Seoxpert.io
Get started

Release notes

Changelog

Every customer-visible change to the API, webhooks, scanner, dashboard, and pricing — newest first. Pin your integration against a date, audit breaking changes here, and follow the API docs for current shape.

  1. apiwebhooksdeploy-hookdocs

    API rate-limit headers, Idempotency-Key, per-event payload schemas, 5-provider deploy snippets

    Token-authed routes (POST/GET /api/scans, GET /api/scans/[id]/report, GET/POST /api/domains) now return X-RateLimit-Limit / -Remaining / -Reset on every response and Retry-After on 429s — CI scripts can self-throttle. POST /api/scans now honors the Idempotency-Key header (Stripe convention, 24h replay window) so a CI retry doesn't burn a fresh credit. /webhooks doc page rewritten with accurate per-event payload schemas (was prose-described); also fixed a stale "overallHealthScore" reference in the Slack handler example. /deploy-hooks doc page now renders all 5 CI provider snippets (curl / GitHub Actions / Vercel / Netlify / GitLab CI) — same builder the dashboard uses.

  2. uidocs

    DomainCombobox primitive — typeahead picker for the schedules tab

    Replaced the Radix select on the schedules tab with a keyboard-navigable combobox; substring-matches against rootUrl + parsed hostname. The Start Scan tab keeps its radio-card list but adds an inline search above the list when domains.length > 8. Real win for Agency-tier customers managing 50 domains.

  3. api

    API tokens are no longer just decorative — 4 routes wired

    POST /api/scans, GET /api/scans, GET /api/scans/[id]/report, and GET/POST /api/domains now accept Bearer sxp_live_… tokens with the appropriate scope (scans:write / scans:read / reports:read / domains:read / domains:write). Token paths skip the workspace RBAC matrix because tokens can only be minted by Pro+ admins/owners. A May 2026 review caught a cross-workspace leak and we now pin every token query to its mint-time workspaceId.

  4. emailbilling

    Scan-completed emails on the free tier — and an auto-schedule on signup

    Removed the Pro+ gate on scan-completed emails. ALL plans now receive the email (per-send ~€0.0003 via Brevo). New signups now also auto-create a weekly scheduled scan on the same weekday, 9am, with regression alerts to their email. Together these turn one-shot users into a weekly-engaged base. **Marketing copy on 22 public pages was reworded** to remove the "scheduled scans are Pro+" claim.

  5. email

    Day-3, Day-14, Day-30 lifecycle emails

    Hourly cron sweeps (staggered 0/10/20 past every hour) now find customers stuck at 1 completed scan after 72h / 14d / 30d and send a tone-appropriate re-engagement email. Each customer gets each stage at most once (idempotency keyed on lifecycle:<stage>:<customerId>). Three template files at src/lib/email/templates/day-{3,14,30}-*.ts.

  6. deploy-hook

    One-click integration snippets for 5 CI providers

    Mint a deploy hook from Settings → Domains and the reveal banner now includes copy-paste snippets for curl, GitHub Actions, Vercel, Netlify, and GitLab CI. Source builder at src/lib/deploy-hook-snippets.ts — each provider is a single editable case.

  7. emailui

    Email templates redesigned — top brand strip, refined CTA, accent-bordered highlights

    New visual primitives: brand accent strip on the panel head, logo dot in the wordmark, 26px heading, beefier CTA. New ContentBlock kinds: divider (horizontal rule) and secondaryLink (the "or do this instead" link below the primary CTA). All 12 transactional templates inherit automatically.

  8. webhooks

    All 6 webhook event types are now wired end-to-end

    scan.started, scan.completed, scan.failed, score.dropped, issue.new_critical, credits.low. score.dropped fires on a 5-point regression vs the most recent completed scan; issue.new_critical fires once per new critical finding (deduplicated by canonical issue id); credits.low fires on the way down at thresholds 3, 1, and 0.

  9. billing

    Pricing migration — €19.99 Pro, €89 Agency, EUR currency

    Public ladder is now Free / Pro €19.99/mo / Agency €89/mo. Free tier: 4 scans/month, 1 domain, weekly+ scheduled scans, regression alerts. Pro: 100 scans, 10 domains, API access, deploy hooks, signed webhooks, client portals. Agency: 500 scans, 50 domains, daily + weekday schedules, white-label PDFs. Legacy USD plans (starter/pro/agency-monthly + annual + once) remain resolvable for grandfathered subscriptions.

  10. scanner

    20-scanner audit + 150 new findings

    Schrems II / AI Act §50 / EAA / Consumer Rights Directive compliance findings, multi-language URL path banks for 19 EU languages, language-aware word-counting for CJK/Thai content, per-language stopword fingerprinting (was producing false near-duplicate flags on German/Spanish/French sites), softer severity for non-actionable signals.

  11. webhooksapi

    Signed event webhooks (Stripe-compatible HMAC)

    Per-workspace signing secret (sxw_… format), X-Seoxpert-Signature header with t=… ,v1=… encoding, 5-minute replay window. Verify-signature snippet in the /webhooks docs is copy-pasteable Node.js. Rotation endpoint: POST /api/account/webhook-secret/rotate.

  12. security

    Removed the pre-signup background scan path

    **Breaking** for any caller of /api/guest-scan or /api/teaser. The whole pre-signup background-scan path was deleted; users now sign up first, then the auto-scan runs. Eliminates a bunch of signup-flow abuse vectors and ~200 lines of UI state.

Need to compare API surfaces by date? Each entry's date is stable. Older entries (pre April 2026) are not surfaced here yet — most material changes from before that period were small enough to roll into the launch entry.

API docs →Webhook docs →System status →