API reference
Connect agents and scripts to reviewed keyword research workflows.
Discover Keywords APIs are authenticated, quota-aware, and designed to preserve shared-cache behavior for student and operator workflows.
Base URL
https://discoverkeywords.coAll research endpoints require authentication. Public pages are static and do not call research APIs.
Authentication
Three supported ways to authenticate protected requests.
Bearer token
Recommended for scripts, agents, and external skill integrations.
Authorization: Bearer gk_live_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxQuery parameter
Supported for simple polling and lightweight integrations.
GET /api/research/expand/status?jobId=...&api_key=gk_live_xxxSession cookie
Used by the authenticated dashboard after a user signs in.
Cookie: session=<managed by the web app>Quota and cache
Guardrails are part of the API contract.
Admin accounts are unrestricted.
Student accounts have a daily quota for combined research calls.
Shared-cache hits do not count against quota.
Public marketing pages do not trigger paid research providers.
Endpoints
Core API surfaces.
Authentication
/api/auth/sign-upCreate a student account with an invite code.
/api/auth/sign-inSign in and receive a managed session cookie.
/api/auth/accessCheck account role, trial status, quota, and block status.
/api/auth/keysGenerate an API key for integrations.
/api/auth/keysList active API keys for the current account.
/api/auth/keysRevoke an API key.
Research
/api/research/expandSubmit keyword expansion jobs.
/api/research/expand/statusPoll expansion job status and final cached results.
/api/research/compareCompare keyword groups and trend movement.
/api/research/compare/statusPoll compare job status.
/api/research/serpRun guarded SERP analysis for validated research flows.
/api/research/trendsSubmit trend checks.
Game and discovery
/api/game-keywordsRead reviewed game keyword opportunities.
/api/integrations/discovery-feedRead the protected discovery feed for integrations.
/api/research/keyword-suggestionsRequest guarded keyword suggestions.
Protected APIs, public documentation.
Use API keys from the authenticated dashboard. Admin, cron, D1, and shared-cache workflows remain unchanged.
Developer FAQ
Operational details for safe API use.
Where do API keys come from?
API keys are generated from the authenticated dashboard. Public documentation pages do not create, expose, or validate keys.
Which authentication method should scripts use?
Bearer tokens are recommended for scripts, agents, and server-side integrations because they avoid leaking keys through URLs.
Do shared-cache hits count against quota?
No. Shared-cache hits are treated separately from paid research work and do not count against student daily research quota.
How should async research jobs be consumed?
Submit the job through the protected endpoint, store the returned job id, and poll the matching status endpoint until cached final results are ready.
Can unauthenticated visitors call research APIs from this page?
No. The docs page is static and public, but research endpoints remain authenticated and quota-aware.
Do API docs change cron, D1, or background workflows?
No. This page documents the existing surfaces and does not modify cron jobs, D1 schema, shared cache, or provider call behavior.