Accessibility
Compliance
in 3 API calls.
Stop guessing whether your website is accessible. A11yFlow scans any page for WCAG 2.2 violations and tells you exactly what's broken, why it matters, and how to fix it — all through a clean REST API that fits into the workflow you already have.
No credit card required. 25 free scans every month to try it out.
WCAG 2.2
Latest standard
<10s
Avg scan time
axe-core
Industry engine
REST
Simple JSON API
Scan right where
you write code.
No more manual audits.
Most accessibility tools make you leave your editor, open a browser extension, and click through a UI. A11yFlow is different — submit any URL via API and get a WCAG 2.2 audit in seconds. We launch a real Chromium browser, execute your JavaScript, and run the axe-core rule set against the rendered page. Automated scanning catches around 57% of WCAG issues reliably — and we clearly flag the rest as items that need manual review, so nothing slips through the cracks.
POST /v1/scans
{
"url": "https://your-site.com",
"standard": "wcag22aa",
"options": {
"waitFor": "networkidle"
}
}// GET /v1/scans/:id
{
"status": "completed",
"summary": {
"violations": 3,
"passes": 42,
"incomplete": 1
},
"violations": [
{
"id": "color-contrast",
"impact": "serious",
"help": "Elements must meet minimum\n color contrast ratio"
}
]
}Structured results
you can act on.
Instantly.
No more wading through vague warnings. Every scan returns a weighted accessibility score, violation counts by severity and category, contrast ratios down to the element, WCAG guideline references, and plain-English remediation guidance. Items that need manual review are returned separately as "incomplete" — so you know exactly what\'s been verified automatically and what still needs a human check. Everything arrives as clean JSON you can parse, store, or pipe straight into your issue tracker.
A report that's got
your back.
Deploy with confidence.
Before every release, know exactly where you stand. Get formatted reports that break violations down by severity — critical issues that block users entirely, serious ones that cause real difficulty, and minor ones you can schedule for later. Share reports with your team, attach them to pull requests, or wire them into your CI/CD pipeline to catch regressions before they ship.
// GET /v1/scans/:id/report
{
"summary": {
"totalViolations": 3,
"totalPasses": 42,
"critical": 0,
"serious": 2,
"moderate": 1,
"minor": 0
}
}Secure by default.
Built for production.
Your API key is hashed before we store it — we never see the raw value after creation. Rate limiting protects your account and ours. Every request is logged so you can track usage. This isn't a side project with a toy API — it's production infrastructure you can trust with real traffic.
SHA-256 Hashing
API keys are hashed before storage. Raw keys shown once at creation.
Rate Limiting
Per-minute sliding window + monthly fixed window. Tier-based quotas.
Bearer Auth
Standard Authorization header. Works with any HTTP client.
Usage Logging
Every request logged with endpoint, status, and response time.
Zod Validation
All inputs validated at the edge. Type-safe from request to response.
CORS + Security
Secure headers, CORS configuration, and error sanitisation built in.
Three API calls.
That's it.
Create an API key
curl -X POST https://api.a11yflow.dev/v1/keys \
-H "Content-Type: application/json" \
-d '{"email": "you@example.com"}'Submit a scan
curl -X POST https://api.a11yflow.dev/v1/scans \
-H "Authorization: Bearer sk_live_your_key" \
-H "Content-Type: application/json" \
-d '{"url": "https://your-site.com"}'Get results
curl https://api.a11yflow.dev/v1/scans/SCAN_ID \
-H "Authorization: Bearer sk_live_your_key"Why developers
choose A11yFlow.
Accessibility testing shouldn't cost a fortune or require a dedicated team. Most enterprise tools charge thousands per year and lock you into clunky dashboards. Credit-based APIs nickel-and-dime you for every scan and charge extra for detailed results. We think there's a better way.
Flat-rate, not per-credit
One monthly price, all features included. No surprise bills, no paying extra for contrast data or XPath selectors. Every scan gives you everything.
Built for automation
A REST API that fits into your existing workflow — CI/CD pipelines, monitoring scripts, custom dashboards. No browser extensions or manual clicking required.
Real browser rendering
We scan the page your users actually see, after JavaScript has executed and CSS has loaded. Not a static HTML snapshot — the real, rendered page.
Actionable, not overwhelming
Every violation comes with a severity rating, the exact element that failed, the WCAG guideline it breaks, and a plain-English explanation of how to fix it.
Transparent pricing
Our pricing is on the website. No "contact sales" for basic features. No annual contracts. Start free, upgrade when you need more, downgrade if you don't.
Developer-first experience
Clean JSON responses, comprehensive API docs with code examples in cURL, JavaScript, and Python. Get your first scan result in under a minute.
Start free,
scale as you grow.
No credit card required. No annual lock-in. Every plan includes the full feature set — score, contrast data, WCAG mappings, and more. The only difference is volume.
Starter
For side projects
- 20 requests/min
- 1,000 scans/month
- 3 domains
- Email support
- Scan history
Pro
For growing products
- 60 requests/min
- 5,000 scans/month
- 10 domains
- Priority support
- Scheduled scans
- Webhooks
Team
For agencies & teams
- 120 requests/min
- 25,000 scans/month
- Unlimited domains
- Dedicated support
- Team API keys
- Custom reports
Need more? Contact us for Enterprise pricing with unlimited scans and a dedicated SLA.
Frequently asked
questions.
What accessibility standards do you support?
We support WCAG 2.0 Level A, AA, AAA, and WCAG 2.2 Level AA (the default and recommended standard). Our scanner uses axe-core, the industry-standard accessibility testing engine.
How long does a scan take?
Most scans complete in 5–15 seconds depending on page complexity. We load the page in a real Chromium browser, wait for JavaScript to execute, then run the full axe-core audit.
Is this compliant with the European Accessibility Act?
A11yFlow helps you identify WCAG 2.2 AA violations, which is the standard referenced by the European Accessibility Act (EAA). Regular scanning helps demonstrate ongoing compliance efforts.
Can I scan pages behind authentication?
Not yet — authenticated page scanning is on our roadmap. Currently we scan publicly accessible URLs only.
How is my API key stored?
We store only a SHA-256 hash of your API key. The raw key is shown once at creation time and cannot be retrieved later. This is the same approach used by Stripe, GitHub, and other major API providers.
What can automated scanning detect?
Automated tools like axe-core can reliably catch around 57% of WCAG issues — things like missing alt text, insufficient colour contrast, broken ARIA attributes, missing form labels, and keyboard traps. The remaining issues (e.g. quality of alt text, logical reading order, cognitive load) require human judgement. A11yFlow flags these as "incomplete" items that need manual review, so you always know what's been checked and what still needs a human eye.
What can't it scan?
A11yFlow scans rendered HTML pages. It cannot scan PDFs, Word documents, native mobile apps, Canvas/WebGL content, or content inside cross-origin iframes. Pages behind authentication are not yet supported. Single-page apps are supported — we wait for JavaScript to finish rendering before scanning.
Do you offer an SLA?
Enterprise plans include a 99.9% uptime SLA. Contact us for details on custom enterprise agreements.
The web should be
accessible to everyone.
Over a billion people worldwide live with some form of disability. Accessibility isn't a nice-to-have — it's a legal requirement in most markets and, more importantly, the right thing to do. A11yFlow makes it easy to build accessible products from day one.