When the A11y Pulse API launched it was read-only. It can now write too. You can create, update, and delete sites and pages, and trigger a scan for any site, all through the same Bearer-token API you already use to read your data.
Every API key now carries its own set of permissions that you choose when you create it. Read access covers all the existing read endpoints, Manage sites & pages unlocks creating, updating, and deleting sites and pages, and Trigger scans lets a key start scans on demand. A key only has the permissions you grant it, so you can hand a CI pipeline a key that can trigger scans without giving it the ability to delete a site. Permissions are fixed when the key is created, so to change them you create a new key and revoke the old one.
The new endpoints respect the same team scoping and plan limits as the rest of the product, and submitted URLs are validated before anything is created. You can explore all of them, including the request and response shapes, in the interactive API reference.