Stitchflow
Back to directory
SEMrush logo

SEMrush User Management API Guide

API workflow

How to automate user lifecycle operations through APIs with caveats that matter in production.

UpdatedMar 16, 2026

Summary and recommendation

SEMrush's public API is a data and analytics API - it exposes SEO metrics, keyword research, and site audit endpoints, not user management operations.

There are no documented REST endpoints for creating, listing, updating, or deleting users or seats.

Authentication uses a plain query-parameter API key (`key=YOUR_API_KEY`), not OAuth 2.0 or Bearer tokens, which limits how safely credentials can be passed in automated pipelines.

For teams building an identity graph across SaaS tools, SEMrush represents a gap: user state cannot be read or written programmatically, so it cannot be a node in any automated provisioning or reconciliation workflow.

API quick reference

Has user APINo
Auth methodAPI key (passed as query parameter `key`)
Base URLOfficial docs
SCIM availableNo
SCIM plan requiredEnterprise

Authentication

Auth method: API key (passed as query parameter key)

Setup steps

  1. Log in to your SEMrush account.
  2. Navigate to Profile > API Keys (or Account Settings > API).
  3. Generate or copy your API key.
  4. Append key=YOUR_API_KEY as a query parameter to all API requests.

User object / data model

User object field mapping is not yet verified for this app.

Core endpoints

Endpoint coverage is not yet verified for this app.

Rate limits, pagination, and events

  • Rate limits: SEMrush API access is governed by API units (credits) consumed per request, not by request-per-second rate limits. Each plan includes a monthly unit allocation. Requests exceeding the unit balance are rejected.
  • Rate-limit headers: No
  • Retry-After header: No
  • Rate-limit notes: Unit costs vary by report type. No documented per-second or concurrent request limits in official docs. Unit balance can be checked via the API itself.
  • Pagination method: offset
  • Default page size: 10
  • Max page size: 10000
  • Pagination pointer: offset / limit
Plan Limit Concurrent
Pro 3,000 API units/month included; additional units purchasable 0
Guru 5,000 API units/month included; additional units purchasable 0
Business 10,000 API units/month included; additional units purchasable 0
Enterprise Custom unit allocation 0
  • Webhooks available: No
  • Webhook notes: SEMrush does not document any webhook system for user or account events in its official developer documentation.
  • Alternative event strategy: Poll the SEMrush API or use the web UI for account/user status changes. No event-driven alternative is officially documented.

SCIM API status

  • SCIM available: No
  • SCIM version: Not documented
  • Plan required: Enterprise
  • Endpoint: Not documented

Limitations:

  • SEMrush does not offer a native SCIM 2.0 endpoint.
  • User provisioning and deprovisioning must be performed manually via the SEMrush web UI or through IdP-side Okta/Entra integrations that handle SSO authentication only, not lifecycle provisioning.
  • SAML SSO is available but must be enabled by contacting SEMrush support; it does not include automated SCIM provisioning.
  • No connector-specific or IdP-generated SCIM endpoint is documented by SEMrush.

Common scenarios

Onboarding a new team member requires an Admin to log in, navigate to Account Management → Users, and send a manual email invitation there is no API call that replicates this flow.

Deprovisioning a departing employee follows the same UI path;

disabling the user in an IdP (Okta or Entra) blocks SSO authentication but does not remove the user from the SEMrush account, so a separate manual removal step in the UI is always required.

The one scenario where the API adds operational value is monitoring unit consumption: developers can instrument API calls to track monthly unit burn and alert before the balance is exhausted, since exceeding the limit returns an error rather than a throttled response with a Retry-After header.

Onboard a new team member to SEMrush

  1. Log in to SEMrush as an account admin.
  2. Navigate to Account Management > Users.
  3. Click 'Invite User', enter the user's email, and assign a role (Admin, User, etc.).
  4. User receives an email invitation to join the account.
  5. If SAML SSO is enabled (requires prior support enablement), the user authenticates via the configured IdP.

Watch out for: There is no API endpoint to automate this invitation flow. It must be done manually in the UI or via IdP SSO login (authentication only, not provisioning).

Deprovision a departing employee

  1. Log in to SEMrush as an account admin.
  2. Navigate to Account Management > Users.
  3. Locate the user and select 'Remove User' or revoke their seat.
  4. If SSO is in use, also disable or deactivate the user in the IdP (Okta/Entra) to block future authentication.

Watch out for: No SCIM deprovisioning is available. Disabling the user in the IdP prevents SSO login but does not automatically remove the user from the SEMrush account - manual removal in the UI is required.

Check remaining API unit balance programmatically

  1. Construct a request to the SEMrush API with your API key.
  2. Call: GET https://api.semrush.com/?type=phrase_this&key=YOUR_KEY&phrase=test&database=us (any minimal report call).
  3. Inspect the response header or use the dedicated units endpoint if documented for your plan.
  4. Monitor unit consumption to avoid exceeding monthly allocation.

Watch out for: Unit balance reporting endpoints may vary by plan. Exceeding units returns an error response, not a throttle with Retry-After. No rate-limit headers are documented.

Why building this yourself is a trap

The most common integration assumption to avoid is treating Okta or Entra SSO as equivalent to lifecycle management - these IdP integrations handle authentication only and do not provision or deprovision SEMrush seats. SAML SSO itself is not self-serve; it requires contacting SEMrush support to enable, adding lead time to any IdP rollout.

API unit costs vary by report type and are not surfaced via rate-limit headers, so pipelines that call multiple report types in sequence can exhaust monthly allocations faster than expected with no in-band warning. No official SDK is published by SEMrush, so any API client must be maintained internally.

Automate SEMrush workflows without one-off scripts

Stitchflow builds and maintains end-to-end IT automation across your SaaS stack, including apps without APIs. Built for exactly how your company works, with human approvals where they matter.

Every app coverage, including apps without APIs
60+ app integrations plus browser automation for apps without APIs
IT graph reconciliation across apps and your IdP
Less than a week to launch, maintained as APIs and admin consoles change
SOC 2 Type II. ~2 hours of your team's time
Book a Demo

UpdatedMar 16, 2026

* Details sourced from official product documentation and admin references.

Keep exploring

Related apps

6sense logo

6sense

Manual Only
AutomationNot Supported
Last updatedFeb 2026

6sense user management lives entirely in Settings > User Management (https://analytics.6sense.com/settings/user-management). The platform uses a role-based access control model scoped per product module — ABM, Sales Intelligence (SI), and Conversationa

Admin guideAPI guide
Alkami logo

Alkami

Manual Only
AutomationNot Supported
Last updatedMar 2026

Alkami is an enterprise-only digital banking platform sold exclusively to financial institutions such as banks and credit unions. It is not a general-purpose SaaS tool, and its admin and user-management documentation is not publicly available. Independ

Admin guideAPI guide
AmazingHiring logo

AmazingHiring

Manual Only
AutomationNot Supported
Last updatedMar 2026

AmazingHiring is a recruiter-facing sourcing platform sold on a pay-per-seat, annual billing model. There is no native SCIM support and no publicly documented IdP integration, which means every app lifecycle event — onboarding, role change, offboarding

Admin guideAPI guide