Seoxpert.io
Get started

Release notes

Changelog

Every customer-visible change to the API, webhooks, scanner, dashboard, and pricing — newest first. Pin your integration against a date, audit breaking changes here, and follow the API docs for current shape.

  1. toolsdocs

    Research reports launched — live leaderboard of the most common audit findings

    New section at /reports. First report: a live leaderboard of the most common SEO / security / accessibility issues we find across real customer audits, refreshed daily via ISR. Every entry links to its fix guide. Built on our own scan database — no scraping of strangers. Future reports (llms.txt adoption, Open Graph hygiene, security-header grades, hreflang reciprocity, robots.txt patterns) will draw from aggregated, anonymized usage of our free tools.

  2. proagency

    Competitor benchmarking — track up to 10 competitor sites weekly

    New panel under Settings → Domains. Add competitor URLs (3 on Pro, 10 on Agency), get a weekly scan against the same 20-category audit as your own site, and see the score delta on the dashboard. Each row shows their latest score, when it last ran, and whether you're leading or trailing. Competitor scans draw from your monthly scan budget — heavy trackers naturally upgrade to Agency. Marketing page: /use-cases/competitor-monitoring.

  3. proagency

    Embeddable scanner widget — drop a one-liner on any agency site

    Mint a public widget token in Settings → API. Paste a <script> tag on your portfolio / landing page; visitors get a "Scan your site free" button that opens Seoxpert with their URL pre-filled and your workspace tracked as the referrer. Pro = 5 tokens, Agency = 20 tokens + white-label rendering (no "Powered by Seoxpert" footer). Smart-redirect — no server-side scan budget per visitor, so viral usage doesn't burn your quota. Marketing page: /use-cases/embedded-scanner.

  4. ui

    Issues board — persistent Kanban for triaging findings

    New tab under the dashboard sidebar. Every current issue across every domain in one view, with status columns (Open / In progress / Blocked / Deferred / Done / Won't fix / False positive). One-click status-change dropdown on every card, severity + category + domain filters. When you fix a severe finding on your site, the next scan auto-marks it as Done with an "Auto-fixed" badge — the dopamine moment baked into the workflow.

  5. uiemail

    Score-climb celebration on scan results

    When you re-scan and the health score went up vs the previous scan, a teal banner above the score hero celebrates the win loudly: "+6 health score · 3 severe issues fixed." Lists exactly which findings were resolved. The scan-completed email subject already led with the delta arrow (▲ +6 / acme.io · 3 issues resolved) — this is the dashboard counterpart.

  6. tools

    Five new free tools — Open Graph, Schema, Hreflang, Security Headers, llms.txt

    Each takes a URL, runs the same checks our main scanner uses, and shows fix guidance: /tools/og-preview (Twitter / LinkedIn / Facebook card render + content-type sniffing), /tools/schema-validator (23+ Schema.org types with rich-result eligibility), /tools/hreflang-checker (reciprocity probe up to 10 alternates — the check most validators skip), /tools/security-headers (A-F grade, recognises strict-dynamic CSP upgrade), /tools/llms-txt (validates llms.txt + cross-checks robots.txt for 17 AI crawlers). All free, no signup, rate-limited per IP.

  7. apiwebhooksdeploy-hookdocs

    API rate-limit headers, Idempotency-Key, per-event payload schemas, 5-provider deploy snippets

    Token-authed routes (POST/GET /api/scans, GET /api/scans/[id]/report, GET/POST /api/domains) now return X-RateLimit-Limit / -Remaining / -Reset on every response and Retry-After on 429s — CI scripts can self-throttle. POST /api/scans now honors the Idempotency-Key header (Stripe convention, 24h replay window) so a CI retry doesn't burn a fresh credit. /webhooks doc page rewritten with accurate per-event payload schemas (was prose-described); also fixed a stale "overallHealthScore" reference in the Slack handler example. /deploy-hooks doc page now renders all 5 CI provider snippets (curl / GitHub Actions / Vercel / Netlify / GitLab CI) — same builder the dashboard uses.

  8. uidocs

    DomainCombobox primitive — typeahead picker for the schedules tab

    Replaced the Radix select on the schedules tab with a keyboard-navigable combobox; substring-matches against rootUrl + parsed hostname. The Start Scan tab keeps its radio-card list but adds an inline search above the list when domains.length > 8. Real win for Agency-tier customers managing 50 domains.

  9. api

    API tokens are no longer just decorative — 4 routes wired

    POST /api/scans, GET /api/scans, GET /api/scans/[id]/report, and GET/POST /api/domains now accept Bearer sxp_live_… tokens with the appropriate scope (scans:write / scans:read / reports:read / domains:read / domains:write). Token paths skip the workspace RBAC matrix because tokens can only be minted by Pro+ admins/owners. A May 2026 review caught a cross-workspace leak and we now pin every token query to its mint-time workspaceId.

  10. emailbilling

    Scan-completed emails on the free tier — and an auto-schedule on signup

    Removed the Pro+ gate on scan-completed emails. ALL plans now receive the email (per-send ~€0.0003 via Brevo). New signups now also auto-create a weekly scheduled scan on the same weekday, 9am, with regression alerts to their email. Together these turn one-shot users into a weekly-engaged base. **Marketing copy on 22 public pages was reworded** to remove the "scheduled scans are Pro+" claim.

  11. email

    Day-3, Day-14, Day-30 lifecycle emails

    Hourly cron sweeps (staggered 0/10/20 past every hour) now find customers stuck at 1 completed scan after 72h / 14d / 30d and send a tone-appropriate re-engagement email. Each customer gets each stage at most once (idempotency keyed on lifecycle:<stage>:<customerId>). Three template files at src/lib/email/templates/day-{3,14,30}-*.ts.

  12. deploy-hook

    One-click integration snippets for 5 CI providers

    Mint a deploy hook from Settings → Domains and the reveal banner now includes copy-paste snippets for curl, GitHub Actions, Vercel, Netlify, and GitLab CI. Source builder at src/lib/deploy-hook-snippets.ts — each provider is a single editable case.

  13. emailui

    Email templates redesigned — top brand strip, refined CTA, accent-bordered highlights

    New visual primitives: brand accent strip on the panel head, logo dot in the wordmark, 26px heading, beefier CTA. New ContentBlock kinds: divider (horizontal rule) and secondaryLink (the "or do this instead" link below the primary CTA). All 12 transactional templates inherit automatically.

  14. webhooks

    All 6 webhook event types are now wired end-to-end

    scan.started, scan.completed, scan.failed, score.dropped, issue.new_critical, credits.low. score.dropped fires on a 5-point regression vs the most recent completed scan; issue.new_critical fires once per new critical finding (deduplicated by canonical issue id); credits.low fires on the way down at thresholds 3, 1, and 0.

  15. billing

    Pricing migration — €19.99 Pro, €89 Agency, EUR currency

    Public ladder is now Free / Pro €19.99/mo / Agency €89/mo. Free tier: 4 scans/month, 1 domain, weekly+ scheduled scans, regression alerts. Pro: 100 scans, 10 domains, API access, deploy hooks, signed webhooks, client portals. Agency: 500 scans, 50 domains, daily + weekday schedules, white-label PDFs. Legacy USD plans (starter/pro/agency-monthly + annual + once) remain resolvable for grandfathered subscriptions.

  16. scanner

    20-scanner audit + 150 new findings

    Schrems II / AI Act §50 / EAA / Consumer Rights Directive compliance findings, multi-language URL path banks for 19 EU languages, language-aware word-counting for CJK/Thai content, per-language stopword fingerprinting (was producing false near-duplicate flags on German/Spanish/French sites), softer severity for non-actionable signals.

  17. webhooksapi

    Signed event webhooks (Stripe-compatible HMAC)

    Per-workspace signing secret (sxw_… format), X-Seoxpert-Signature header with t=… ,v1=… encoding, 5-minute replay window. Verify-signature snippet in the /webhooks docs is copy-pasteable Node.js. Rotation endpoint: POST /api/account/webhook-secret/rotate.

  18. security

    Removed the pre-signup background scan path

    **Breaking** for any caller of /api/guest-scan or /api/teaser. The whole pre-signup background-scan path was deleted; users now sign up first, then the auto-scan runs. Eliminates a bunch of signup-flow abuse vectors and ~200 lines of UI state.

Need to compare API surfaces by date? Each entry's date is stable. Older entries (pre April 2026) are not surfaced here yet — most material changes from before that period were small enough to roll into the launch entry.

API docs →Webhook docs →System status →