TachyonicTachyonic

API Reference

REST API for the Tachyonic platform

Base URL: https://api.tachyonic.sh/api/v1

Authentication

All API requests require authentication via one of:

MethodHeaderUse Case
API Keyx-api-key: tach_live_...CLI, CI/CD, scripts
Device TokenAuthorization: Bearer <jwt>CLI after tachyonic login
SessionBrowser sessionDashboard

Create API keys at platform.tachyonicai.com/settings.

Targets

Create Target

POST /targets
{
  "name": "Production API",
  "endpoint": "https://api.example.com/v1/chat/completions",
  "provider": "anthropic"
}

Response 201:

{
  "id": "f1df1a66-bf05-40f2-8b75-7aaf438815ae",
  "name": "Production API",
  "endpoint": "https://api.example.com/v1/chat/completions",
  "provider": "anthropic",
  "verified_at": null,
  "workspace_id": "..."
}

List Targets

GET /targets

Verify Domain

Before scanning external targets from the dashboard, verify ownership:

POST /targets/{id}/verify

Returns DNS TXT and HTTP verification instructions:

{
  "token": "tachyonic-verify-abc123...",
  "methods": {
    "dns": {
      "type": "TXT",
      "host": "_tachyonic-verify.api.example.com",
      "value": "tachyonic-verify-abc123..."
    },
    "http": {
      "url": "https://api.example.com/.well-known/tachyonic-verify.json",
      "body": { "token": "tachyonic-verify-abc123..." }
    }
  }
}

Check verification status:

GET /targets/{id}/verify

Scans

Submit Scan

POST /scans
{
  "target_id": "f1df1a66-...",
  "config": {
    "categories": ["prompt-injection", "tool-abuse"],
    "max_attacks": 48,
    "provider": "anthropic"
  }
}

Response 201:

{
  "id": "3297a21f-...",
  "status": "queued",
  "config": { ... },
  "kueue_job_name": "scan-3297a21f",
  "started_at": "2026-04-05T12:57:24Z"
}

List Scans

GET /scans

Get Scan

GET /scans/{id}

Cancel Scan

DELETE /scans/{id}

Returns 204 No Content. Terminates the running job.

Stream Events (SSE)

GET /scans/{id}/events

Returns Server-Sent Events. Initial event contains current status. Terminal events (completed, failed, cancelled) close the stream.

data: {"type":"status","data":{"status":"queued"}}

data: {"type":"status","data":{"status":"completed","summary":{"attack_count":88,"finding_count":2,"score":97}}}

Findings

List Findings

GET /findings

Query parameters: severity, verdict, target_id

Response:

{
  "findings": [
    {
      "id": "...",
      "attack_id": "filesystem_sandbox_escape",
      "category": "tool_abuse",
      "severity": "critical",
      "verdict": "confirmed",
      "confidence": 1.0,
      "raw_data": {
        "payload": "...",
        "response": "...",
        "triage": { ... }
      }
    }
  ],
  "total": 2
}

Rate Limits

PlanRequests/min
Free10
Pro60
Team120
Enterprise300

Rate limit headers: X-RateLimit-Limit, X-RateLimit-Remaining, Retry-After.

Errors

{
  "error": "Target domain not verified"
}
StatusMeaning
400Bad request / validation error
401Authentication required
403Forbidden (domain not verified, scope missing)
404Resource not found
429Rate limit exceeded
502Job submission failed

Agent Testing

Test CLI-based AI agents and remote agents via SSH

API Authentication

Authentication methods for the Tachyonic API

On this page

AuthenticationTargetsCreate TargetList TargetsVerify DomainScansSubmit ScanList ScansGet ScanCancel ScanStream Events (SSE)FindingsList FindingsRate LimitsErrors