API reference

Connect agents and scripts to reviewed keyword research workflows.

Discover Keywords APIs are authenticated, quota-aware, and designed to preserve shared-cache behavior for student and operator workflows.

Base URL

https://discoverkeywords.co

All research endpoints require authentication. Public pages are static and do not call research APIs.

Authentication

Three supported ways to authenticate protected requests.

Bearer token

Recommended for scripts, agents, and external skill integrations.

Authorization: Bearer gk_live_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Query parameter

Supported for simple polling and lightweight integrations.

GET /api/research/expand/status?jobId=...&api_key=gk_live_xxx

Session cookie

Used by the authenticated dashboard after a user signs in.

Cookie: session=<managed by the web app>

Quota and cache

Guardrails are part of the API contract.

Admin accounts are unrestricted.

Student accounts have a daily quota for combined research calls.

Shared-cache hits do not count against quota.

Public marketing pages do not trigger paid research providers.

Endpoints

Core API surfaces.

Authentication

POST/api/auth/sign-up

Create a student account with an invite code.

POST/api/auth/sign-in

Sign in and receive a managed session cookie.

GET/api/auth/access

Check account role, trial status, quota, and block status.

POST/api/auth/keys

Generate an API key for integrations.

GET/api/auth/keys

List active API keys for the current account.

DELETE/api/auth/keys

Revoke an API key.

Research

POST/api/research/expand

Submit keyword expansion jobs.

GET/api/research/expand/status

Poll expansion job status and final cached results.

POST/api/research/compare

Compare keyword groups and trend movement.

GET/api/research/compare/status

Poll compare job status.

POST/api/research/serp

Run guarded SERP analysis for validated research flows.

POST/api/research/trends

Submit trend checks.

Game and discovery

GET/api/game-keywords

Read reviewed game keyword opportunities.

GET/api/integrations/discovery-feed

Read the protected discovery feed for integrations.

POST/api/research/keyword-suggestions

Request guarded keyword suggestions.

Protected APIs, public documentation.

Use API keys from the authenticated dashboard. Admin, cron, D1, and shared-cache workflows remain unchanged.

Open dashboard

Developer FAQ

Operational details for safe API use.

Where do API keys come from?

API keys are generated from the authenticated dashboard. Public documentation pages do not create, expose, or validate keys.

Which authentication method should scripts use?

Bearer tokens are recommended for scripts, agents, and server-side integrations because they avoid leaking keys through URLs.

Do shared-cache hits count against quota?

No. Shared-cache hits are treated separately from paid research work and do not count against student daily research quota.

How should async research jobs be consumed?

Submit the job through the protected endpoint, store the returned job id, and poll the matching status endpoint until cached final results are ready.

Can unauthenticated visitors call research APIs from this page?

No. The docs page is static and public, but research endpoints remain authenticated and quota-aware.

Do API docs change cron, D1, or background workflows?

No. This page documents the existing surfaces and does not modify cron jobs, D1 schema, shared cache, or provider call behavior.