API Reference
The TK-TIS REST API is hosted on Cloudflare Workers. Use it to manage projects, retrieve test results, trigger scans, and integrate with your applications.
Base URL: https://htk-cloud-v4.enzu-agent.workers.dev
Authentication
The API supports two authentication methods:
JWT Tokens (session-based)
Used by the web dashboard. Obtain a JWT by logging in:
curl -X POST https://htk-cloud-v4.enzu-agent.workers.dev/api/auth/login \
-H "Content-Type: application/json" \
-d '{"email": "user@example.com", "password": "your-password"}'{
"token": "eyJhbGciOiJIUzI1NiIs...",
"user": {
"id": "usr_abc123",
"email": "user@example.com",
"plan": "pro"
}
}Include the JWT in subsequent requests:
curl https://htk-cloud-v4.enzu-agent.workers.dev/api/projects \
-H "Authorization: Bearer eyJhbGciOiJIUzI1NiIs..."API Keys (for CLI and integrations)
API keys are generated in the dashboard (Settings > API Keys). Pass them via the X-API-Key header:
curl https://htk-cloud-v4.enzu-agent.workers.dev/api/projects \
-H "X-API-Key: tk_key_abc123def456"Projects
List Projects
GET /api/projects
{
"projects": [
{
"id": "proj_abc123",
"name": "My App",
"url": "https://myapp.com",
"routes": ["/", "/login", "/api/health"],
"last_scan": "2026-03-31T10:00:00Z",
"health_score": 92,
"security_grade": "A",
"performance_grade": "B",
"status": "healthy"
}
]
}Create Project
POST /api/projects
{
"name": "My App",
"url": "https://myapp.com",
"routes": ["/", "/login"],
"schedule": "daily"
}Get Project
GET /api/projects/:id
Delete Project
DELETE /api/projects/:id
Test Results
Submit Scan Results
POST /api/test-engine/external-report
This is the endpoint used by CLI tools when using the --report flag.
{
"tool": "tk-scan",
"url": "https://myapp.com",
"score": 92,
"status": "PASS",
"duration": 1240,
"results": { ... }
}Get Results History
GET /api/projects/:id/results
Query parameters:
| Parameter | Type | Description |
|---|---|---|
tool | string | Filter by tool: tk-scan, tk-guard, tk-pulse, tk-flow, tk-eye |
limit | number | Number of results to return (default: 20, max: 100) |
offset | number | Pagination offset |
from | string | ISO 8601 start date filter |
to | string | ISO 8601 end date filter |
Get Single Result
GET /api/projects/:id/results/:resultId
Security Endpoints
Submit Guard Results
POST /api/guard/report
Get Guard Results
GET /api/projects/:id/guard
Performance Endpoints
Submit Pulse Results
POST /api/pulse
Get Performance History
GET /api/projects/:id/pulse
Flow Results
Submit Flow Results
POST /api/flow-results
Get Flow Results
GET /api/projects/:id/flows
Deploy Hooks
Trigger a Deploy Hook
POST /api/projects/:id/deploy-hook
Triggers all configured scans for the project. Useful for post-deployment validation.
curl -X POST https://htk-cloud-v4.enzu-agent.workers.dev/api/projects/proj_abc123/deploy-hook \
-H "X-API-Key: tk_key_abc123def456" \
-H "Content-Type: application/json" \
-d '{"commit": "abc1234", "branch": "main"}'Rate Limits
API requests are rate-limited per account based on your plan:
| Plan | Requests / Minute | Requests / Day |
|---|---|---|
| Free | 30 | 500 |
| Starter | 60 | 5,000 |
| Pro | 120 | 25,000 |
| Enterprise | 300 | 100,000 |
Rate limit headers are included in every response:
X-RateLimit-Limit: 120
X-RateLimit-Remaining: 117
X-RateLimit-Reset: 1711872060Error Codes
The API returns standard HTTP status codes with a JSON error body:
{
"error": {
"code": "RATE_LIMITED",
"message": "Rate limit exceeded. Try again in 42 seconds.",
"retry_after": 42
}
}| HTTP Status | Error Code | Description |
|---|---|---|
| 400 | BAD_REQUEST | Invalid request body or parameters |
| 401 | UNAUTHORIZED | Missing or invalid authentication |
| 403 | FORBIDDEN | Insufficient permissions for this action |
| 404 | NOT_FOUND | Resource not found |
| 409 | CONFLICT | Resource already exists |
| 429 | RATE_LIMITED | Too many requests |
| 500 | INTERNAL_ERROR | Server error (contact support) |