Skip to main content
The Keupera Public API gives you programmatic access to every major platform module: Keyword Research, Backlink Research, Content Management, AI Visibility, and Analytics.

Base URL

All endpoints live under a single host, grouped by module function name: 
https://app.keupera.com/api/v1/<function-name>
Module function names:
ModuleFunction
Keywordspublic-api-keywords
Backlinkspublic-api-backlinks
Contentpublic-api-content
AI Visibilitypublic-api-ai-visibility
Analyticspublic-api-analytics

Authentication

Every request must include your API key as a Bearer token: 
Authorization: Bearer YOUR_KEUPERA_API_KEY
Generate keys from Settings → API Keys in your Keupera dashboard.
Your subscription plan must include Public API access. Requests from plans without API entitlement return 403 Forbidden.

Common query parameters

Most endpoints accept:
ParameterTypeDefaultDescription
website_idUUIDAPI key’s websiteOverride the target website
limitintegervaries per endpointNumber of results to return
pageinteger1Page number for paginated endpoints

Date range parameters

Analytics and Search Console endpoints accept date ranges:
ParameterTypeDefaultDescription
rangestring30dPreset: 7d, 30d, 90d
fromstringStart date (YYYY-MM-DD)
tostringEnd date (YYYY-MM-DD)
When both from and to are provided, range is ignored.

Response format

All responses are JSON and follow a consistent shape.

Success

{
  "data": [ /* ... */ ],
  "meta": {
    "total": 150,
    "page": 1,
    "limit": 20
  }
}

Error

{ "error": "Descriptive error message" }

HTTP status codes

CodeMeaning
200Success
201Created
400Bad request — missing or invalid parameters
401Unauthorized — missing or invalid API key
403Forbidden — inactive key, no API access, or unauthorized website
404Not found
429Too many requests — rate limit exceeded
500Internal server error

Rate limits

Requests are rate-limited per subscription tier. If you exceed your quota you’ll receive 429 Too Many Requests. Contact ask@support.keupera.com to request a higher limit.

CORS

All endpoints respond with Access-Control-Allow-Origin: * so they can be called from any origin — but never ship a key in a browser; always proxy requests through your own backend.