Developer docs

Convurter API access.

Convurter API access uses account-managed keys for temporary jobs, public lookup reports, usage, credits, webhooks, and read-only MCP access. Browser-local tools remain browser-local.

Runtime boundaries

Available API areas

Browser-local tools stay browser-local. API access is for account, lookup, and temporary job workflows that are designed for server processing.

Browser-local tools: converters, inspectors, formatters, packet manifests, image prep, citation cleanup, and CSV review run in the user’s browser.
Lookup tools: DNS, RDAP-style domain review, SSL, redirects, HTTP headers, security headers, MX, SPF, and DMARC use public network records and responses.
Temporary jobs: PDF, Office, OCR, HEIC, and HTML-to-PDF jobs are capped, reviewed, expiring file workflows.

Lookup concept

Lookup API shape

Lookup endpoints are for narrow public-record and public-response checks only. They do not scan private networks, crawl authenticated pages, store user content, or make security certification claims.

{
  "toolId": "security-headers-checker",
  "input": { "url": "https://example.com" },
  "result": {
    "ok": true,
    "summary": "Security header review completed.",
    "warnings": ["missing-content-security-policy"]
  }
}

Errors

Error and failure envelope

API errors use consistent failure classes for unsupported input, encrypted files, timeouts, unsafe input, unavailable processors, output validation, and quality limits.

Lookup failures: invalid input, unreachable host, timeout, blocked/private target, malformed response, or rate limit.
Temporary job failures: unsupported format, encrypted input, file too large, page limit, engine unavailable, unsafe input, timeout, or output validation failure.
Privacy rule: logs and telemetry should use route, tool ID, failure class, status, file count, and size buckets instead of raw user content.

Limits

Rate limits, quotas, and deletion

Signed-in accounts manage API keys, billing, credits, webhooks, and MCP access. API keys authenticate REST and MCP requests.

Uploads: POST /v1/uploads creates a quarantine upload session with upload and delete tokens.
Jobs: POST /v1/jobs creates a checked temporary job from an upload session. Job status and result download preparation require the issued job access token.
Billing: POST /v1/billing/checkout creates a Stripe Checkout subscription session and POST /v1/account/billing/portal creates a customer portal session for signed-in accounts.
API keys: signed-in accounts create keys from POST /v1/account/api-keys. Raw keys are shown once and are not stored.
Credits: Stripe subscription and invoice webhooks sync account status and monthly credit grants.
MCP: POST /mcp is authenticated with the same bearer API keys and limited to read-only lookup/report tools.
OpenAPI: GET /openapi.json describes implemented routes.

API setup MCP docs Runtime modes Current limits Delete and expiring jobs Server-job tools