Skip to content
HogPocketHogPocket
EngineeringFebruary 28, 20267 min read

How HogPocket Uses the PostHog API Under the Hood

A technical look at how HogPocket connects to PostHog, handles authentication, caches data, and keeps everything fast on a mobile connection.

H

HogPocket Team

Architecture overview

HogPocket is a native iOS app that talks directly to the PostHog API. There's no backend — your analytics data flows from PostHog's servers to your phone without touching any intermediary.

This was a deliberate choice. We didn't want to store your data, proxy your credentials, or add latency. Your PostHog instance is the single source of truth.

Authentication

HogPocket uses PostHog personal API keys for authentication. When you sign in, the app stores your key in the iOS Keychain — Apple's encrypted credential store. The key never leaves the device unencrypted, is never logged, and is never sent anywhere except PostHog's API endpoints.

API endpoints we use

HogPocket talks to several PostHog API endpoints:

  • /api/projects/ — List available projects
  • /api/projects/:id/insights/ — Fetch dashboard insights
  • /api/projects/:id/events/ — Query events with filters
  • /api/projects/:id/persons/ — Look up user profiles
  • /api/projects/:id/query/ — Execute HogQL queries
  • /api/projects/:id/session_recordings/ — List session recordings

    • All requests include your API key in the Authorization header and use HTTPS.

    Caching strategy

    Mobile networks are unreliable. HogPocket uses a multi-layer caching strategy:

    In-memory cache

    Recent API responses are kept in memory for instant access when switching between tabs. Cache TTL varies by data type — dashboard metrics expire after 60 seconds, event lists after 30 seconds.

    Disk cache

    The last successful response for each screen is persisted to disk. If you open the app offline or on a slow connection, you'll see stale-but-useful data immediately while a fresh request loads in the background.

    Smart invalidation

    Switching projects clears all caches. Pull-to-refresh forces a fresh fetch. Background refreshes happen every 60 seconds when the app is in the foreground.

    Performance optimisations

    Request batching

    When you open the dashboard, HogPocket needs data for multiple widgets. Instead of firing 8 sequential requests, we batch them into parallel requests and render each widget as its response arrives.

    Pagination

    Event lists and session recordings use cursor-based pagination. We load 20 items initially, then fetch more as you scroll. This keeps initial load times under 500ms even on 3G.

    Response compression

    All API requests include Accept-Encoding: gzip. PostHog's API supports gzip compression, which typically reduces response sizes by 70-80%.

    Error handling

    Network errors on mobile are a fact of life. HogPocket handles them gracefully:

  • Timeout — Requests timeout after 15 seconds. The app shows cached data with a "last updated" timestamp.
  • 401 Unauthorized — The app prompts you to re-enter your API key.
  • Rate limiting — PostHog returns 429 status codes when you exceed rate limits. HogPocket respects the Retry-After header and queues requests.
  • Server errors — 5xx responses trigger an automatic retry with exponential backoff (1s, 2s, 4s).

    • Privacy

    HogPocket collects minimal analytics via PostHog (yes, we eat our own dogfood). We track app opens, screen views, and feature usage — never your PostHog data, queries, or credentials. You can see exactly what we collect in our privacy policy.

    All postsDownload HogPocket