← Back to Blog
8 min read
Product

Complete Orilyt API Guide

Automate your WordPress audits: one endpoint, one JSON, 80+ tests

Complete Orilyt API Guide

One Call, 58 Tests

Running audits manually from the dashboard, one by one? That works — but when you manage 20, 50, or 100 sites, it doesn't scale.

The Orilyt REST API solves this: one GET request, one auth key, and you receive a structured JSON with all 58 test results — ready to process, store, or display in your own tool.

The Endpoint

A single read-only (GET) endpoint. Simple and effective.

Endpoint GET https://orilyt.com/api_v1.php?url=https://example.com

Authentication

Three supported methods — pick whichever fits your stack:

1 Authorization: Bearer header (recommended)
2 X-API-Key header
3 Query string ?key= (fallback)
Tip: Find your API key in your Orilyt account under "API". Each call consumes 1 credit.

Response Anatomy

The returned JSON contains everything you need to rebuild a full report:

status — "ok" or "error"
global_score — overall score /100
sections — scores per category (performance, SEO, security, UX)
tests — array of 58 objects (id, slug, label, score, status, details)
target — server info (IP, CMS, hosting, PHP, HTTPS)
meta — audit_id, site_id, execution time, timestamp
JSON { "status": "ok", "data": { "global_score": 82, "sections": { "performance": { "score": 88, "tests": [...] }, "seo": { "score": 75, "tests": [...] }, "security": { "score": 91, "tests": [...] }, "ux": { "score": 70, "tests": [...] } }, "tests": [ { "id": 1, "slug": "ssl_check", "label": "SSL / HTTPS", "score": 100, "status": "ok", "details": { ... } }, ... ], "target": { "url": "https://example.com", "ip": "93.184.216.34", "cms": "wordpress", "php_version": "8.2", "https": true } }, "audit_id": 1234, "site_id": 56, "meta": { "duration_ms": 14520, "timestamp": "2026-03-03T10:15:00Z" } }

Integration Examples

cURL (command line)

cURL curl -s "https://orilyt.com/api_v1.php?url=https://example.com&lang=fr" \ -H "Authorization: Bearer YOUR_API_KEY" \ | jq .

Python (requests)

Python import requests API_KEY = "YOUR_API_KEY" url = "https://orilyt.com/api_v1.php" params = {"url": "https://example.com", "lang": "fr"} headers = {"Authorization": f"Bearer {API_KEY}"} resp = requests.get(url, params=params, headers=headers, timeout=120) data = resp.json() if data["status"] == "ok": print(f"Score: {data['data']['global_score']}/100") for test in data["data"]["tests"]: print(f" {test['slug']}: {test['score']}") else: print(f"Error: {data['error']}")

PHP (native)

PHP <?php $apiKey = 'YOUR_API_KEY'; $target = 'https://example.com'; $ch = curl_init("https://orilyt.com/api_v1.php?url=" . urlencode($target) . "&lang=fr"); curl_setopt_array($ch, [ CURLOPT_RETURNTRANSFER => true, CURLOPT_TIMEOUT => 120, CURLOPT_HTTPHEADER => ["Authorization: Bearer $apiKey"], ]); $json = curl_exec($ch); $data = json_decode($json, true); if ($data['status'] === 'ok') { echo "Score: " . $data['data']['global_score'] . "/100\n"; }

Node.js (fetch)

Node.js const API_KEY = 'YOUR_API_KEY'; const url = new URL('https://orilyt.com/api_v1.php'); url.searchParams.set('url', 'https://example.com'); url.searchParams.set('lang', 'fr'); const resp = await fetch(url, { headers: { 'Authorization': `Bearer ${API_KEY}` }, signal: AbortSignal.timeout(120_000), }); const data = await resp.json(); if (data.status === 'ok') { console.log(`Score: ${data.data.global_score}/100`); data.data.tests.forEach(t => console.log(` ${t.slug}: ${t.score}`) ); }

Optional Parameters

lang — Report language (fr, en, es, de). Default: en.
Note: No callback/webhook support yet — the response is synchronous.

Error Handling

The API returns standard HTTP codes with structured JSON:

400 Missing or invalid URL (missing_url, invalid_url)
401 Missing or invalid API key (missing_api_key, invalid_api_key)
402 Insufficient credits (insufficient_credits)
422 Site unreachable (site_unreachable, site_blocked_by_waf) — remote 4xx/5xx, timeout, redirect loop, or WAF blocking our scanner
429 Rate limit reached (ip_rate_limited) — Retry-After header included
500 Internal error (internal_error)
Error JSON { "status": "error", "code": "insufficient_credits", "error": "Not enough credits to run this audit." }

Common Use Cases

Automated Monitoring

Run a weekly cron audit on all your client sites. Store scores and detect regressions.

SaaS Integration

Embed results in your own client dashboard, CRM, or WordPress maintenance tool.

CI/CD Pipeline

Add a post-deploy audit to your pipeline. If the score drops below a threshold, block the release.

Report Generation

Combine the API with white-label mode to auto-generate branded reports.

Limits & Best Practices

1 credit per call — check your balance before running a batch
IP-based rate limiting (admin-configurable) — respect the Retry-After header
Cache results client-side — one audit per site per day is usually enough
Recommended timeout: 120 seconds — some slow sites take longer
HTTPS required in production
Ready to Automate?
Create your Orilyt account, grab your API key, and run your first audit in under 2 minutes.
Create a Free Account
Previous Comptes équipe : gérez vos audits à plusieurs avec le plan Agency Next How to integrate Orilyt audits into your agency workflow with the API