limiter.schedule(() => cio.identify(user.id, user.attrs));
}
Why: Customer.io rate limits at ~100 req/sec. Without throttling, bulk operations trigger 429 errors and potentially get your API key temporarily blocked.
Pitfall 12: PII in Event Names
// WRONG — PII in event names is unsanitizable
await cio.track(userId, { name: `[email protected]` });
// CORRECT — PII only in data properties (can be deleted per GDPR)
await cio.track(userId, {
name: "email_sent",
data: { recipient: "[email protected]" },
});
Why: Event names are indexed and cached. PII in event names can't be deleted for GDPR compliance. Always put PII in event data properties.
Quick Reference
| # | Pitfall | Fix |
|---|---|---|
| 1 | Wrong API key type | Track key for tracking, App key for transactional |
| 2 | Millisecond timestamps | Math.floor(Date.now() / 1000) |
| 3 | Track before identify | Always identify() first |
| 4 | Email as user ID | Use immutable database ID |
| 5 | Missing email attribute | Include email in identify() |
| 6 | Dynamic event names | Static names, dynamic data properties |
| 7 | Blocking request path | Fire-and-forget with .catch() |
| 8 | No bounce handling | Suppress bounced users via webhook |
| 9 | New client per request | Singleton pattern |
| 10 | Inconsistent event names | Always snake_case |
| 11 | No rate limiting | Use Bottleneck or p-queue |
| 12 | PII in event names | PII in data properties only |
Integration Audit Script
# Quick grep audit for common pitfalls in your codebase
echo "=== Customer.io Pitfall Audit ==="
echo "--- Checking for Date.now() without /1000 ---"
grep -rn "created_at.*Date.now()" --include="*.ts" --include="*.js" \
| grep -v "/ 1000" || echo "OK"
echo "--- Checking for new TrackClient inside functions ---"
grep -rn "new TrackClient" --include="*.ts" --include="*.js" \
| grep -v "^.*const\|^.*let\|^.*export" || echo "OK"
echo "--- Checking for dynamic event names ---"
grep -rn "name:.*\`" --include="*.ts" --include="*.js" \
| grep "track\|Track" || echo "OK"
echo "--- Checking for blocking await in routes ---"
grep -rn "await.*cio\.\|await.*track\.\|await.*identify" --include="*.ts" \
| grep "router\.\|app\." || echo "Review these for fire-and-forget"
Resources
Next Steps
After reviewing pitfalls, use customerio-reliability-patterns for fault tolerance.
More by jeremylongshore
View all skills by jeremylongshore →You might also like
flutter-development
aj-geddes
Build beautiful cross-platform mobile apps with Flutter and Dart. Covers widgets, state management with Provider/BLoC, navigation, API integration, and material design.
drawio-diagrams-enhanced
jgtolentino
Create professional draw.io (diagrams.net) diagrams in XML format (.drawio files) with integrated PMP/PMBOK methodologies, extensive visual asset libraries, and industry-standard professional templates. Use this skill when users ask to create flowcharts, swimlane diagrams, cross-functional flowcharts, org charts, network diagrams, UML diagrams, BPMN, project management diagrams (WBS, Gantt, PERT, RACI), risk matrices, stakeholder maps, or any other visual diagram in draw.io format. This skill includes access to custom shape libraries for icons, clipart, and professional symbols.
ui-ux-pro-max
nextlevelbuilder
"UI/UX design intelligence. 50 styles, 21 palettes, 50 font pairings, 20 charts, 8 stacks (React, Next.js, Vue, Svelte, SwiftUI, React Native, Flutter, Tailwind). Actions: plan, build, create, design, implement, review, fix, improve, optimize, enhance, refactor, check UI/UX code. Projects: website, landing page, dashboard, admin panel, e-commerce, SaaS, portfolio, blog, mobile app, .html, .tsx, .vue, .svelte. Elements: button, modal, navbar, sidebar, card, table, form, chart. Styles: glassmorphism, claymorphism, minimalism, brutalism, neumorphism, bento grid, dark mode, responsive, skeuomorphism, flat design. Topics: color palette, accessibility, animation, layout, typography, font pairing, spacing, hover, shadow, gradient."
godot
bfollington
This skill should be used when working on Godot Engine projects. It provides specialized knowledge of Godot's file formats (.gd, .tscn, .tres), architecture patterns (component-based, signal-driven, resource-based), common pitfalls, validation tools, code templates, and CLI workflows. The `godot` command is available for running the game, validating scripts, importing resources, and exporting builds. Use this skill for tasks involving Godot game development, debugging scene/resource files, implementing game systems, or creating new Godot components.
nano-banana-pro
garg-aayush
Generate and edit images using Google's Nano Banana Pro (Gemini 3 Pro Image) API. Use when the user asks to generate, create, edit, modify, change, alter, or update images. Also use when user references an existing image file and asks to modify it in any way (e.g., "modify this image", "change the background", "replace X with Y"). Supports both text-to-image generation and image-to-image editing with configurable resolution (1K default, 2K, or 4K for high resolution). DO NOT read the image file first - use this skill directly with the --input-image parameter.
pdf-to-markdown
aliceisjustplaying
Convert entire PDF documents to clean, structured Markdown for full context loading. Use this skill when the user wants to extract ALL text from a PDF into context (not grep/search), when discussing or analyzing PDF content in full, when the user mentions "load the whole PDF", "bring the PDF into context", "read the entire PDF", or when partial extraction/grepping would miss important context. This is the preferred method for PDF text extraction over page-by-page or grep approaches.
Related MCP Servers
Browse all servers
Ref ToolsBoost AI coding agents with Ref Tools—efficient documentation access for faster, smarter code generation than GitHub Cop
SemgrepSemgrep is a leading code analysis tool that scans code for vulnerabilities, helping developers fix issues swiftly withi
RtfmbroRtfmbro is an MCP server for config management tools—get real-time, version-specific docs from GitHub for Python, Node.j
Instagram EngagementUnlock Instagram insights to boost advertising and marketing services. Analyze interactions for better IG engagement and
RSS Feed ParserRSS Feed Parser is a powerful rss feed generator and rss link generator with RSSHub integration, perfect for creating cu
TON Blockchain AnalyzerTON Blockchain Analyzer tracks wallet addresses, analyzes transactions, and uncovers trading patterns for smarter crypto
Stay ahead of the MCP ecosystem
Get weekly updates on new skills and servers.