API Reference

REST API endpoints, authentication, and SDK installation options for Sublyzer integrations.

SDK installation

You need your 24-character integration code from the dashboard (Integrations → your app). No secret API keys in the browser — just that code.

The SDK is not on npm. Install via the Windows wizard, a script tag, or download from the SDK Customizer.

A — Windows installer (.exe)

Easiest on Windows: paste your code, pick project folder + framework. Files are written for you.

  1. Download sublyzer-installer.exe
  2. Enter integration code → select project path → choose stack
  3. Click Install → run your app → see events in the dashboard (~60s)

B — Manual install

You place the files yourself — no npm package.

  • CDN: one <script> tag to https://www.sublyzer.com/sublyzer.js
  • Self-host: download from SDK Customizer, put sublyzer.js in public/sdks/
  • Other languages: same Customizer → generated Python, PHP, Go, etc.

Manual — script tag (CDN)

<script
  src="https://www.sublyzer.com/sublyzer.js"
  data-integration-code="YOUR_24_CHAR_CODE"
  defer
></script>

Local dev: add data-api-url="http://localhost:3001"

Manual — download + self-host (Next.js / React)

1. Open SDK Customizer → paste code → Download (sublyzer.js + sublyzer.config.js)
2. Save to public/sdks/sublyzer.js
3. Add the script tag in your layout or HTML:

<script
  src="/sdks/sublyzer.js"
  data-integration-code="YOUR_24_CHAR_CODE"
  defer
></script>

Installer — what it does

The .exe downloads the same canonical sublyzer.js and writes it into your project (e.g. public/sdks/sublyzer.js) plus config snippets for your framework. Same files as the Customizer download.

Deep Scan (PRO) and Strike API are server-side — they do not ship inside the SDK. Full install guide (PT): repo docs/SDK-INSTALL.md.

Auth

Most dashboard and integration endpoints require a Bearer token from login or OAuth:

Authorization: Bearer YOUR_JWT_TOKEN

The browser SDK uses your public integration code only — never embed JWT secrets in client code.

Data collection (SDK)

SDKs send batched events to the collect endpoint. On www.sublyzer.com this is proxied as /api/accelerate; direct backend URL:

POST /data-collection/collect-batch
Content-Type: application/json

{
  "integrationCode": "YOUR_24_CHAR_CODE",
  "events": [ /* error, performance, pageview, ... */ ]
}
Integrations
POST   /integrations          # create (auth required)
GET    /integrations/:id      # details
PATCH  /integrations/:id      # update settings
DELETE /integrations/:id      # remove
Agent (issues & health)

Ranked issues for the Security tab and Overview stats. See Agent guide.

GET /agent/issues?integrationId=ID&windowDays=7&limit=120
GET /agent/system-health?integrationId=ID&windowDays=7
GET /agent/project-profile?integrationId=ID
Agent Autonomous
GET  /integrations/:id/auto-patcher/status
POST /integrations/:id/auto-patcher/run
PATCH /integrations/:id   # config.autoPatcher in integration config
TestingAI

Start a headless TestingAI run (PRO):

POST /ai/swarm/run
Content-Type: application/json
Authorization: Bearer YOUR_TOKEN

{
  "integrationId": "INTEGRATION_ID",
  "agents": 8,
  "targetUrl": "https://www.example.com",
  "maxPages": 3,
  "maxClicks": 10
}
Webhooks

Configure outbound webhooks per integration in the dashboard. See the Webhooks guide for events, signatures, and retry policy.

# Your server receives POST JSON from Sublyzer
POST https://your-app.com/webhooks/sublyzer
X-Sublyzer-Signature: sha256=...
Admin (internal)

Admin-only endpoints (demo links, storage, test users) require isAdmin on the JWT.

GET  /users/admin/demo-dashboard-link
GET  /users/admin/storage/stats
POST /users/admin/storage/cleanup-cache

Need help? Join our Discord.