Free • JSON • UK-built • No API key

Backlink API (JSON) — endpoints & examples

Use 1-Byte’s free endpoints to run quick or deep backlink scans, compare two domains to find overlaps and gaps, and diff snapshots to spot new vs lost links. Responses are clean JSON; examples below include cURL and fetch(). Ideal for internal dashboards, alerts, or integrating with your own reporting tools.

Published: 6 September 2025 • Last updated: 20 January 2026

Backlink Checker

/marketing/backlinks-api.php

Compare Two Domains

/marketing/backlinks-compare-api.php

New vs Lost

/marketing/backlinks-diff-api.php

Save Report

/marketing/backlinks-report-save.php

Public Report Renderer

/marketing/backlinks-report.php?id=…

Use the UI

Free Backlink Checker (web)

General notes

• Method: All API endpoints use POST with Content-Type: application/json.
• CSRF: When calling from a browser, include the CSRF token from your session (see examples). For server-to-server usage, hit the API from the same origin or disable CSRF in your private fork.
• Rate limits: The checker enforces a session-level cap (e.g. 30 checks/hour). Respect 429 responses.
• Caching: Scans are cached for 24h. Deep scans also cache fetched HTML for a short period.
• Link types: dofollow / nofollow / mention (plain text mention) / unknown.

Backlink Checker

POST /marketing/backlinks-api.php

Request body

csrf — string (required in browser)
domain — string (required), e.g. example.com
deep_scan — boolean (optional): fetch pages to extract anchor text
include_big — boolean (optional): include search/social hosts (debug)
debug — boolean (optional): include diagnostics object

curl -sX POST https://1-byte.xyz/marketing/backlinks-api.php \
  -H 'Content-Type: application/json' \
  -d '{
    "csrf": "db35aef1019acce060bb7af9b13df915",
    "domain": "example.com",
    "deep_scan": true,
    "include_big": false,
    "debug": false
  }'

const res = await fetch('/marketing/backlinks-api.php', {
  method: 'POST',
  headers: {'Content-Type':'application/json'},
  body: JSON.stringify({
    csrf: 'db35aef1019acce060bb7af9b13df915',
    domain: 'example.com',
    deep_scan: true
  })
});
const data = await res.json();

Response (200)

Fields: domain, results[], note, optional diagnostics.

{
  "domain": "example.com",
  "results": [
    {
      "referring_url": "https://referrer.tld/page",
      "anchor_text": "Example",
      "link_type": "dofollow",
      "score": 62
    }
  ],
  "note": "Deep scan fetched pages...",
  "diagnostics": null
}

Errors

400 — invalid domain
403 — invalid CSRF token
429 — rate limit
500 — upstream fetch error

Compare Two Domains

POST /marketing/backlinks-compare-api.php

Request body

csrf — string (required in browser)
domain_a, domain_b — strings (required)
deep_scan — boolean (optional)
include_big — boolean (optional)
debug — boolean (optional)

curl -sX POST https://1-byte.xyz/marketing/backlinks-compare-api.php \
  -H 'Content-Type: application/json' \
  -d '{
    "csrf": "db35aef1019acce060bb7af9b13df915",
    "domain_a": "example.com",
    "domain_b": "competitor.com",
    "deep_scan": false
  }'

Response (200)

Fields: overlap[], unique_a[], unique_b[]; each array contains rows with referring_url, anchor_text, link_type, score.

{
  "overlap": [ { "referring_url":"https://...", "anchor_text":null, "link_type":"unknown", "score":null } ],
  "unique_a": [],
  "unique_b": [],
  "diagnostics": null
}

New vs Lost Backlinks

POST /marketing/backlinks-diff-api.php

Request body

csrf — string (required in browser)
domain — string (required)
days — integer (1–90, default 7)
deep_scan, include_big — optional filters matching your saved scans
soft — boolean (optional): if true, returns 200 with empty arrays + note when no snapshots yet
debug — boolean (optional)

curl -sX POST https://1-byte.xyz/marketing/backlinks-diff-api.php \
  -H 'Content-Type: application/json' \
  -d '{
    "csrf": "db35aef1019acce060bb7af9b13df915",
    "domain": "example.com",
    "days": 30,
    "soft": true
  }'

Response (200)

Fields: new_pages[], lost_pages[], aggregates new_by_domain/lost_by_domain, timestamps of latest_ts and baseline_ts.

{
  "domain":"example.com",
  "window_days":30,
  "latest_ts": 1725100000,
  "baseline_ts": 1722500000,
  "counts": {"new": 5, "lost": 2},
  "new_pages": [ { "referring_url":"https://...", "anchor_text":"Example", "link_type":"dofollow", "score":67 } ],
  "lost_pages": [],
  "new_by_domain": { "referrer.tld": 3 },
  "lost_by_domain": {},
  "note": null
}

Save Report

POST /marketing/backlinks-report-save.php

Request body

csrf — string (required in browser)
domain — string (required)
payload — object (required): the JSON you received from the checker ({ domain, results[], ... })

curl -sX POST https://1-byte.xyz/marketing/backlinks-report-save.php \
  -H 'Content-Type: application/json' \
  -d '{
    "csrf": "db35aef1019acce060bb7af9b13df915",
    "domain": "example.com",
    "payload": {
      "domain": "example.com",
      "results": []
    }
  }'

Response (200)

Saves the report into backlink_reports and returns { id, url }.

{
  "id": 123,
  "url": "/marketing/backlinks-report.php?id=123"
}

You can then share the public URL or list reports at /marketing/backlinks-reports.php.

Public Report Renderer

GET /marketing/backlinks-report.php?id=<ID>

Renders a saved report (read-only) with shareable Open Graph image support (optional og-backlinks.php). The page is meant for humans, not machines; there is no JSON response.

• The underlying data comes from backlink_reports.payload.
• For bulk programmatic access, query the DB directly or save structured data during scans.

Security & Limits

• CSRF: Endpoints expect csrf when called from a browser session. From same-origin pages, read it from a hidden input or PHP session.
• Rate limit: Session-level (e.g. 30 checks/hour). Burst usage may be throttled.
• Caching: 24h cache per domain/flags; deep scan page cache ~3h.
• Robots: Results depend on publicly available mentions; some JS-only pages may be missed.

FAQ

Do I need an API key?

No. These endpoints are free and same-origin. For public usage from another site, proxy through your server to add CSRF and rate-limit controls.

How do I pass the CSRF token?

From PHP templates, echo the token into your JS (as shown) or a hidden input. For server-to-server scripts, call the endpoint from the same origin or disable CSRF in your private fork.

What does deep_scan do?

It fetches each referring page to extract anchor text and refine link type detection. This is slower but returns richer data.

Can I get a CSV?

Yes — consume the JSON and output CSV in your own scripts, or save a report then export from the UI if you’ve added that flow.

Docs last updated: 20 January 2026

Need a full backlink audit?

Hire 1-Byte for in-depth backlink and technical SEO audits, including disavow recommendations and outreach lists.

Get in touch