Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.tumban.com/llms.txt

Use this file to discover all available pages before exploring further.

Base URL

https://api.tumban.com
All v2 endpoints are mounted under /api/v2.

Authentication

Every request requires an Authorization: Bearer <token> header. 
Authorization: Bearer sk_<64-hex-string>
See Authentication for the full description.

Content type

Request and response bodies are JSON. Send Content-Type: application/json on POST and PATCH.

Error envelope

Errors return a JSON object with a detail field: 
{ "detail": "Invalid or revoked API key" }
Validation errors (HTTP 422) return a list of failed fields under detail: 
{
  "detail": [
    {
      "field": "profile_url",
      "msg": "Input should be a valid URL",
      "type": "url_parsing"
    }
  ]
}
See Errors for the status-code reference.

Async processing

Endpoints that submit work (/scan, /batch) return immediately with a status of processing and an estimated completion time. The final result is delivered either by webhook to your callback_url or by polling GET /api/v2/scans/{scan_id}.

Tenancy

Every request is scoped to the organization that owns the credential. You cannot read or list resources from another organization.