Programmatic Access

API Tokens

Use personal tokens to run Vibe Shield scans from CI, scripts, or other services. Tokens scope to your account and your governance policies.

Loading tokens…

Usage

POST /api/public/v1/scan with your token in the Authorization header. The response contains the verdict, top risk, and individual policy findings. Every call is recorded in your audit log.

curl -X POST https://shield-vibe-secure.lovable.app/api/public/v1/scan \
  -H "Authorization: Bearer vsh_xxx..." \
  -H "Content-Type: application/json" \
  -d '{
    "code": "const key = \"sk-1234567890\"",
    "agent_id": "ci-runner",
    "action": "pr.scan"
  }'