All endpoints require a Bearer token in the Authorization header. Your account UUID is part of the URL path.
Base URL: https://api.mecanik.dev/v1/client/{uuid}/tools
curl -X POST https://api.mecanik.dev/v1/client/YOUR_UUID/tools/security-headers \
-H "Authorization: Bearer YOUR_TOKEN" \
-H "Content-Type: application/json" \
-d '{"url": "https://example.com"}'
/v1/client/{uuid}/tools/ai-code-review
Analyze a code snippet for security vulnerabilities, bugs, performance issues, and best practices. Returns structured findings with severity ratings and a quality score. Powered by LLM (max 4 000 chars input, 10 calls/day per user).
{ "code": "const secret = \"hardcoded123\";\napp.get(\"/admin\", (req, res) => {\n res.send(db.query(\`SELECT * FROM users WHERE id = ${req.query.id}\`));\n});", "language": "javascript" }{
"result": {
"language": "javascript",
"analysis": {
"issues": [
{
"severity": "critical",
"category": "security",
"line": "1",
"description": "Hardcoded secret in source code",
"fix": "Use environment variables: process.env.SECRET"
},
{
"severity": "critical",
"category": "security",
"line": "3",
"description": "SQL injection via string interpolation",
"fix": "Use parameterized queries: db.query('SELECT * FROM users WHERE id = ?', [req.query.id])"
}
],
"summary": "Critical security issues detected: hardcoded credentials and SQL injection vulnerability.",
"score": 15
},
"input_length": 142,
"analyzed_at": "2025-06-01T12:00:00.000Z"
},
"success": true,
"errors": []
}/v1/client/{uuid}/tools/ai-content-summarize
Summarize any text content into a concise overview with key points, keywords, tone analysis, and estimated reading time. Great for processing articles, documentation, or marketing copy. Powered by LLM (max 4 000 chars, 10 calls/day per user).
{ "text": "Cloudflare Workers provides a serverless execution environment that allows you to create new applications or augment existing ones without configuring or maintaining infrastructure. Your Worker code is deployed to the Cloudflare global network of data centers..." }{
"result": {
"analysis": {
"summary": "Cloudflare Workers is a serverless platform for deploying applications across Cloudflare's global network without managing infrastructure.",
"key_points": [
"Serverless execution environment",
"No infrastructure configuration needed",
"Deployed globally across Cloudflare data centers"
],
"keywords": ["cloudflare", "workers", "serverless", "infrastructure", "deployment"],
"word_count": 38,
"reading_time_seconds": 12,
"tone": "technical"
},
"input_length": 248,
"summarized_at": "2025-06-01T12:00:00.000Z"
},
"success": true,
"errors": []
}/v1/client/{uuid}/tools/ai-seo-generate
Generate optimized SEO meta tags from page content: title tag, meta description, Open Graph tags, keywords, H1 suggestion, slug, and actionable SEO tips. Pair with the SEO Analyzer for a complete workflow. Powered by LLM (max 4 000 chars, 10 calls/day per user).
{ "content": "Learn how to secure your web applications with HTTP security headers including Content-Security-Policy, HSTS, X-Frame-Options and more. This comprehensive guide covers implementation for Apache, Nginx and Cloudflare.", "url": "https://example.com/blog/security-headers-guide" }{
"result": {
"url": "https://example.com/blog/security-headers-guide",
"seo": {
"title": "HTTP Security Headers Guide: CSP, HSTS & More | Example.com",
"meta_description": "Master HTTP security headers with our complete guide. Learn to implement CSP, HSTS, X-Frame-Options on Apache, Nginx & Cloudflare. Protect your web apps today.",
"og_title": "Complete Guide to HTTP Security Headers",
"og_description": "Comprehensive guide to implementing Content-Security-Policy, HSTS, X-Frame-Options and other critical HTTP security headers.",
"keywords": ["security headers", "CSP", "HSTS", "X-Frame-Options", "web security", "Cloudflare"],
"h1_suggestion": "The Complete Guide to HTTP Security Headers",
"slug_suggestion": "http-security-headers-complete-guide",
"content_type": "article",
"seo_tips": [
"Add structured data (HowTo or Article schema) for rich snippets",
"Include an FAQ section targeting 'how to add security headers'",
"Add internal links to related security tool pages"
]
},
"input_length": 264,
"generated_at": "2025-06-01T12:00:00.000Z"
},
"success": true,
"errors": []
}/v1/client/{uuid}/tools/security-headers
Analyze any URL's HTTP security headers (HSTS, CSP, X-Frame-Options, Permissions-Policy, and more). Returns a letter grade (A+ to F) and actionable recommendations.
{ "url": "https://example.com" }{
"result": {
"url": "https://example.com",
"grade": "B",
"score": 70,
"headers": [
{
"header": "Strict-Transport-Security",
"present": true,
"value": "max-age=31536000; includeSubDomains",
"rating": "good",
"recommendation": ""
}
],
"scanned_at": "2025-06-01T12:00:00.000Z"
},
"success": true,
"errors": []
}/v1/client/{uuid}/tools/tls-check
Verify SSL/TLS configuration, HSTS enforcement, HTTP-to-HTTPS redirect, and TLS version for any hostname.
{ "host": "example.com", "port": 443 }{
"result": {
"host": "example.com",
"port": 443,
"protocol": "HTTPS",
"tls_version": "TLSv1.3",
"grade": "A",
"issues": [],
"scanned_at": "2025-06-01T12:00:00.000Z"
},
"success": true,
"errors": []
}/v1/client/{uuid}/tools/tech-detect
Detect the tech stack behind any website: CMS, frameworks, CDN, analytics, and 35+ technology signatures.
{ "url": "https://example.com" }{
"result": {
"url": "https://example.com",
"technologies": [
{ "name": "Cloudflare", "category": "CDN" },
{ "name": "Next.js", "category": "Framework" }
],
"count": 2,
"scanned_at": "2025-06-01T12:00:00.000Z"
},
"success": true,
"errors": []
}/v1/client/{uuid}/tools/seo-analyze
Analyze meta tags, Open Graph, structured data, canonical URL, robots directives, and 15+ on-page SEO factors with a score.
{ "url": "https://example.com" }{
"result": {
"url": "https://example.com",
"grade": "A",
"score": 85,
"findings": [
{ "name": "title", "content": "Example Domain", "status": "good", "recommendation": "" }
],
"scanned_at": "2025-06-01T12:00:00.000Z"
},
"success": true,
"errors": []
}/v1/client/{uuid}/tools/dns-lookup
Query A, AAAA, MX, TXT, CNAME, NS, SOA, SRV, and CAA records via Cloudflare DNS-over-HTTPS.
{ "domain": "example.com", "types": ["A", "MX", "TXT"] }{
"result": {
"domain": "example.com",
"records": {
"A": [{ "type": "A", "name": "example.com.", "data": "93.184.216.34", "ttl": 3600 }],
"MX": [],
"TXT": []
},
"queried_types": ["A", "MX", "TXT"],
"scanned_at": "2025-06-01T12:00:00.000Z"
},
"success": true,
"errors": []
}/v1/client/{uuid}/tools/email-deliverability
Check MX records, SPF, DKIM (9 common selectors), and DMARC for any domain. Get a deliverability score and grade.
{ "domain": "example.com" }{
"result": {
"domain": "example.com",
"score": 75,
"grade": "B",
"checks": [
{ "name": "MX Records", "status": "pass", "detail": "Found 1 MX record(s)" },
{ "name": "SPF", "status": "pass", "detail": "SPF record with hard fail (-all)" }
],
"scanned_at": "2025-06-01T12:00:00.000Z"
},
"success": true,
"errors": []
}/v1/client/{uuid}/tools/email-validator
Detect disposable, temporary, and throwaway email addresses with high accuracy. Returns a 0-100 risk score with verdict (disposable/suspicious/legitimate) and signal codes.
{ "email": "user@guerrillamail.com" }{
"result": {
"email": "user@guerrillamail.com",
"domain": "guerrillamail.com",
"verdict": "disposable",
"score": 80,
"signals": [
{ "code": "MK01", "weight": 80 }
],
"cached": false
},
"success": true,
"errors": []
}/v1/client/{uuid}/tools/email-validator-bulk
Validate up to 10 email addresses in a single request. Domains are deduplicated and analyzed in parallel. Returns per-email verdicts with aggregate counts.
{ "emails": ["user@gmail.com", "test@guerrillamail.com", "hello@example.com"] }{
"result": {
"total": 3,
"disposable": 1,
"suspicious": 0,
"legitimate": 2,
"results": [
{ "email": "user@gmail.com", "domain": "gmail.com", "verdict": "legitimate", "score": 0, "signal_count": 1 },
{ "email": "test@guerrillamail.com", "domain": "guerrillamail.com", "verdict": "disposable", "score": 80, "signal_count": 1 },
{ "email": "hello@example.com", "domain": "example.com", "verdict": "legitimate", "score": 25, "signal_count": 1 }
]
},
"success": true,
"errors": []
}/v1/client/{uuid}/tools/qr-generate
Generate QR codes as SVG or Base64 PNG. Supports custom size, foreground/background colors.
{ "data": "https://mecanik.dev", "format": "svg", "size": 256 }{
"result": {
"format": "svg",
"size": 256,
"data": "<svg xmlns=\"http://www.w3.org/2000/svg\" ...>...</svg>"
},
"success": true,
"errors": []
}/v1/client/{uuid}/tools/placeholder-image
Generate SVG placeholder images with custom dimensions, colors, and text. Pass parameters as query string.
Query: ?width=400&height=300&bg=cccccc&color=333333&text=400x300
Returns SVG image directly (Content-Type: image/svg+xml)
/v1/client/{uuid}/tools/hash-generate
Compute SHA-1, SHA-256, SHA-384, SHA-512, and MD5 hashes of any input string (max 100K characters).
{ "input": "hello world", "algorithm": "sha256" }{
"result": {
"algorithm": "SHA-256",
"hash": "b94d27b9934d3e08a52e52d7da7dabfac484efe37a5380ee9088f7ace2efcde9",
"input_length": 11
},
"success": true,
"errors": []
}/v1/client/{uuid}/tools/jwt-decode
Decode JWT headers and payloads, analyze expiration, issuer, algorithm, and surface security warnings.
{ "token": "eyJhbGciOi..." }{
"result": {
"header": { "alg": "HS256", "typ": "JWT" },
"payload": { "sub": "1234567890", "iat": 1516239022 },
"expired": false,
"warnings": []
},
"success": true,
"errors": []
}/v1/client/{uuid}/tools/password-strength
Entropy calculation, pattern detection, dictionary checks, keyboard patterns, and crack-time estimation.
{ "password": "MyP@ssw0rd!" }{
"result": {
"score": 3,
"label": "Strong",
"entropy_bits": 52.4,
"crack_time_display": "centuries",
"suggestions": []
},
"success": true,
"errors": []
}/v1/client/{uuid}/tools/cron-explain
Parse cron expressions into human-readable descriptions with the next N scheduled run times.
{ "expression": "*/5 * * * *", "count": 3 }{
"result": {
"expression": "*/5 * * * *",
"description": "Every 5 minutes",
"next_runs": [
"2025-06-01T12:05:00.000Z",
"2025-06-01T12:10:00.000Z",
"2025-06-01T12:15:00.000Z"
]
},
"success": true,
"errors": []
}Retry-After header.Limits are per user per 1-minute sliding window: