Authentication

The RankNibbler API uses a simple API key. Every request must include a valid key — there's no OAuth flow or token exchange to manage.

Passing your key

Send your key one of two ways. The X-API-Key header is preferred — it keeps the key out of URLs, logs and browser history.

Header — preferred

curl -H "X-API-Key: YOUR_KEY" \
"https://www.ranknibbler.com/api/audit?url=https://example.com"

Query parameter

curl "https://www.ranknibbler.com/api/audit?url=https://example.com&key=YOUR_KEY"

Getting a key

Keys are created from your account, not anonymously. Create a free account and generate a key in your dashboard:

Create a free account (or sign in).
Open your API dashboard and create an API key.
Copy the key — it's shown once — and use it in the header above.

The old anonymous POST /api/v1/key endpoint is retired and now returns 403, pointing you here to sign up.

Your daily quota is account-wide

The free tier allows 100 requests per day, shared across all of your account's keys — it is not 100 per key. Creating extra keys doesn't add quota; they're just for organising, rotating or revoking access. Going over the shared limit returns 429. See API keys and Rate limits.

Keep your key secret

Treat an API key like a password:

Call the API from your server, not from browser-side code shipped to users.
Prefer the header over ?key= so it doesn't end up in server logs or analytics.
If a key leaks, revoke it in your dashboard and create a new one.

Failed authentication

A missing or invalid key returns 401:

401 Unauthorized

{ "error": "Missing or invalid API key. Get one at https://www.ranknibbler.com/api" }

See Errors for the full list of status codes.