Heading API Reference
Complete reference for the Heading REST API
Programmatic access to properties, prompts, competitors, and visibility data. Authenticate with API keys, get JSON responses.
Base URL
https://api.useheading.com/v1Authentication
All requests require an API key passed as a Bearer token in the Authorization header.
Create API keys from Settings > API in the Heading dashboard. Keys use the hdg_sk_live_ prefix.
curl https://api.useheading.com/v1/properties \
-H "Authorization: Bearer hdg_sk_live_abc123..."API keys are shown once at creation and cannot be retrieved later. Store them securely.
Access levels
| Level | Permissions |
|---|---|
| Read | GET requests only |
| Write | GET, POST, PATCH requests |
DELETE operations are not available via the API. Use the dashboard to delete resources.
Property scoping
Keys can be scoped to specific properties or granted access to all properties on the team. Scoped keys only return data for their allowed properties.
Resources
PropertiesList monitored properties and their configurationPromptsList monitoring prompts and quality scoresVisibilityAccess visibility scores and trendsCompetitorsView detected competitors across AI responsesSourcesView citation sources across AI responses
Response format
All responses return JSON with a consistent structure.
Success
{
"data": [...],
"total": 5
}Error
{
"error": {
"code": "UNAUTHORIZED",
"message": "Authorization header is required"
}
}Status codes
| Status | Meaning |
|---|---|
200 | Success |
401 | Unauthorized — invalid or missing API key |
403 | Forbidden — insufficient permissions (e.g. read key attempting a write) |
429 | Rate limited — too many requests |
500 | Internal server error |
Rate limits
- 100 requests/min per API key
- Rate-limited responses include a
Retry-Afterheader (seconds until reset) X-RateLimit-Limit,X-RateLimit-Remaining, andX-RateLimit-Resetheaders are included on all responses