Seoxpert.io
Get started

Developer docs

Seoxpert for integrators

Trigger scans from CI. Catch regressions via signed webhooks. Embed scan results in your tooling. Everything below is callable today with a Pro+ API token.

Integration surfaces

API tokens

Bearer auth via `Authorization: Bearer sxp_live_…`. Five scopes, plan-derived rate limits, full endpoint reference with curl examples.

  • POST /api/scans · GET /api/scans · GET /api/scans/{id}/report · GET/POST /api/domains
  • Idempotency-Key support, X-RateLimit-* headers
  • Pro: 60 req/min · Agency: 600 req/min

Signed webhooks

HMAC-SHA256 outbound POSTs (Stripe-compatible signature) for 6 event types with verify-signature snippets and per-event payload schemas.

  • Events: scan.started · scan.completed · scan.failed · score.dropped · issue.new_critical · credits.low
  • 5-minute replay window, 3 retry attempts with exponential backoff
  • Workspace signing secret (`sxw_…`) — rotatable from Settings → API

Deploy hooks

Per-domain webhook URLs that trigger a fresh scan from your CI pipeline. One curl call after every deploy.

  • 5 ready-to-paste CI snippets: curl · GitHub Actions · Vercel · Netlify · GitLab CI
  • 1 scan / 5 min / domain rate limit
  • Trigger metadata (ref, sha, environment) persists to the scan record

Client portals

Read-only public URLs for sharing scan results with clients without giving them dashboard access. Agency-tier white-labeling supported.

  • Token scoped to (workspace, root_url) — always shows the latest completed scan
  • Default 1-year expiry, revocable instantly
  • Pro: Seoxpert defaults · Agency: white-label logo + colors + footer

References

OpenAPI 3.1 spec
Import to Postman, Insomnia, or any code-gen tool. Cached 5 min.
Changelog
Dated release notes for every API + webhook + scanner change.
System status
Live DB / scan worker / email checks.
Support
Anything not covered here — reply goes to a human.

First-time integrators — start here

  1. Mint a token from Settings → API. Copy it once — we hash the rest.
  2. Test the auth: curl -H "Authorization: Bearer $TOKEN" https://seoxpert.io/api/domains. Should return your domain list.
  3. Trigger a scan: POST to /api/scans with {rootUrl}. Pass an Idempotency-Key header so a CI retry replays the original scan.
  4. Wire a webhook for scan.completed so you don't have to poll. Use the verify-signature snippet on the webhooks docs.
  5. Hook it to your CI via the deploy hooks page — copy the snippet for your provider.