🔑Growth and Agency plans only. API access requires a valid API key. Generate your key from your account settings under API Access.

Authentication

All API requests must include your API key in the Authorization header using Bearer token authentication. Your key is unique to your account and should be kept secret.

Authorization header

Authorization: Bearer YOUR_API_KEY

To generate or rotate your API key, go to Dashboard > Settings > API Access. Agency plan users may create multiple keys.

Endpoints

POST/api/v1/scan

Run a full GEO analysis on a publicly accessible URL. Returns the overall score, per-category scores, and raw scan data.

Request body

Parameter	Type	Description
urlrequired	string	The full URL to scan, including protocol (https://). Must be publicly accessible. Private IPs and localhost are not allowed.

Example request

curl -X POST https://geoautopilot.com/api/v1/scan \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"url": "https://example.com"}'

Example response (200)

{
  "url": "https://example.com",
  "score": 72,
  "scores": {
    "robotsTxt": 15,
    "schemaOrg": 22,
    "content": 25,
    "overall": 72
  },
  "data": {
    "robotsTxt": {
      "exists": true,
      "allowsGptBot": true,
      "allowsClaudeBot": false,
      "allowsPerplexityBot": true
    },
    "schemaOrg": {
      "exists": true,
      "types": ["Organization", "WebSite"],
      "quality": 0.7
    },
    "llmsTxt": { "exists": false, "valid": false },
    "agentsMd": { "exists": false, "valid": false },
    "content": {
      "title": "Example Domain",
      "wordCount": 312,
      "factualDensity": 0.4
    }
  },
  "scannedAt": "2026-04-01T12:00:00.000Z"
}

Rate Limits

API requests are rate-limited per API key. Exceeding the limit returns a 429 response with a Retry-After header indicating when to retry.

Plan	Requests	Window
Growth	100	per hour
Agency	Unlimited	per hour

Rate limit status is returned in every response via X-RateLimit-Remaining and Retry-After headers.

Error Responses

The API uses standard HTTP status codes. All error responses include an error field with a human-readable message.

Status	Meaning
400	Bad request. The URL is missing, malformed, or targets a private IP.
401	Unauthorized. API key is missing or invalid.
403	Forbidden. Your plan does not include API access.
429	Rate limit exceeded. Check the Retry-After header.
500	Internal server error. Retry after a short delay.

Error response format

{
  "error": "Invalid URL. Must be a publicly accessible HTTPS URL."
}

Need API access?

Upgrade to Growth ($79/mo) for 100 requests/hour, or Agency ($199/mo) for unlimited access.

View Pricing

Authentication

All API requests must include your API key in the Authorization header using Bearer token authentication. Your key is unique to your account and should be kept secret.

Authorization header

Authorization: Bearer YOUR_API_KEY

To generate or rotate your API key, go to Dashboard > Settings > API Access. Agency plan users may create multiple keys.

Endpoints

POST/api/v1/scan

Run a full GEO analysis on a publicly accessible URL. Returns the overall score, per-category scores, and raw scan data.

Request body

Parameter	Type	Description
urlrequired	string	The full URL to scan, including protocol (https://). Must be publicly accessible. Private IPs and localhost are not allowed.

Example request

curl -X POST https://geoautopilot.com/api/v1/scan \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"url": "https://example.com"}'

Example response (200)

{
  "url": "https://example.com",
  "score": 72,
  "scores": {
    "robotsTxt": 15,
    "schemaOrg": 22,
    "content": 25,
    "overall": 72
  },
  "data": {
    "robotsTxt": {
      "exists": true,
      "allowsGptBot": true,
      "allowsClaudeBot": false,
      "allowsPerplexityBot": true
    },
    "schemaOrg": {
      "exists": true,
      "types": ["Organization", "WebSite"],
      "quality": 0.7
    },
    "llmsTxt": { "exists": false, "valid": false },
    "agentsMd": { "exists": false, "valid": false },
    "content": {
      "title": "Example Domain",
      "wordCount": 312,
      "factualDensity": 0.4
    }
  },
  "scannedAt": "2026-04-01T12:00:00.000Z"
}

Plan

Requests

Window

Growth

100

per hour

Agency

Unlimited

per hour

Error Responses

The API uses standard HTTP status codes. All error responses include an error field with a human-readable message.

Status

Meaning

400

Bad request. The URL is missing, malformed, or targets a private IP.

401

Unauthorized. API key is missing or invalid.

403

Forbidden. Your plan does not include API access.

429

Rate limit exceeded. Check the Retry-After header.

500

Internal server error. Retry after a short delay.

Error response format

{ "error": "Invalid URL. Must be a publicly accessible HTTPS URL." }

API Reference

Authentication

Endpoints

Rate Limits

Error Responses

Need API access?

API Reference

Authentication

Endpoints

Rate Limits

Error Responses

Need API access?