Mecanik API Documentation

Overview & Pricing Buy Credits Create Account

Authentication

All endpoints require a Bearer token in the Authorization header. Your account UUID is part of the URL path.

Base URL: https://api.mecanik.dev/v1/client/{uuid}/tools

curl -X POST https://api.mecanik.dev/v1/client/YOUR_UUID/tools/security-headers \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"url": "https://example.com"}'

Endpoints

POST Security Headers Scanner POST SSL/TLS Checker POST Technology Detector POST SEO Analyzer POST DNS Lookup POST Email Deliverability POST QR Code Generator GET Placeholder Image POST Hash Generator POST JWT Decoder POST Password Strength Analyzer POST Cron Expression Explainer
Security & Website Analysis 5 credits per call
POST /v1/client/{uuid}/tools/security-headers
5 credits

Security Headers Scanner

Analyze any URL's HTTP security headers (HSTS, CSP, X-Frame-Options, Permissions-Policy, and more). Returns a letter grade (A+ to F) and actionable recommendations.

Request Body
{ "url": "https://example.com" }
Example Response
{
  "result": {
    "url": "https://example.com",
    "grade": "B",
    "score": 70,
    "headers": [
      {
        "header": "Strict-Transport-Security",
        "present": true,
        "value": "max-age=31536000; includeSubDomains",
        "rating": "good",
        "recommendation": ""
      }
    ],
    "scanned_at": "2025-06-01T12:00:00.000Z"
  },
  "success": true,
  "errors": []
}
▶ Try It Test this endpoint with your API key
POST /v1/client/{uuid}/tools/tls-check
5 credits

SSL/TLS Checker

Verify SSL/TLS configuration, HSTS enforcement, HTTP-to-HTTPS redirect, and TLS version for any hostname.

Request Body
{ "host": "example.com", "port": 443 }
Example Response
{
  "result": {
    "host": "example.com",
    "port": 443,
    "protocol": "HTTPS",
    "tls_version": "TLSv1.3",
    "grade": "A",
    "issues": [],
    "scanned_at": "2025-06-01T12:00:00.000Z"
  },
  "success": true,
  "errors": []
}
▶ Try It Test this endpoint with your API key
POST /v1/client/{uuid}/tools/tech-detect
5 credits

Technology Detector

Detect the tech stack behind any website: CMS, frameworks, CDN, analytics, and 35+ technology signatures.

Request Body
{ "url": "https://example.com" }
Example Response
{
  "result": {
    "url": "https://example.com",
    "technologies": [
      { "name": "Cloudflare", "category": "CDN" },
      { "name": "Next.js", "category": "Framework" }
    ],
    "count": 2,
    "scanned_at": "2025-06-01T12:00:00.000Z"
  },
  "success": true,
  "errors": []
}
▶ Try It Test this endpoint with your API key
POST /v1/client/{uuid}/tools/seo-analyze
5 credits

SEO Analyzer

Analyze meta tags, Open Graph, structured data, canonical URL, robots directives, and 15+ on-page SEO factors with a score.

Request Body
{ "url": "https://example.com" }
Example Response
{
  "result": {
    "url": "https://example.com",
    "grade": "A",
    "score": 85,
    "findings": [
      { "name": "title", "content": "Example Domain", "status": "good", "recommendation": "" }
    ],
    "scanned_at": "2025-06-01T12:00:00.000Z"
  },
  "success": true,
  "errors": []
}
▶ Try It Test this endpoint with your API key
POST /v1/client/{uuid}/tools/dns-lookup
5 credits

DNS Lookup

Query A, AAAA, MX, TXT, CNAME, NS, SOA, SRV, and CAA records via Cloudflare DNS-over-HTTPS.

Request Body
{ "domain": "example.com", "types": ["A", "MX", "TXT"] }
Example Response
{
  "result": {
    "domain": "example.com",
    "records": {
      "A": [{ "type": "A", "name": "example.com.", "data": "93.184.216.34", "ttl": 3600 }],
      "MX": [],
      "TXT": []
    },
    "queried_types": ["A", "MX", "TXT"],
    "scanned_at": "2025-06-01T12:00:00.000Z"
  },
  "success": true,
  "errors": []
}
▶ Try It Test this endpoint with your API key
POST /v1/client/{uuid}/tools/email-deliverability
5 credits

Email Deliverability

Check MX records, SPF, DKIM (9 common selectors), and DMARC for any domain. Get a deliverability score and grade.

Request Body
{ "domain": "example.com" }
Example Response
{
  "result": {
    "domain": "example.com",
    "score": 75,
    "grade": "B",
    "checks": [
      { "name": "MX Records", "status": "pass", "detail": "Found 1 MX record(s)" },
      { "name": "SPF", "status": "pass", "detail": "SPF record with hard fail (-all)" }
    ],
    "scanned_at": "2025-06-01T12:00:00.000Z"
  },
  "success": true,
  "errors": []
}
▶ Try It Test this endpoint with your API key
Developer Utilities 1 credit per call
POST /v1/client/{uuid}/tools/qr-generate
1 credit

QR Code Generator

Generate QR codes as SVG or Base64 PNG. Supports custom size, foreground/background colors.

Request Body
{ "data": "https://mecanik.dev", "format": "svg", "size": 256 }
Example Response
{
  "result": {
    "format": "svg",
    "size": 256,
    "data": "<svg xmlns=\"http://www.w3.org/2000/svg\" ...>...</svg>"
  },
  "success": true,
  "errors": []
}
▶ Try It Test this endpoint with your API key
GET /v1/client/{uuid}/tools/placeholder-image
1 credit

Placeholder Image

Generate SVG placeholder images with custom dimensions, colors, and text. Pass parameters as query string.

Parameters
Query: ?width=400&height=300&bg=cccccc&color=333333&text=400x300
Example Response
Returns SVG image directly (Content-Type: image/svg+xml)
▶ Try It Test this endpoint with your API key
POST /v1/client/{uuid}/tools/hash-generate
1 credit

Hash Generator

Compute SHA-1, SHA-256, SHA-384, SHA-512, and MD5 hashes of any input string (max 100K characters).

Request Body
{ "input": "hello world", "algorithm": "sha256" }
Example Response
{
  "result": {
    "algorithm": "SHA-256",
    "hash": "b94d27b9934d3e08a52e52d7da7dabfac484efe37a5380ee9088f7ace2efcde9",
    "input_length": 11
  },
  "success": true,
  "errors": []
}
▶ Try It Test this endpoint with your API key
POST /v1/client/{uuid}/tools/jwt-decode
1 credit

JWT Decoder

Decode JWT headers and payloads, analyze expiration, issuer, algorithm, and surface security warnings.

Request Body
{ "token": "eyJhbGciOi..." }
Example Response
{
  "result": {
    "header": { "alg": "HS256", "typ": "JWT" },
    "payload": { "sub": "1234567890", "iat": 1516239022 },
    "expired": false,
    "warnings": []
  },
  "success": true,
  "errors": []
}
▶ Try It Test this endpoint with your API key
POST /v1/client/{uuid}/tools/password-strength
1 credit

Password Strength Analyzer

Entropy calculation, pattern detection, dictionary checks, keyboard patterns, and crack-time estimation.

Request Body
{ "password": "MyP@ssw0rd!" }
Example Response
{
  "result": {
    "score": 3,
    "label": "Strong",
    "entropy_bits": 52.4,
    "crack_time_display": "centuries",
    "suggestions": []
  },
  "success": true,
  "errors": []
}
▶ Try It Test this endpoint with your API key
POST /v1/client/{uuid}/tools/cron-explain
1 credit

Cron Expression Explainer

Parse cron expressions into human-readable descriptions with the next N scheduled run times.

Request Body
{ "expression": "*/5 * * * *", "count": 3 }
Example Response
{
  "result": {
    "expression": "*/5 * * * *",
    "description": "Every 5 minutes",
    "next_runs": [
      "2025-06-01T12:05:00.000Z",
      "2025-06-01T12:10:00.000Z",
      "2025-06-01T12:15:00.000Z"
    ]
  },
  "success": true,
  "errors": []
}
▶ Try It Test this endpoint with your API key
Error Codes
400
Invalid request body, URL, domain, or parameters.
402
Insufficient credits. Purchase more at members.mecanik.dev/credits.
403
API access suspended due to abuse, or invalid/expired Bearer token.
413
Request body too large (max 64 KB).
415
Content-Type must be application/json for POST endpoints.
429
Rate limit exceeded. Response includes a Retry-After header.
502
Failed to reach the target URL (timeout, DNS failure, connection refused).

Rate Limits

Limits are per user per 1-minute sliding window:

Security
10 requests/min per endpoint
Utility
30 requests/min per endpoint
Global
60 requests/min across all endpoints per user
Per IP
120 requests/min across all endpoints
© 2026 Mecanik. All rights reserved.
mecanik.dev