A site audit API you can call from your editor
SiteCurl runs over 90 checks and returns them as JSON. You get a REST API and an MCP server. So you can scan a site, read findings, and track regressions from code, not a dashboard.
Free scan, no signup. Full Studio access on the 7-day trial.
Acme Corp
www.acmecorp.io • 10 pages
+3 from last scanPriority fix
Images missing alt text
3 images on /about need descriptive alt attributes for screen readers.
Why it matters
You check code quality in CI, but not site quality. Broken meta tags, slow pages, and missing security headers ship unnoticed until someone files a ticket. A site audit API lets you check site health on every deploy, the same way you run tests.
What the site audit API and MCP server give you:
- A REST API at /api/v1 that returns scan data as JSON. List and show sites, start a scan, list scans, read findings by category or severity, and pull reports. Auth is a bearer token from an API key you create in settings. There is no SDK to install. It is plain HTTP, so it works from a deploy script, a CI job, curl, or any language you already use.
- An MCP server at /api/v1/mcp. It speaks JSON-RPC 2.0 over Streamable HTTP with SSE. It exposes 11 tools (sitecurl_list_sites, sitecurl_get_site, sitecurl_scan, sitecurl_scan_status, sitecurl_findings, sitecurl_score, sitecurl_trends, sitecurl_priority, sitecurl_regressions, sitecurl_improvements, and sitecurl_add_site). It works with Claude Code, Cursor, Windsurf, and other MCP clients.
- Gating in CI with nothing but the REST API. From a deploy or pipeline script, POST to the scan endpoint. Poll the scan-status endpoint until the scan finishes. Then read findings by severity and category. Your script decides what counts as a failure and exits non-zero on it. So you can block a deploy on critical issues and let warnings through. It is plain HTTP, so the same few calls work in GitHub Actions, GitLab CI, or any runner, in whatever language you already use.
- HMAC-signed webhooks for three events: scan_completed, score_dropped, and critical_regression. Manage endpoints over the same REST API. Verify the signature with examples in Ruby, Node.js, and Python. Post results to Slack or your own service. An endpoint turns off on its own after 10 failed deliveries in a row.
- Intelligence endpoints that go past raw findings. Pull score trends over time, the checks that regressed since the last scan, the checks you fixed, and a priority list of top action items across every site. A deploy script can then decide what to surface or block.
- Over 90 checks across SEO, speed, security, accessibility, technical health, uptime, and AI readiness. The same data comes back through the API, MCP server, and UI. An OpenAPI 3.1 spec lives at /openapi.yaml. A discovery card at /.well-known/mcp/server-card.json describes the tools to MCP directories.
MCP tools available to AI coding assistants
Source: SiteCurl API
to get scan results back via API or MCP
Source: SiteCurl API
What a site audit API catches that CI misses
- Meta tags that break after a deploy. Title tags, canonical links, and structured data shift when you change a template, and your test suite says nothing. A scan from your deploy pipeline reports missing or overlong titles, missing meta descriptions, missing canonical tags, and missing JSON-LD before they reach search.
- Pages that slow down release by release. A new third-party script or an oversized image drops your speed score with no failing test. The audit reports response time (TTFB), HTML size, Core Web Vitals, render-blocking CSS, and scripts loaded without async or defer. So a regression shows up in the API response, not in a complaint.
- Security headers that vanish after a migration. HSTS and other headers can go missing when you switch hosts or change a config. Mixed content slips in when an HTTP file loads on an HTTPS page. The audit flags these and reports SSL certificate expiry. A webhook can alert you the moment it regresses.
- Findings you can act on in code. Every issue comes back with a category, a severity, and remediation text. Filter by category or severity through the findings endpoint. Your CI script can read the critical findings from the response and fail the build on them, and let warnings through. Filter to one area when you only want to gate on speed or security.
- AI readiness most teams never check. Unclear headings, thin content, and missing structured data markup make a site harder for tools like ChatGPT and Perplexity to read. The AI readiness category scores these signals, so you can see them in the same scan. They sit outside the headline score.
You already gate merges on tests, types, and lint. Site health is the one layer that usually has no gate. A template change drops a canonical tag. A new script slows the homepage. A host migration strips a security header. Nothing fails until someone notices in production. A site audit API closes that gap. It makes site quality something a script can check on every deploy, the same way it checks everything else. To see the kind of signals it returns first, the standalone technical health check runs the same checks in the browser.
SiteCurl exposes its scanner two ways. The REST API at /api/v1 returns JSON for sites, scans, findings, reports, and intelligence. Auth is a bearer token from an API key. There is no SDK to learn. You call it with curl, fetch, or your HTTP client of choice. The MCP server at /api/v1/mcp speaks JSON-RPC 2.0 over Streamable HTTP with SSE. It gives Claude Code, Cursor, Windsurf, and other MCP clients 11 tools. So you can ask your editor to scan a site, read findings, or check what regressed without leaving the chat.
For pipelines, the REST API is all you need. From a deploy or CI step, POST to the scan endpoint. Poll the scan-status endpoint until it finishes. Then read findings by severity and category, and exit non-zero when a critical issue appears. There is no package to install. The same few HTTP calls drop into a GitHub Actions step or any CI runner, and the JSON response is yours to gate on however you like. Webhooks cover the other direction. They send HMAC-signed POSTs for scan_completed, score_dropped, and critical_regression, with signature checks in Ruby, Node.js, and Python. So you can route events to Slack or a custom service.
The API and MCP server are on Pro and Studio. Pro gives you 3 API keys and 100 requests per hour. Studio gives you 10 keys and 1,000 per hour. Starter has no API access. Every account starts with a free 7-day Studio trial, no credit card required. So you can wire the site audit API into a real pipeline before you decide. The same over-90-check scan backs the API, the MCP server, and the dashboard. An OpenAPI 3.1 spec documents every endpoint at /openapi.yaml, and the full API documentation walks through auth, endpoints, and examples. A discovery card at /.well-known/mcp/server-card.json lists the tools for MCP directories.
How this usually fits into the workflow
- Run a baseline scan after a launch, redesign, or major content push so you know what changed.
- Share the report with the people who need it, then fix the highest-impact items first instead of chasing every small warning.
- Re-run the scan on a schedule so regressions show up before a client, donor, customer, or stakeholder notices them.
What to compare before you choose a tool
- Coverage: SEO alone is not enough. Look for one report that also covers speed, security, accessibility, technical health, uptime, and AI readiness.
- Output: The best tool for a team is the one that turns raw findings into clear priorities people can actually act on.
- Follow-up: Scheduled scans, score history, and change detection matter more than a one-time snapshot.
Full Studio access. No credit card required.
Frequently asked questions
Which AI tools work with the MCP server?
Claude Code, Cursor, and Windsurf all work today. Any editor that speaks MCP can connect. Add the server URL and your API key to the config and you are ready to go.
How is MCP different from the REST API?
MCP lets your AI coding tool call SiteCurl right in the chat. The REST API is plain HTTP for scripts, CI, and custom tools. Both use the same API key and return the same data.
What plans include API and MCP access?
Pro and Studio. Pro gives you 3 API keys and 100 calls per hour. Studio gives you 10 keys and 1,000 per hour. New accounts start with a 7-day Studio trial.
Can I trigger scans from a CI pipeline?
Yes. Call the scan endpoint after each deploy, then check the status endpoint or wait for a webhook. Block the build if the score drops below your bar.
What webhook events are available?
Three events: scan done, score dropped, and new critical issue. Payloads are signed. Code samples for Ruby, Node.js, and Python are in the API docs.
Site health checks that live where you code.
After 7 days, keep your reports on the free plan or upgrade. No auto-charges.