Programmatic Access

API Tokens

Use personal tokens to run Lumiaxiom scans from CI, scripts, or other services. Tokens scope to your account and your governance policies.

Loading tokens…

Usage

POST /api/public/v1/scan with your token in the Authorization header. The response contains the verdict, top risk, and individual policy findings. Every call is recorded in your audit log.

curl -X POST https://shield-vibe-secure.lovable.app/api/public/v1/scan \
  -H "Authorization: Bearer vsh_xxx..." \
  -H "Content-Type: application/json" \
  -d '{
    "code": "const key = \"sk-1234567890\"",
    "agent_id": "ci-runner",
    "action": "pr.scan"
  }'