To integrate Ahrefs with Lovable, create a Supabase Edge Function that proxies requests to the Ahrefs API v3 using your API token stored in Cloud Secrets. Your Lovable frontend calls this Edge Function to fetch backlink data, keyword rankings, and site audit metrics, which are then displayed in custom SEO dashboards. Ahrefs charges per row returned, so always paginate and cache responses in Supabase.
Build a Custom SEO Dashboard with Ahrefs and Lovable
Ahrefs is the gold standard for backlink analysis. Its index of over 3 trillion backlinks, updated every 15–30 minutes, gives SEO professionals the most accurate picture of who links to any website. When you connect Ahrefs to a Lovable app, you unlock the ability to build bespoke dashboards that surface exactly the metrics your team cares about — without paying for seats in Ahrefs' own interface or manually exporting CSV files.
The Ahrefs API v3 is a REST API that exposes endpoints for site explorer data (backlinks, referring domains, organic keywords, top pages), keywords explorer data, and batch analysis for multiple URLs. Authentication is simple: pass your API token as a Bearer header. The key operational constraint is that Ahrefs bills per row returned, not per API call, so well-designed queries with appropriate limits and caching are essential for controlling costs.
Because the Ahrefs API requires a secret token, all requests must originate server-side. Lovable's Edge Functions running on Deno at the edge are the correct architecture: your React frontend calls your own Edge Function, which adds the Authorization header and forwards the request to Ahrefs. This keeps your token out of browser network tabs, git history, and Lovable chat logs — where Lovable's security infrastructure blocks approximately 1,200 hardcoded keys per day.
Integration method
Ahrefs does not have a native Lovable connector, so all API calls must be proxied through a Supabase Edge Function. Your API token lives in Cloud Secrets and is never exposed to the browser. The Edge Function queries the Ahrefs API v3 endpoints and returns structured data to your React frontend.
Prerequisites
- A Lovable project with Lovable Cloud enabled (Supabase backend active)
- An Ahrefs account with API access (available on Advanced plan and above)
- Your Ahrefs API token from ahrefs.com/api
- Basic familiarity with Lovable's chat interface and the Cloud tab
- Understanding that Ahrefs charges per API row returned — plan your queries carefully
Step-by-step guide
Get your Ahrefs API token
Get your Ahrefs API token
Log in to your Ahrefs account at app.ahrefs.com and navigate to your account settings. Look for the API section, which is accessible from the user menu in the top-right corner. Ahrefs API access is available on the Advanced plan and above. On the API page, you will see your API token — a long alphanumeric string. Copy this token. Do not share it publicly or paste it directly into Lovable's chat, because on the free tier chat history is public and tokens can be recovered from git commit history. Instead, you will store it in Lovable's secure Secrets panel in the next step. If you do not yet have an Ahrefs account or do not see API access in your plan, you can sign up for a trial at ahrefs.com. Note that Ahrefs API pricing is consumption-based: you are charged per row of data returned by each API call, so queries should always include limit parameters to avoid unexpected charges.
Pro tip: Ahrefs API v3 has a separate token from the older v2 API. Make sure you are using the v3 token from the API section, not a legacy key.
Expected result: You have your Ahrefs API token copied and ready to store securely.
Store your API token in Cloud Secrets
Store your API token in Cloud Secrets
In your Lovable project, click the plus (+) icon next to the preview window to open the panels. Click the Cloud tab. In the Cloud panel, scroll down to the Secrets section and click Add Secret. In the Name field, enter AHREFS_API_TOKEN exactly as written (case-sensitive — your Edge Function will reference this name). In the Value field, paste your Ahrefs API token. Click Save. Lovable encrypts this value and stores it in the server-side environment, accessible only from Edge Functions via Deno.env.get(). It will never appear in your frontend JavaScript bundle, network requests, or browser storage. This is the secure architecture Lovable uses for all authenticated third-party API integrations. You should see the secret listed in the Secrets panel with its value masked. If you need to rotate your token in the future, simply update the value here — no code changes required.
Pro tip: Name your secret exactly AHREFS_API_TOKEN. Mismatches between the secret name and the Deno.env.get() call in your Edge Function are the most common cause of 'Secret not found' errors.
Expected result: AHREFS_API_TOKEN appears in the Cloud tab Secrets panel with its value masked.
Create the Ahrefs proxy Edge Function
Create the Ahrefs proxy Edge Function
In Lovable's chat, ask it to create an Edge Function that proxies requests to the Ahrefs API v3. The function should read your API token from Deno.env.get('AHREFS_API_TOKEN'), accept query parameters for the target (the domain or URL to analyze), the Ahrefs endpoint (such as site-explorer/backlinks or site-explorer/referring-domains), and any additional Ahrefs filter parameters. The function constructs the correct Ahrefs API v3 URL with the query parameters, adds the Authorization: Bearer header with your token, makes the fetch call, and returns the JSON response to your frontend. You must include CORS headers in the response so your Lovable React app can call this function from the browser. The code below shows the complete Edge Function implementation. Paste this prompt into Lovable chat: 'Create a Supabase Edge Function at supabase/functions/ahrefs-proxy/index.ts that accepts GET requests with query parameters: target (domain), endpoint (Ahrefs API path like site-explorer/backlinks), and any additional params. It should proxy requests to https://api.ahrefs.com/v3/{endpoint}?target={target}&{params} using the AHREFS_API_TOKEN secret as a Bearer token, and return the JSON response with CORS headers.'
Create a Supabase Edge Function at supabase/functions/ahrefs-proxy/index.ts that accepts GET requests with query parameters: target (the domain to analyze), endpoint (the Ahrefs API path), and additional filter params. Proxy the request to https://api.ahrefs.com/v3/{endpoint} using the AHREFS_API_TOKEN secret as a Bearer token. Return the Ahrefs JSON response with CORS headers so the frontend can call it.
Paste this in Lovable chat
1import { serve } from 'https://deno.land/std@0.168.0/http/server.ts'23const corsHeaders = {4 'Access-Control-Allow-Origin': '*',5 'Access-Control-Allow-Headers': 'authorization, x-client-info, apikey, content-type',6}78serve(async (req) => {9 if (req.method === 'OPTIONS') {10 return new Response('ok', { headers: corsHeaders })11 }1213 try {14 const apiToken = Deno.env.get('AHREFS_API_TOKEN')15 if (!apiToken) {16 return new Response(17 JSON.stringify({ error: 'AHREFS_API_TOKEN secret not configured' }),18 { status: 500, headers: { ...corsHeaders, 'Content-Type': 'application/json' } }19 )20 }2122 const url = new URL(req.url)23 const target = url.searchParams.get('target')24 const endpoint = url.searchParams.get('endpoint')2526 if (!target || !endpoint) {27 return new Response(28 JSON.stringify({ error: 'target and endpoint query parameters are required' }),29 { status: 400, headers: { ...corsHeaders, 'Content-Type': 'application/json' } }30 )31 }3233 // Build Ahrefs API URL, forwarding all query params except 'endpoint'34 const ahrefsUrl = new URL(`https://api.ahrefs.com/v3/${endpoint}`)35 url.searchParams.forEach((value, key) => {36 if (key !== 'endpoint') {37 ahrefsUrl.searchParams.set(key, value)38 }39 })4041 const response = await fetch(ahrefsUrl.toString(), {42 headers: {43 'Authorization': `Bearer ${apiToken}`,44 'Content-Type': 'application/json',45 },46 })4748 const data = await response.json()4950 if (!response.ok) {51 return new Response(52 JSON.stringify({ error: 'Ahrefs API error', details: data }),53 { status: response.status, headers: { ...corsHeaders, 'Content-Type': 'application/json' } }54 )55 }5657 return new Response(58 JSON.stringify(data),59 { headers: { ...corsHeaders, 'Content-Type': 'application/json' } }60 )61 } catch (error) {62 return new Response(63 JSON.stringify({ error: 'Internal server error', message: error.message }),64 { status: 500, headers: { ...corsHeaders, 'Content-Type': 'application/json' } }65 )66 }67})Pro tip: Always include a limit parameter when calling Ahrefs endpoints (e.g., limit=100). Ahrefs charges per row, so an uncapped query on a large domain can consume significant API credits.
Expected result: The Edge Function appears in your project's supabase/functions/ directory and Lovable deploys it to Cloud. You can test it at /functions/v1/ahrefs-proxy?endpoint=site-explorer/referring-domains&target=example.com&limit=10.
Build the SEO dashboard frontend
Build the SEO dashboard frontend
With the Edge Function deployed, you can now build the React dashboard in Lovable. Use the chat to describe what you want: a search field for entering a domain, a set of metric cards showing Domain Rating, referring domains count, and organic keywords count, and a data table showing the top backlinks with their anchor text and URL Rating. Your frontend calls the Edge Function using the Supabase client's functions.invoke() method or a plain fetch to the Edge Function URL. Importantly, use the Supabase anon key for the client-side fetch to the Edge Function — this is safe because the Edge Function itself handles the Ahrefs authentication. Ask Lovable to create a React component that accepts a domain input, calls your ahrefs-proxy Edge Function with the appropriate endpoint parameters, handles loading and error states, and displays the results in a clean layout using shadcn/ui components like Card, Table, and Badge.
Create an SEO dashboard page with a domain search input. When submitted, call our Supabase Edge Function 'ahrefs-proxy' with endpoint='site-explorer/referring-domains' and the entered domain as target. Display the results in a table showing referring domain URL, domain rating, and first seen date. Add a metric card at the top showing total referring domains count. Include loading and error states.
Paste this in Lovable chat
1import { useState } from 'react'2import { supabase } from '@/integrations/supabase/client'3import { Card, CardContent, CardHeader, CardTitle } from '@/components/ui/card'4import { Input } from '@/components/ui/input'5import { Button } from '@/components/ui/button'6import { Table, TableBody, TableCell, TableHead, TableHeader, TableRow } from '@/components/ui/table'78export default function AhrefsDashboard() {9 const [domain, setDomain] = useState('')10 const [loading, setLoading] = useState(false)11 const [data, setData] = useState<any>(null)12 const [error, setError] = useState<string | null>(null)1314 const fetchBacklinks = async () => {15 if (!domain) return16 setLoading(true)17 setError(null)18 try {19 const { data: result, error: fnError } = await supabase.functions.invoke('ahrefs-proxy', {20 body: null,21 headers: {},22 })23 // Use fetch directly with query params24 const response = await fetch(25 `/functions/v1/ahrefs-proxy?endpoint=site-explorer%2Freferring-domains&target=${encodeURIComponent(domain)}&limit=50&select=domain,domain_rating,backlinks,first_seen`26 )27 if (!response.ok) throw new Error('Failed to fetch Ahrefs data')28 const json = await response.json()29 setData(json)30 } catch (err: any) {31 setError(err.message)32 } finally {33 setLoading(false)34 }35 }3637 return (38 <div className="p-6 max-w-4xl mx-auto">39 <h1 className="text-2xl font-bold mb-6">Backlink Monitor</h1>40 <div className="flex gap-2 mb-6">41 <Input42 placeholder="Enter domain (e.g. example.com)"43 value={domain}44 onChange={(e) => setDomain(e.target.value)}45 onKeyDown={(e) => e.key === 'Enter' && fetchBacklinks()}46 />47 <Button onClick={fetchBacklinks} disabled={loading}>48 {loading ? 'Loading...' : 'Analyze'}49 </Button>50 </div>51 {error && <p className="text-red-500 mb-4">{error}</p>}52 {data && (53 <Card>54 <CardHeader>55 <CardTitle>Referring Domains for {domain}</CardTitle>56 </CardHeader>57 <CardContent>58 <Table>59 <TableHeader>60 <TableRow>61 <TableHead>Domain</TableHead>62 <TableHead>DR</TableHead>63 <TableHead>Backlinks</TableHead>64 </TableRow>65 </TableHeader>66 <TableBody>67 {(data.refdomains || []).map((row: any) => (68 <TableRow key={row.domain}>69 <TableCell>{row.domain}</TableCell>70 <TableCell>{row.domain_rating}</TableCell>71 <TableCell>{row.backlinks}</TableCell>72 </TableRow>73 ))}74 </TableBody>75 </Table>76 </CardContent>77 </Card>78 )}79 </div>80 )81}Pro tip: Use the select parameter in Ahrefs API calls to fetch only the columns you need. This reduces rows returned and directly lowers your API cost.
Expected result: You can enter a domain in the dashboard, click Analyze, and see a table of referring domains with their Domain Rating and backlink counts populated from the Ahrefs API.
Add response caching to control API costs
Add response caching to control API costs
Ahrefs API charges per row returned, so fetching the same domain repeatedly can quickly consume your API budget. The best practice is to cache API responses in a Supabase database table. Create a table called ahrefs_cache with columns: domain (text), endpoint (text), data (jsonb), and created_at (timestamptz). Before calling the Ahrefs API, your Edge Function checks if a recent cache entry exists (for example, less than 24 hours old). If a cache hit is found, it returns the cached data immediately without touching the Ahrefs API. On a cache miss, it calls Ahrefs, stores the result in the cache table, and returns the data. This approach can reduce your Ahrefs API consumption by 80–90% for dashboards that are viewed multiple times per day. Ask Lovable to update the Edge Function to include this caching logic using the Supabase client initialized with the service role key, which can bypass RLS policies for cache reads and writes.
Update the ahrefs-proxy Edge Function to cache Ahrefs API responses in a Supabase table called ahrefs_cache (columns: domain, endpoint, data jsonb, created_at). Before calling Ahrefs, check if there's a cache entry less than 24 hours old for the same domain+endpoint. Return cached data if found, otherwise call Ahrefs and store the result.
Paste this in Lovable chat
1import { serve } from 'https://deno.land/std@0.168.0/http/server.ts'2import { createClient } from 'https://esm.sh/@supabase/supabase-js@2'34const corsHeaders = {5 'Access-Control-Allow-Origin': '*',6 'Access-Control-Allow-Headers': 'authorization, x-client-info, apikey, content-type',7}89serve(async (req) => {10 if (req.method === 'OPTIONS') {11 return new Response('ok', { headers: corsHeaders })12 }1314 const apiToken = Deno.env.get('AHREFS_API_TOKEN')15 const supabaseUrl = Deno.env.get('SUPABASE_URL')!16 const supabaseKey = Deno.env.get('SUPABASE_SERVICE_ROLE_KEY')!17 const supabase = createClient(supabaseUrl, supabaseKey)1819 const url = new URL(req.url)20 const target = url.searchParams.get('target')21 const endpoint = url.searchParams.get('endpoint')2223 if (!target || !endpoint || !apiToken) {24 return new Response(25 JSON.stringify({ error: 'Missing required parameters or secrets' }),26 { status: 400, headers: { ...corsHeaders, 'Content-Type': 'application/json' } }27 )28 }2930 // Check cache (24-hour TTL)31 const { data: cached } = await supabase32 .from('ahrefs_cache')33 .select('data')34 .eq('domain', target)35 .eq('endpoint', endpoint)36 .gt('created_at', new Date(Date.now() - 86400000).toISOString())37 .single()3839 if (cached) {40 return new Response(41 JSON.stringify({ ...cached.data, _cached: true }),42 { headers: { ...corsHeaders, 'Content-Type': 'application/json' } }43 )44 }4546 // Cache miss — call Ahrefs API47 const ahrefsUrl = new URL(`https://api.ahrefs.com/v3/${endpoint}`)48 url.searchParams.forEach((value, key) => {49 if (key !== 'endpoint') ahrefsUrl.searchParams.set(key, value)50 })5152 const response = await fetch(ahrefsUrl.toString(), {53 headers: { 'Authorization': `Bearer ${apiToken}` },54 })55 const data = await response.json()5657 // Store in cache58 await supabase.from('ahrefs_cache').upsert({59 domain: target,60 endpoint,61 data,62 created_at: new Date().toISOString(),63 }, { onConflict: 'domain,endpoint' })6465 return new Response(66 JSON.stringify(data),67 { headers: { ...corsHeaders, 'Content-Type': 'application/json' } }68 )69})Pro tip: Create a unique constraint on (domain, endpoint) in your ahrefs_cache table to enable the upsert on conflict pattern above.
Expected result: Repeated queries for the same domain and endpoint return cached data instantly without consuming Ahrefs API credits. A _cached: true field in the response confirms you are reading from cache.
Common use cases
Backlink monitoring dashboard for client reporting
Pull referring domain counts, new and lost backlinks, and Domain Rating trends for a list of client domains. Display the data in a Lovable dashboard with date range filters and export functionality, replacing manual weekly CSV exports from the Ahrefs interface.
Create a backlink monitoring dashboard that shows referring domains count, Domain Rating, and top 10 new backlinks for a given domain. Fetch this data from our Ahrefs Edge Function at /functions/v1/ahrefs-proxy and display it in a clean card layout with a data table.
Copy this prompt to try it in Lovable
Competitor keyword gap analysis tool
Compare organic keyword rankings between your domain and up to five competitors. Show which keywords competitors rank for that you do not, sorted by traffic potential, so content teams can prioritize what to write next.
Build a keyword gap analysis page where I can enter my domain and two competitor domains. Call our /functions/v1/ahrefs-proxy endpoint to get organic keywords for each domain, then display a table of keywords the competitors rank for that we don't, sorted by monthly search volume descending.
Copy this prompt to try it in Lovable
Automated site audit issue tracker
Use the Ahrefs Site Audit API to pull crawl issues (broken links, missing meta tags, slow pages) and store them in Supabase. Build a Lovable UI that shows issue counts by category, marks issues as resolved, and tracks progress over time.
Create an SEO issue tracker that reads site audit data from our Ahrefs Edge Function and stores issues in a Supabase table called seo_issues. Show a dashboard with issue counts by type (broken links, missing titles, duplicate content) and let me mark individual issues as fixed.
Copy this prompt to try it in Lovable
Troubleshooting
Edge Function returns 500 with 'AHREFS_API_TOKEN secret not configured'
Cause: The secret name in Cloud → Secrets does not exactly match the string in Deno.env.get(). Secrets are case-sensitive.
Solution: Open the Cloud tab → Secrets panel. Verify the secret is named exactly AHREFS_API_TOKEN with no extra spaces or characters. If the name is wrong, delete the secret and re-add it with the correct name. Then redeploy the Edge Function by making a small change and saving.
Ahrefs API returns 402 Payment Required or 'Row limit exceeded'
Cause: Your Ahrefs API plan does not have enough row credits remaining, or a query returned more rows than your plan allows without a row limit parameter.
Solution: Always include a limit parameter in your API calls (e.g., limit=100). Check your Ahrefs API usage dashboard at app.ahrefs.com/api to see remaining credits. Consider upgrading your plan or implementing the caching strategy from Step 5 to reduce total row consumption.
1// Always add limit to Ahrefs API calls2ahrefsUrl.searchParams.set('limit', '100')CORS error in the browser when the frontend calls the Edge Function
Cause: The Edge Function is not returning the Access-Control-Allow-Origin header, or the OPTIONS preflight request is not being handled.
Solution: Ensure the Edge Function returns the corsHeaders object with both the OPTIONS handler and all other responses. Check that the corsHeaders object includes Access-Control-Allow-Origin: * and Access-Control-Allow-Headers including 'apikey'.
1const corsHeaders = {2 'Access-Control-Allow-Origin': '*',3 'Access-Control-Allow-Headers': 'authorization, x-client-info, apikey, content-type',4}5// Handle OPTIONS preflight6if (req.method === 'OPTIONS') {7 return new Response('ok', { headers: corsHeaders })8}Ahrefs API returns data for some domains but not others, or returns empty arrays
Cause: Ahrefs may have limited data for newer or low-authority domains. The API also requires the target parameter to be a clean domain without protocol prefixes.
Solution: Strip http://, https://, and trailing slashes from the domain before passing it to the API. Ahrefs expects format 'example.com' not 'https://www.example.com/'. Small or new sites may genuinely have no backlink data in Ahrefs' index.
1// Clean domain before passing to Ahrefs2const cleanDomain = target3 .replace(/^https?:\/\//, '')4 .replace(/^www\./, '')5 .replace(/\/$/, '')Best practices
- Always store the Ahrefs API token in Cloud → Secrets as AHREFS_API_TOKEN — never hardcode it in Edge Function code or paste it in Lovable chat
- Add a limit parameter to every Ahrefs API call to prevent runaway row consumption; Ahrefs charges per row returned
- Implement response caching in Supabase with a 24-hour TTL to dramatically reduce API costs for dashboards that display the same data repeatedly
- Use the select parameter in Ahrefs API v3 calls to fetch only the columns your UI needs, further reducing row counts
- Validate the target domain format in your Edge Function before calling the Ahrefs API — strip protocols and trailing slashes to avoid empty results
- Monitor your Ahrefs API usage in the app.ahrefs.com/api dashboard and set up alerts before you hit your plan limit
- Create separate Edge Functions for different Ahrefs data types (backlinks, keywords, site audit) rather than one monolithic proxy, so each can be cached and rate-limited independently
- Use RLS policies on your ahrefs_cache table to prevent unauthorized users from reading competitor data cached by other users
Alternatives
SEMrush excels at keyword research and PPC competitive analysis with a broader set of marketing tools, while Ahrefs is stronger for pure backlink analysis and link building workflows.
Google Search Console provides free organic search data (clicks, impressions, position) for your own site but has no backlink analysis or competitor data; Ahrefs covers both your site and competitors.
Moz focuses on its Domain Authority and Page Authority metrics with a cleaner API, while Ahrefs provides deeper backlink data and a more comprehensive index.
Frequently asked questions
Does Ahrefs have a free API tier?
No. Ahrefs API access requires an Advanced plan or above, which starts at $399/month. There is no free API tier. The API uses a pay-per-row model on top of the subscription, so all queries consume API units from your plan's allocation.
Can I call the Ahrefs API directly from my Lovable React frontend?
No. Calling the Ahrefs API directly from the browser would expose your API token in network requests, which anyone could inspect and use to drain your API credits. You must always route Ahrefs API calls through a server-side Edge Function that adds the Authorization header from a Cloud Secret.
How do I avoid high Ahrefs API costs in my Lovable app?
Three practices control costs: always include a limit parameter (e.g., limit=100) on every API call, use the select parameter to fetch only the columns you need, and cache results in Supabase for 24 hours so repeated views of the same dashboard do not re-query Ahrefs. These three together can reduce API row consumption by 80–90%.
Which Ahrefs API v3 endpoints are most useful for a Lovable dashboard?
The most commonly used endpoints are site-explorer/referring-domains (referring domain count and DR), site-explorer/backlinks (individual backlink rows with anchor text), site-explorer/organic-keywords (keyword rankings), and site-explorer/metrics (summary metrics including DR, UR, traffic value). Use the Ahrefs API documentation at ahrefs.com/api/documentation/v3 to explore all available endpoints.
Can I use Ahrefs webhook events in my Lovable app?
Ahrefs does not offer webhooks for data change notifications. All data retrieval is pull-based via the REST API. To simulate alerts (for example, notifying when referring domains drop), you would need to set up a scheduled Supabase Edge Function that polls the Ahrefs API on a cron schedule and compares results against previously stored values.
Talk to an Expert
Our team has built 600+ apps. Get personalized help with your project.
Book a free consultation