API Reference
REST API endpoints, authentication, and SDK installation options for Sublyzer integrations.
SDK installation
You need your 24-character integration code from the dashboard (Integrations → your app). No secret API keys in the browser — just that code.
The SDK is not on npm. Install via the Windows wizard, a script tag, or download from the SDK Customizer.
A — Windows installer (.exe)
Easiest on Windows: paste your code, pick project folder + framework. Files are written for you.
- Download sublyzer-installer.exe
- Enter integration code → select project path → choose stack
- Click Install → run your app → see events in the dashboard (~60s)
B — Manual install
You place the files yourself — no npm package.
- CDN: one
<script>tag tohttps://www.sublyzer.com/sublyzer.js - Self-host: download from SDK Customizer, put
sublyzer.jsinpublic/sdks/ - Other languages: same Customizer → generated Python, PHP, Go, etc.
Manual — script tag (CDN)
<script src="https://www.sublyzer.com/sublyzer.js" data-integration-code="YOUR_24_CHAR_CODE" defer ></script>
Local dev: add data-api-url="http://localhost:3001"
Manual — download + self-host (Next.js / React)
1. Open SDK Customizer → paste code → Download (sublyzer.js + sublyzer.config.js)
2. Save to public/sdks/sublyzer.js
3. Add the script tag in your layout or HTML:
<script src="/sdks/sublyzer.js" data-integration-code="YOUR_24_CHAR_CODE" defer ></script>
Installer — what it does
The .exe downloads the same canonical sublyzer.js and writes it into your project (e.g. public/sdks/sublyzer.js) plus config snippets for your framework. Same files as the Customizer download.
Deep Scan (PRO) and Strike API are server-side — they do not ship inside the SDK. Full install guide (PT): repo docs/SDK-INSTALL.md.
Auth
Most dashboard and integration endpoints require a Bearer token from login or OAuth:
Authorization: Bearer YOUR_JWT_TOKEN
The browser SDK uses your public integration code only — never embed JWT secrets in client code.
Data collection (SDK)
SDKs send batched events to the collect endpoint. On www.sublyzer.com this is proxied as /api/accelerate; direct backend URL:
POST /data-collection/collect-batch
Content-Type: application/json
{
"integrationCode": "YOUR_24_CHAR_CODE",
"events": [ /* error, performance, pageview, ... */ ]
}Integrations
POST /integrations # create (auth required) GET /integrations/:id # details PATCH /integrations/:id # update settings DELETE /integrations/:id # remove
Agent (issues & health)
Ranked issues for the Security tab and Overview stats. See Agent guide.
GET /agent/issues?integrationId=ID&windowDays=7&limit=120 GET /agent/system-health?integrationId=ID&windowDays=7 GET /agent/project-profile?integrationId=ID
Agent Autonomous
GET /integrations/:id/auto-patcher/status POST /integrations/:id/auto-patcher/run PATCH /integrations/:id # config.autoPatcher in integration config
TestingAI
Start a headless TestingAI run (PRO):
POST /ai/swarm/run
Content-Type: application/json
Authorization: Bearer YOUR_TOKEN
{
"integrationId": "INTEGRATION_ID",
"agents": 8,
"targetUrl": "https://www.example.com",
"maxPages": 3,
"maxClicks": 10
}Webhooks
Configure outbound webhooks per integration in the dashboard. See the Webhooks guide for events, signatures, and retry policy.
# Your server receives POST JSON from Sublyzer POST https://your-app.com/webhooks/sublyzer X-Sublyzer-Signature: sha256=...
Admin (internal)
Admin-only endpoints (demo links, storage, test users) require isAdmin on the JWT.
GET /users/admin/demo-dashboard-link GET /users/admin/storage/stats POST /users/admin/storage/cleanup-cache
Need help? Join our Discord.