Developers
Public API
Pull audit data and trigger new audits from your own systems. Base URL: https://seo.nxtgencreative.io
Access
This API is currently available to NxtGen Creative platform administrators only. Premium tier API access is on the product roadmap. If you’re interested in API access, contact mark@nxtgencreative.io.
Authentication
Every request needs a bearer token in the Authorization header.
Authorization: Bearer ngn_xxxxxxxxxxxxAPI keys can only be generated by platform administrators at /settings/api-keys. The full key is shown once at creation, store it securely. Revoked keys are rejected immediately.
Each key has scopes: audits:read for GET endpoints, audits:trigger for POST trigger.
GET /api/public/audits/latest
Returns the most recent audit owned by the authenticated user for a given URL or hostname. Match order: exact url, then final_url, then hostname. Strictly scoped to the calling key’s user, audits owned by other users are never returned.
Query params: url (preferred) or hostname.
curl -H "Authorization: Bearer ngn_xxxxxxxxxxxx" \
"https://seo.nxtgencreative.io/api/public/audits/latest?url=https://example.com"Response 200:
{
"audit_id": "...",
"user_id": "...",
"url": "https://example.com",
"final_url": "https://example.com/",
"hostname": "example.com",
"overall_score": 78,
"has_ai": true,
"created_at": "2026-05-25T12:34:56Z",
"share_url": "https://seo.nxtgencreative.io/share/<token>",
"categories": [
{ "name": "Meta & Indexability", "weight": 18, "score": 85, "issues": [...] }
],
"fix_first": [...],
"ai_insights": {...} | null,
"performance": { "lcp": 2.4, "cls": 0.08, "inp": 180, "ttfb": 0.6, "fcp": 1.2, "mobile_score": 82, "desktop_score": 91 }
}404 if no audit found, 401 if key invalid.
POST /api/public/audits
Triggers a new audit. Returns immediately with a job_id; poll the status URL to track progress.
Body: { "url": "...", "use_credit": false }
curl -X POST \
-H "Authorization: Bearer ngn_xxxxxxxxxxxx" \
-H "Content-Type: application/json" \
-d '{"url":"https://example.com","use_credit":false}' \
"https://seo.nxtgencreative.io/api/public/audits"Response 202:
{
"job_id": "...",
"status": "pending",
"status_url": "https://seo.nxtgencreative.io/api/public/audits/jobs/<job_id>",
"created_at": "..."
}402 if use_credit=true and balance is zero. 429 if free monthly quota or daily API cap exceeded.
GET /api/public/audits/jobs/{job_id}
Poll for job status. audit_url is set when the job completes, pointing back to /api/public/audits/latest for that URL.
curl -H "Authorization: Bearer ngn_xxxxxxxxxxxx" \
"https://seo.nxtgencreative.io/api/public/audits/jobs/<job_id>"Response 200:
{
"job_id": "...",
"status": "pending" | "running" | "completed" | "failed" | "cancelled",
"progress": 0,
"current_url": "...",
"audit_id": "..." | null,
"audit_url": "https://seo.nxtgencreative.io/api/public/audits/latest?url=..." | null,
"error": null,
"created_at": "...",
"started_at": "..." | null,
"finished_at": "..." | null
}Rate limits
Per-minute: 60 requests/minute per key on GET endpoints, 10/minute on POST trigger. On 429, see the Retry-After header.
Daily cap: 50 POST audits per user per rolling 24h window, counted across all keys owned by the same user. Applies to all users, including administrators. Exceeding it returns:
{
"error": "Daily audit limit exceeded",
"limit": 50,
"reset_at": "2026-05-28T12:00:00.000Z"
}Every response includes X-RateLimit-Limit, X-RateLimit-Remaining, and X-RateLimit-Reset (unix seconds) for the per-minute window.
Cost considerations
POST audits consume real resources: PageSpeed Insights calls, Firecrawl crawl credits, and Lovable AI Gateway tokens for AI insights. With use_credit=true the audit deducts a Premium credit from the calling user’s balance. Without use_credit, free-tier users count against the monthly free quota (5/30d) and Premium/Pro/Agency users have no per-audit charge. The daily 50/24h cap above applies on top of either path as a circuit breaker.
Security redaction
Critical security findings are visible only to the audit owner in the UI. The API applies the same redaction: any finding with severity: "critical" has its detail, fix, and evidence replaced with a placeholder message. This protects sensitive site details from being exfiltrated through third-party integrations.
Recommended flow
POST to trigger an audit, poll status_url every 5-10s until status=completed, then GET audit_url (or call /audits/latest directly) for the full audit data.