TachyonicTachyonic

API Authentication

Authentication methods for the Tachyonic API

API Keys

Create keys at platform.tachyonicai.com/settings.

curl -H "x-api-key: tach_live_..." https://api.tachyonic.sh/api/v1/scans

Keys are scoped to a workspace. Available scopes:

ScopeDescription
scan:readList and view scans
scan:writeSubmit and cancel scans
target:readList and view targets
target:writeCreate targets
target:manageUpdate, delete, verify targets
finding:readList and view findings

Device Flow (CLI)

The CLI uses OAuth device flow for interactive login:

tachyonic login
  1. CLI requests a device code from the platform
  2. User opens a browser URL and approves
  3. CLI polls until approved, receives a JWT
  4. JWT is stored locally and refreshed automatically

Headless / CI

For non-interactive environments, use an API key:

tachyonic login --platform-api-key tach_live_...

Session Auth (Dashboard)

The dashboard uses browser session authentication. No manual setup required — sign in at platform.tachyonicai.com.

Token Refresh

Device flow JWTs are automatically refreshed before expiry. If a token expires, run tachyonic login again.

API Reference

REST API for the Tachyonic platform

Platform Guide

Using the Tachyonic dashboard for scan management, findings review, and team collaboration

On this page

API KeysDevice Flow (CLI)Headless / CISession Auth (Dashboard)Token Refresh