SEO API for developers

Same 91-rule audit engine, accessible via plain HTTP. Bring your own language: curl, Node, Python, PHP, anything that speaks HTTPS. The same API keys also work with our MCP server.

No card needed. Results in 30 seconds.

Or just paste a URL: the same audit, no install required.

Updated

Authenticate with a Bearer token

Every authenticated endpoint accepts a token in the Authorization header: Authorization: Bearer ms_live_xxx. Mint a key at app.metricspot.com/settings/api-keys (up to 10 per account). The anonymous audit endpoint below works with no key at all, rate-limited to 1 audit per IP per 24 hours. The same ms_live_ keys work for both this REST API and the MetricSpot MCP server.

curl

Anonymous endpoint, no token. Returns the full audit envelope inline.

curl -X POST https://app.metricspot.com/api/public/audit \
  -H "Content-Type: application/json" \
  -d '{"url":"https://example.com"}'

Node (fetch)

Works in Node 18+, Bun, Deno, and modern browsers. No dependencies.

const res = await fetch("https://app.metricspot.com/api/audits", {
  method: "POST",
  headers: {
    "Content-Type": "application/json",
    "Authorization": "Bearer ms_live_xxx",
  },
  body: JSON.stringify({ url: "https://example.com" }),
});
const audit = await res.json();

Python (httpx)

requests works identically; swap httpx.post for requests.post.

import httpx

res = httpx.post(
    "https://app.metricspot.com/api/audits",
    headers={"Authorization": "Bearer ms_live_xxx"},
    json={"url": "https://example.com"},
)
audit = res.json()

PHP

Standard cURL extension, available in every PHP install since 4.0.

<?php
$ch = curl_init("https://app.metricspot.com/api/audits");
curl_setopt_array($ch, [
  CURLOPT_POST => true,
  CURLOPT_HTTPHEADER => [
    "Content-Type: application/json",
    "Authorization: Bearer ms_live_xxx",
  ],
  CURLOPT_POSTFIELDS => json_encode(["url" => "https://example.com"]),
  CURLOPT_RETURNTRANSFER => true,
]);
$audit = json_decode(curl_exec($ch), true);

Six endpoints, the whole audit engine

Every endpoint runs the same 91-rule audit and the same 11 score modules as app.metricspot.com. JSON in, JSON out. Anonymous trial endpoint requires no key; the other five accept a Bearer token from your dashboard.

POST /api/public/audit
No auth

Anonymous audit

Run a one-shot SEO and AI-readability audit on any public URL. Returns scores across 11 modules and 91 checks, plus actionable findings with documentation links. Rate-limited to 1 audit per IP per 24 hours.

POST /api/audits
Bearer required

Queue full audit

Queue a full SEO and AI-readability audit. Includes Core Web Vitals from Google PageSpeed Insights, and organic traffic if GA4 and Google Search Console are linked. Responds immediately with audit_id and status: queued.

GET /api/audits/:id
Bearer required

Get audit

Fetch a previously queued audit by id. Returns the 11 module scores (0-100), the total score, every finding with severity and recommendation text, plus links to the HTML and PDF reports.

GET /api/audits
Bearer required

List audits

List the account's audits, most recent first, deduplicated by URL. Returns audit_id, url, status, total_score, created_at. Default limit 24, maximum 100. Standard offset and limit query params for pagination.

POST /api/audits/:id/pdf
Bearer required

Render branded PDF

Kick off a branded PDF render for an audit. Pair with GET /api/pdfs/:id to poll for the signed download URL. Brand assets (logo, colors, footer) come from your Brands settings; pass brand_id to pick a specific brand.

GET /api/audits/:id/google
Bearer required

Organic traffic

Return the 28-day organic traffic snapshot for an audit if GA4 and Google Search Console are linked to the audited URL. Includes session count, daily trend, top landing pages, top queries, and indexing health.

REST API or MCP server: which fits your stack

Both interfaces talk to the same audit engine, with the same keys and the same data. Pick REST when you're writing plain HTTP from CI, scripts, or no-code tools; pick MCP when an AI agent needs to discover and chain tools on its own.

Use case Manual SEO audit Other SEO APIs MetricSpot MCP MetricSpot REST API
CI/CD on every PR Not feasible at PR cadence Possible but expensive per call, brittle JSON shapes Overkill: MCP shines for interactive agents, not headless jobs One curl in a GitHub Action, comment the score delta on the PR
No-code tools (Zapier, n8n, Make) Manual export, copy-paste Custom HTTP block, hand-mapped fields, brittle when schema shifts No MCP support in mainstream no-code platforms today Standard HTTP block with Bearer auth, JSON response maps cleanly
Polyglot stack (Go, Ruby, Java) Not applicable Need an SDK per language, often community-maintained MCP client libraries exist mainly for TypeScript and Python Any language with an HTTPS client works on day one
Internal scheduled jobs Hours per month, easy to skip Per-call pricing, often per-keyword or per-domain Works, but a stdio subprocess is awkward inside cron Plain HTTPS from cron, Kubernetes CronJob, or Lambda
AI agent workflows Human in every loop Agents can call REST, but need hand-written tool wrappers Built for this: tool descriptions and schemas auto-discovered Possible, but you'll write the agent glue code yourself
White-label PDF in your SaaS Manual export, manual rebrand Usually only on the highest tier Available via get_audit_pdf, designed for agent flows POST /api/audits/:id/pdf then GET /api/pdfs/:id, embed in your UI

REST API pricing

The REST API is included on every paid MetricSpot plan: same audit credits, same modules, same PDF rendering. The anonymous audit endpoint is free and works without an account. Authenticated calls count against the same monthly audit quota you see in your dashboard. The same ms_live_ keys work for both the REST API and the MCP server, with no separate quota.

Free

$0/mo

Try the platform. No card, no commitment.

  • ·10 audits per month (1 per site per 24h)
  • ·All ten score modules
  • ·PDF download with our branding
  • ·Multilingual reports

Starter

$29/mo

For freelancers running monthly reports.

  • ·Up to 5 tracked domains
  • ·50 audits per month
  • ·Fully white-labeled PDF reports
  • ·Custom brand kit (logo, color, footer)

Pro

$49/mo

For agencies, freelancers, and resellers.

  • ·Everything in Starter
  • ·Scheduled re-audits (weekly, biweekly or monthly)
  • ·Unlimited tracked domains
  • ·Email reports directly to clients

See plan limits and prices →

What developers build with the REST API

Concrete patterns we see from teams already shipping with the API. Every example uses the same six endpoints and the same Bearer token.

  • CI/CD: audit every preview deploy on PR open, post a comment with the score delta versus main, fail the build if the score drops more than 5 points.
  • Zapier, n8n, Make: trigger an audit when a new lead lands in your CRM, post the total score and top 3 findings to a Slack channel, attach the branded PDF.
  • Internal monitoring: schedule a nightly audit of your top 50 URLs, pipe the module scores into a Grafana panel, alert when a category drops.
  • White-label SaaS: queue an audit on user demand, render the branded PDF, embed the JSON findings in your own UI without hosting the audit engine yourself.
  • QA gates: block a deploy if the AI-readability module dips below the threshold you committed to with your client, with the failing rules in the build log.
  • Reporting: pull GET /api/audits/:id/google after every audit to ship a single PDF combining technical findings with 28-day organic traffic data.

Writing plain HTTP from a script or CI runner is one path. If you're driving the audit from an AI agent (Claude Code, Cursor, ChatGPT, Gemini), our SEO MCP server exposes the same six tools over Model Context Protocol with auto-discovered schemas: same engine, same keys, no glue code.

FAQ

Is the REST API free?

The anonymous audit endpoint (POST /api/public/audit) is free with no account required, rate-limited to 1 audit per IP per 24 hours. The authenticated endpoints are included on every paid MetricSpot plan, including the Free tier (10 audits per month). There's no separate API price and no per-call surcharge: API calls count against the same audit quota you see in your dashboard.

How is this different from the MCP server?

Same audit engine, same 91 rules, same 11 modules, same Bearer keys. The REST API is plain HTTP for humans writing code: curl, fetch, requests, anything. The MCP server speaks Model Context Protocol so AI agents (Claude Code, Cursor, ChatGPT, Gemini) can auto-discover tools, schemas, and auth. Use REST for CI, scripts, and no-code tools; use MCP for agent workflows.

Can I use it with no-code tools like Zapier?

Yes. Any no-code platform with a generic HTTP block works: Zapier (Webhooks by Zapier), n8n (HTTP Request node), Make (HTTP module), Pipedream, Retool. Set the URL to https://app.metricspot.com/api/audits, method to POST, add Authorization: Bearer ms_live_xxx to the headers, and send {"url": "https://example.com"} as JSON. The response maps cleanly to native fields in every platform we tested.

What languages have official SDKs?

None yet. All you need is an HTTPS client and JSON parsing, which every modern language has built in. A thin JavaScript and TypeScript SDK is on the roadmap; until then the four code samples above cover ~90% of integrations we see. If you want an SDK in a specific language, open an issue at github.com/MetricSpot.

How do I authenticate?

Send Authorization: Bearer ms_live_xxx on every authenticated call. Tokens are prefixed with ms_live_ and shown once at creation time; the dashboard stores only a hash. Treat them like any other secret: never commit them, rotate them if exposed, scope one key per integration so you can revoke individually. The dashboard caps each account at 10 active keys.

Where do the API keys come from?

Mint them at app.metricspot.com/settings/api-keys after signing up for any plan, including Free. Each key is shown once; copy it into your secret store immediately. The same keys work for both this REST API and the MetricSpot MCP server, so you only manage one set of credentials across both integration paths.

Is the data the same as MetricSpot's dashboard?

Yes. Every endpoint runs through the same audit engine that powers app.metricspot.com: the same 91 rules across 11 modules, the same severity assignments, the same recommendation text. The PDF report from POST /api/audits/:id/pdf is the same one you can download from the dashboard. Organic traffic comes from the same GA4 and Google Search Console links you've authorized in your account.

What are the rate limits?

The anonymous endpoint is capped at 1 audit per IP per 24 hours. Authenticated endpoints count against your plan's monthly audit quota: Free is 10 per month (1 per site per 24 hours), Starter is 50 per month, Pro is unlimited. There's no per-second rate limit beyond what the audit pipeline can absorb; if you queue dozens at once they'll be processed in order.

Stop writing SEO reports by hand.

Run an audit, brand the PDF, send to your client. In five minutes.

Start your first audit