Mecanik API
Security analysis and developer utility endpoints. Simple REST API with pay-per-use credits.
AI-Powered Tools
AI Code Review
Analyze code for security vulnerabilities, bugs, performance issues and best practices. Returns structured findings with severity ratings and a quality score.
/tools/ai-code-reviewAI Content Summarizer
Summarize any text into a concise overview with key points, keywords, tone analysis, and estimated reading time.
/tools/ai-content-summarizeAI SEO Tag Generator
Generate optimized title tag, meta description, Open Graph tags, keywords, slug suggestion, and actionable SEO tips from page content.
/tools/ai-seo-generateAI Translator
Translate text into any target language with automatic source detection. Returns the translation, detected language, and notes.
/tools/ai-translateAI Chat / Completion
General-purpose chat completion. Send a messages array or a single prompt with optional system prompt, temperature, and max tokens.
/tools/ai-chatAI Image Generator
Generate an image from a text prompt, returned as a base64 data URL. Powered by Flux 1 Schnell.
/tools/ai-image-generateAI Data Extraction
Extract structured data from unstructured text. Specify the fields or a JSON shape, or auto-extract common entities.
/tools/ai-extractAI Alt-Text Generator
Generate accessibility alt text and a description for an image (URL or base64) using a vision model.
/tools/ai-alt-textAI Content Moderation
Classify text against safety categories with per-category scores and an allow/review/block verdict.
/tools/ai-moderationSecurity & Website Analysis
Security Headers Scanner
Analyze HTTP security headers - HSTS, CSP, X-Frame-Options, Permissions-Policy. Letter grade (A+ to F) with recommendations.
/tools/security-headersSSL/TLS Checker
Verify SSL/TLS configuration, HSTS enforcement, HTTP-to-HTTPS redirect, and TLS version.
/tools/tls-checkTechnology Detector
Detect CMS, frameworks, CDN, analytics, and 35+ technology signatures behind any website.
/tools/tech-detectSEO Analyzer
Meta tags, Open Graph, structured data, canonical URL, robots directives, and 15+ on-page SEO factors.
/tools/seo-analyzeDNS Lookup
Query A, AAAA, MX, TXT, CNAME, NS, SOA, SRV, and CAA records via Cloudflare DNS-over-HTTPS.
/tools/dns-lookupOpenAPI / Swagger Validator
Validate an OpenAPI 3.x or Swagger 2.0 spec (JSON or YAML) from a URL or inline. Structured errors, warnings, path/operation/schema counts, and an optional breaking-change diff against a previous version.
/tools/openapi-validateSubdomain Finder
Enumerate a domain's subdomains via Certificate Transparency logs (crt.sh + CertSpotter), then resolve a sample to flag which are live. Passive, no scanning.
/tools/subdomain-finderExposed Files Scanner
Scan a site for commonly-exposed sensitive files (.env, .git/config, backups, server-status, and more) with severity ratings and soft-404 detection. For sites you own.
/tools/exposed-filesEmail Tools
Email Deliverability
Check MX, SPF, DKIM (9 selectors), and DMARC for any domain. Deliverability score and grade.
/tools/email-deliverabilityEmail Validator
Detect disposable, temporary, and throwaway email addresses with high accuracy. Returns a 0-100 risk score with verdict and signal codes.
/tools/email-validatorEmail Validator (Bulk)
Validate up to 10 email addresses in a single request. Domains are deduplicated and analyzed in parallel. Returns per-email verdicts with aggregate counts.
/tools/email-validator-bulkEmail Spam Checker
Score an email subject and body against common spam-filter heuristics (trigger words, shouting, link ratios, URL shorteners, missing unsubscribe, hidden text). Returns a spam score, inbox-likelihood, and fixes. Rule-based, no AI.
/tools/email-spam-checkEmail Header Analyzer
Parse raw email headers into a structured summary: the Received hop timeline with per-hop delays, SPF/DKIM/DMARC results, spam-filter headers, and notable flags.
/tools/email-header-analyzerBlacklist (DNSBL) Check
Check a domain or IP against well-known DNS blacklists (Spamhaus, SpamCop, SORBS, Barracuda, and more). Resolves a domain's IPs and checks each, plus domain-based lists.
/tools/email-blacklist-checkDeveloper Utilities
QR Code Generator
Generate QR codes as SVG or Base64 PNG. Custom size, foreground and background colors.
/tools/qr-generatePlaceholder Image
SVG placeholder images with custom dimensions, colors, and text via query string.
/tools/placeholder-imageHash Generator
Compute SHA-1, SHA-256, SHA-384, SHA-512, and MD5 hashes using the Web Crypto API.
/tools/hash-generateJWT Decoder
Decode JWT headers and payloads, analyze expiration, issuer, algorithm, and security warnings.
/tools/jwt-decodePassword Strength
Entropy calculation, pattern detection, dictionary checks, keyboard patterns, crack-time estimation.
/tools/password-strengthCron Explainer
Parse cron expressions into human-readable descriptions with the next N scheduled run times.
/tools/cron-explainLLM Token Counter & Cost
Estimate token usage and USD cost for any text across 25+ models (GPT-5.x, Claude 4.x, Gemini 3.x, Grok, DeepSeek, Mistral, Llama, Qwen). Single model, multi-model, and optional output-token costing.
/tools/token-counterJSON to Schema & Code
Turn a JSON sample into JSON Schema, TypeScript interfaces, Go structs, Pydantic models, Rust serde structs, and Kotlin data classes. Pick your targets.
/tools/json-to-codePremium Reports
Website Audit
One-call bundled report: security headers, TLS, technology, SEO, and DNS combined into a single scored report with an overall grade. Cheaper than running each separately.
/tools/website-auditPerformance Audit
Server response time, transfer size, compression, caching, and resource counts with a 0-100 score and actionable findings.
/tools/performance-auditBroken Link Checker
Crawl a page's links (up to 50) and report which are broken, with status codes. Every link is SSRF-validated before checking.
/tools/broken-link-checkerCarbon Footprint
Estimate the CO2 emitted per page visit using the Sustainable Web Design model, with a rating versus the global median and an annual projection.
/tools/carbon-footprintDiscord Tools
Snowflake Decoder
Decode a Discord snowflake ID into its creation timestamp plus the internal worker, process, and increment values.
/tools/discord-snowflake-decodeTimestamp Generator
Generate Discord dynamic timestamp markup (<t:unix:style>) that renders in each viewer's local timezone. Returns every style.
/tools/discord-timestampEmbed Builder
Validate and normalize Discord embeds against every limit (title, description, 25 fields, 6000 chars, 10 embeds). Returns a ready-to-send payload.
/tools/discord-embed-buildPermissions Calculator
Convert a Discord permissions bitfield to its permission names, or names back to the combined 64-bit bitfield.
/tools/discord-permissions-calcGateway Intents Calculator
Calculate the Gateway intents bitfield from intent names, or decode a value to names. Flags the privileged intents.
/tools/discord-intents-calcBot Invite URL Builder
Build a Discord OAuth2 bot-invite / authorization URL from a client ID, with optional permissions, scopes, and pre-selected guild.
/tools/discord-bot-inviteCDN URL Resolver
Build and validate Discord CDN asset URLs: avatars, icons, banners, emojis, stickers, and default avatars. Auto-detects animated assets.
/tools/discord-cdn-resolveMessage Moderation
AutoMod-style moderation for a message: invite links, mass mentions, caps, emoji/char spam, zalgo, and scam phrases. Returns a risk score and recommended action.
/tools/discord-moderateText Sanitizer
Make untrusted text safe to echo in a message: neutralize @everyone/@here and raw mentions, escape markdown, and strip invisible/bidi/control characters.
/tools/discord-text-sanitizeSlash Command Validator
Validate a slash/application-command definition against all Discord rules: name format, description lengths, option types and ordering, choices, nesting, and the 4000-character budget.
/tools/discord-command-validateDeveloper Resources
Simple, Pay-As-You-Go Pricing
Every new account receives 100 free credits. No credit card required.
50 security scans or 250 utility calls. Great for trying out the API.
Buy Credits300 security scans or 1,500 utility calls. Perfect for regular usage.
Buy Credits1,000 security scans or 5,000 utility calls. Best value for heavy use.
Buy CreditsHow It Works
Create a Free Account
Sign up at members.mecanik.dev. You receive 100 free API credits immediately.
Generate an API Token
Go to the Security page in your dashboard and create a Bearer token for authentication.
Purchase Credits
Visit the Credits page to buy a credit pack via Stripe. Credits never expire.
Make API Calls
Call any endpoint at https://api.mecanik.dev/v1/client/{uuid}/tools/{endpoint} with your Bearer token.
Why Mecanik API
Low Latency Worldwide
Cloudflare Workers - no cold starts, sub-100ms response times globally.
Structured JSON
Consistent { result, success, errors } format. Easy to parse in any language.
No Subscriptions
Pay only for what you use. No recurring charges, no rate-tier commitments.
Secure by Default
Bearer token auth with hashed storage. HTTPS only. Full SSRF protection.
Credits Never Expire
Purchase once, use at your own pace. No monthly resets or use-it-or-lose-it.
Instant Checkout
Buy credits via Stripe in seconds. Balance updated immediately.
Frequently Asked Questions
How do I authenticate API requests?
Include your Bearer token in the Authorization header:
1Authorization: Bearer YOUR_API_TOKEN
Your account UUID is part of the endpoint URL: https://api.mecanik.dev/v1/client/{uuid}/tools/...
What happens when I run out of credits?
API calls that require more credits than your balance will return a 402 Payment Required response with a message telling you how many credits are needed and a link to purchase more.
Do credits expire?
No. Credits never expire. Purchase them whenever you need them and use them at your own pace.
What is the rate limit?
API calls are subject to general rate limiting to prevent abuse. Normal usage patterns will not trigger rate limits. If you need higher throughput, contact support.
Can I see my remaining credit balance?
Yes. Use the GET /v1/client/{uuid}/account/credits endpoint, or check your balance on the members dashboard
.
What response format do endpoints use?
All endpoints return JSON with this structure:
1{
2 "result": { ... },
3 "success": true,
4 "errors": []
5}
On failure, success is false and errors contains an array of { code, message } objects.
Start Building With the Mecanik API
Create a free account, grab your API token, and make your first call in under a minute.
Get StartedBy using the Mecanik API you agree to our API Terms & Acceptable Use Policy and Privacy Policy.