Open-source web data API for AI agents to search, scrape, parse, crawl, monitor, and interact with websites, with clean Markdown or structured JSON output.
{
"score": 98,
"tier": "Agent Native",
"history": [
{
"date": "2026-06-07",
"score": 98,
"tier": "Agent Native",
"summary": "Initial evaluation. Firecrawl is highly agent-native: bearer-token API auth, AI onboarding docs, llms.txt and llms-full.txt, hosted and local MCP servers, CLI and agent skills, strong SDK coverage, webhooks with retries, monitor events, rate-limit documentation, public status, and a structured error catalog. The score is held below a perfect mark because default account/key creation still appears dashboard-oriented unless a platform can use the WorkOS ID-JAG path, and public API-key scoping/audit-log details were not found."
}
],
"breakdown": [
{
"index": "01",
"criterion": "Machine Authentication",
"score": 20,
"max": 20,
"note": "The v2 API uses bearer-token authentication via the Authorization header and documented FIRECRAWL_API_KEY environment variable flows for SDKs, CLI, and MCP. No browser redirect or OAuth loop is required once an API key exists."
},
{
"index": "02",
"criterion": "Autonomous Onboarding",
"score": 12,
"max": 20,
"note": "Firecrawl publishes AI-agent onboarding links, a free monthly credit allowance, CLI/browser auth setup, and an auth.md path for platforms that can mint a WorkOS ID-JAG. The ordinary API-key path still points agents to the dashboard, so fully autonomous signup/key issuance is not universally documented."
},
{
"index": "03",
"criterion": "MCP Support",
"score": 20,
"max": 20,
"note": "Official MCP support is first-class via a hosted streamable HTTP endpoint and the firecrawl-mcp npm package. The MCP server is open source and covers search, scrape, interact, crawl, map, extract, agent, browser sessions, cloud, and self-hosted use."
},
{
"index": "04",
"criterion": "API Documentation Quality",
"score": 10,
"max": 10,
"note": "Documentation includes llms.txt and llms-full.txt, a v2 API reference, endpoint pages for search/scrape/parse/map/crawl/monitor/account usage, SDK guides for Node.js, Python, Go, Rust, Elixir, Java, .NET, PHP, and Ruby, cookbook examples, integration guides, and public GitHub docs sources."
},
{
"index": "05",
"criterion": "Real-Time Event Delivery",
"score": 15,
"max": 15,
"note": "Webhooks support real-time started/page/completed/failed-style events for crawl, batch scrape, extract, agent jobs, and monitor checks. Delivery requires HTTPS, includes configurable metadata/events, and retries failed deliveries after 1, 5, and 15 minutes."
},
{
"index": "06",
"criterion": "Structured Error Responses",
"score": 9,
"max": 10,
"note": "Firecrawl documents a consistent JSON error shape with success=false, error, optional details/code, an error catalog covering common HTTP statuses, retryability, remediation, Retry-After handling for 429s, and copy-paste backoff snippets. The catalog is explicitly non-exhaustive, so it misses full marks."
},
{
"index": "07",
"criterion": "Security Posture",
"score": 8,
"max": 10,
"note": "Security posture is strong: bearer API keys, HTTPS webhook requirements, HMAC-SHA256 webhook signatures, timing-safe verification guidance, documented rate/concurrency limits, public status monitoring, robots.txt respect, and public SOC 2 Type II trust signals. Public audit logs and granular API-key scopes were not found."
},
{
"index": "08",
"criterion": "Response Consistency",
"score": 4,
"max": 5,
"note": "The API is documented under /v2, GitHub shows active versioned releases, and Firecrawl publishes a high-cadence changelog/blog. A formal deprecation or backward-compatibility policy was not found in reviewed public materials."
}
]
}{
"score": 93,
"summary": "Very strong market confidence from broad developer adoption, named enterprise users, Series A backing, a large open-source community, mature documentation, status visibility, and public SOC 2 Type II trust signals.",
"signals": [
{
"criterion": "Adoption",
"score": 20,
"max": 20,
"note": "Firecrawl publicly claims 1.25M+ developers, 150,000+ companies, 8B+ pages fetched, and named users including Apple, Canva, Shopify, Zapier, Lovable, Replit, Sierra, and Gamma."
},
{
"criterion": "Funding & Backing",
"score": 17,
"max": 20,
"note": "Firecrawl announced a $14.5M Series A led by Nexus Venture Partners in August 2025, bringing total funding to $16.2M with participation from Y Combinator, Zapier, Shopify CEO Tobias Lütke, and other angels."
},
{
"criterion": "Community & Ecosystem",
"score": 20,
"max": 20,
"note": "The open-source repository shows about 130k GitHub stars and 7.7k forks, AGPL-3.0 core licensing, 34 releases, multi-language SDKs, official MCP, CLI, agent skills, workflows, Vercel AI SDK tools, and broad framework integrations."
},
{
"criterion": "Operational Maturity",
"score": 18,
"max": 20,
"note": "Firecrawl publishes detailed docs, pricing, rate limits, a public status page, changelog/blog release cadence, hosted API, self-hosting docs, webhooks, queue status, and enterprise paths. The main maturity caveat is that rapid product expansion creates more surface area to keep stable."
},
{
"criterion": "Security & Compliance",
"score": 18,
"max": 20,
"note": "Public materials reference SOC 2 Type II, API key authentication, HTTPS webhook endpoints, HMAC-SHA256 webhook signatures, rate and concurrency limits, Retry-After handling, status monitoring, robots.txt respect, and zero-data-retention positioning. Public audit-log and API-key scoping details were not found."
}
]
}Initial evaluation. Firecrawl is highly agent-native: bearer-token API auth, AI onboarding docs, llms.txt and llms-full.txt, hosted and local MCP servers, CLI and agent skills, strong SDK coverage, webhooks with retries, monitor events, rate-limit documentation, public status, and a structured error catalog. The score is held below a perfect mark because default account/key creation still appears dashboard-oriented unless a platform can use the WorkOS ID-JAG path, and public API-key scoping/audit-log details were not found.
The v2 API uses bearer-token authentication via the Authorization header and documented FIRECRAWL_API_KEY environment variable flows for SDKs, CLI, and MCP. No browser redirect or OAuth loop is required once an API key exists.
Firecrawl publishes AI-agent onboarding links, a free monthly credit allowance, CLI/browser auth setup, and an auth.md path for platforms that can mint a WorkOS ID-JAG. The ordinary API-key path still points agents to the dashboard, so fully autonomous signup/key issuance is not universally documented.
Official MCP support is first-class via a hosted streamable HTTP endpoint and the firecrawl-mcp npm package. The MCP server is open source and covers search, scrape, interact, crawl, map, extract, agent, browser sessions, cloud, and self-hosted use.
Documentation includes llms.txt and llms-full.txt, a v2 API reference, endpoint pages for search/scrape/parse/map/crawl/monitor/account usage, SDK guides for Node.js, Python, Go, Rust, Elixir, Java, .NET, PHP, and Ruby, cookbook examples, integration guides, and public GitHub docs sources.
Webhooks support real-time started/page/completed/failed-style events for crawl, batch scrape, extract, agent jobs, and monitor checks. Delivery requires HTTPS, includes configurable metadata/events, and retries failed deliveries after 1, 5, and 15 minutes.
Firecrawl documents a consistent JSON error shape with success=false, error, optional details/code, an error catalog covering common HTTP statuses, retryability, remediation, Retry-After handling for 429s, and copy-paste backoff snippets. The catalog is explicitly non-exhaustive, so it misses full marks.
Security posture is strong: bearer API keys, HTTPS webhook requirements, HMAC-SHA256 webhook signatures, timing-safe verification guidance, documented rate/concurrency limits, public status monitoring, robots.txt respect, and public SOC 2 Type II trust signals. Public audit logs and granular API-key scopes were not found.
The API is documented under /v2, GitHub shows active versioned releases, and Firecrawl publishes a high-cadence changelog/blog. A formal deprecation or backward-compatibility policy was not found in reviewed public materials.
Very strong market confidence from broad developer adoption, named enterprise users, Series A backing, a large open-source community, mature documentation, status visibility, and public SOC 2 Type II trust signals.
Firecrawl publicly claims 1.25M+ developers, 150,000+ companies, 8B+ pages fetched, and named users including Apple, Canva, Shopify, Zapier, Lovable, Replit, Sierra, and Gamma.
Firecrawl announced a $14.5M Series A led by Nexus Venture Partners in August 2025, bringing total funding to $16.2M with participation from Y Combinator, Zapier, Shopify CEO Tobias Lütke, and other angels.
The open-source repository shows about 130k GitHub stars and 7.7k forks, AGPL-3.0 core licensing, 34 releases, multi-language SDKs, official MCP, CLI, agent skills, workflows, Vercel AI SDK tools, and broad framework integrations.
Firecrawl publishes detailed docs, pricing, rate limits, a public status page, changelog/blog release cadence, hosted API, self-hosting docs, webhooks, queue status, and enterprise paths. The main maturity caveat is that rapid product expansion creates more surface area to keep stable.
Public materials reference SOC 2 Type II, API key authentication, HTTPS webhook endpoints, HMAC-SHA256 webhook signatures, rate and concurrency limits, Retry-After handling, status monitoring, robots.txt respect, and zero-data-retention positioning. Public audit-log and API-key scoping details were not found.