Tools API Documentation

Welcome to the Tools API documentation.

This documentation is written as a user guide for developers integrating with our public APIs and web interface. It covers authentication, request formats, response schemas, code examples, and token usage.

Support & Membership

Support Tools

Background guide for the public Ko-fi page, including what already exists on the platform today, why the running cost is growing, and how the six support levels are meant to be understood.

Support page: https://ko-fi.com/tornevall/
Includes: project direction, cost explanation, supporter guardrails, plain-language descriptions of all current membership tiers, and the AI Budget allocation table

View the Support Tools guide →

Legal

Privacy and data usage details: View Privacy Policy →

General platform terms: View Terms of Service →

API Reference

IRC Memory Lane - Log Search API

Search and retrieve IRC channel logs with advanced filtering. Perfect for integrating log data into other applications.

Authentication: API Key Bearer token
Rate Limiting: 60 requests/minute
Features: Full-text search, channel filtering, date ranges, user nicks

View IRC Log API Documentation →

Quick Start Guide (includes setup, basic + advanced examples): IRC Memory Lane API Guide →

RSS Feed Analytics - Category Analysis API

Generate AI-powered analyses of RSS feeds by category. ChatGPT identifies themes, narrative patterns, and behavioral trends in aggregated news content.

Authentication: Web session + permission:rss
Rate Limiting: 20 requests/minute (generation)
Caching: Automatic deduplication by content signature

View RSS Analytics API Documentation →

SMS Delivery API

Send SMS messages with callback tracking and delivery status updates.

Authentication: API Key or Bearer token
Rate Limiting: 300 requests/minute
Features: Template messages, delivery tracking, error handling

View SMS API Reference →

SMS Callback Responses (webhook responses): SMS Prefix Callback Guide →

Marvel MCU Timeline API

Search and retrieve Marvel Cinematic Universe data with chronological ordering and IMDB integration.

Authentication: Public (no auth required)
Rate Limiting: 300 requests/minute
Features: Timeline search, phase lookup, related content

View MCU API Documentation →

DNS Zone List API

Discover and query BIND DNS zones, retrieve zone metadata, and access DNS records.

Authentication: API Key Bearer token
Rate Limiting: 60 requests/minute
Features: Zone discovery, file paths, TSIG keys, record parsing

View DNS API Documentation →

DNSBL / FraudBL API

Real-time blocklist queries with bitmask support, DNS-first publication, commerce data mirroring, and DMARC intake for the DNSBL review queue.

Authentication: API Key or Bearer token
Rate Limiting: 9000 requests/minute
Features: Bitmask lookups, whitelist queries, data submission, DMARC report intake and review workflow

View DNSBL/FraudBL API Documentation →

DNSBL DMARC Review Queue

Admin-facing intake and review flow for DMARC aggregate reports before any reported IP is published to DNSBL.

Access: /admin/dnsbl/dmarc (admin review UI), POST /api/dnsbl/dmarc/report (intake endpoint)
Features: DMARC upload, duplicate-safe intake, normalized XML storage, per-source-IP review, publish-as-spam or publish-as-spam+fraud actions

View DNSBL DMARC Documentation →

Web UI Documentation

OpenAI / AI Engine

Internal AI engine dashboard for managing prompt profiles, testing prompts, and monitoring API usage.

Access: /admin/openai (requires permission:openai.manage)
Features: Profile management, model selection, token budgets, rate limiting, test interface

View OpenAI Engine Documentation →

Registration and account review

The public registration flow and the admin user list/editor now expose a small discovery signal so site owners can see how new people found Tools.

Access: /register for new signups, /users and /users/{user}/edit for admin review
Features: optional Where did you hear about us? field during signup, read-only admin visibility alongside the registration IP, included in the new-user notification mail

User mailouts and safe error pages

Admin-only service-message workflow for sending one message to selected groups of Tools users, plus safer generic browser error pages.

Access: /users/mailout from user management; administrators only
Features: recipient counts, AI helper draft, preview, dry run, test-send-to-self, support-address sender, required confirmation phrase for real sends, generic non-leaking error pages on public Tools hosts

View User Mailout Documentation →

API IP whitelist

Admin page for maintaining trusted IPv4 addresses and CIDR ranges that may bypass normal auth on supported API routes.

Access: /admin/security/api-ip-whitelist (admin web session)
Features: add, enable/disable, edit, and delete whitelist entries; optional endpoint scoping per entry

vBulletin Registration Flow & External Group Administration

Tools-managed registration flow for vBulletin communities, keeping invite/review state in Tools while the forum account itself still lives in vBulletin.

Access: /admin/security/vbulletin (requires vbulletin.manage), public registration pages under /vbulletin/onboarding/*
Features: registration configs, reusable invite/referral links plus one-time keys, public start + status pages, review queue, scoped forum-group grants/revokes, AJAX user search, hosted welcome/info banner script, ready-to-paste member widgets for vBulletin HTML blocks, and a clearer admin audit trail for registration activity

View vBulletin Registration Documentation →

View the condensed registration changelog →

View the invite-complete frontend hook guide →

Password Manager

Logged-in personal vault groundwork for encrypted login secrets, secure notes, and a cautious first payment-card storage slice.

Access: /password-manager (logged-in web users only)
Features: encrypted per-user vault entries, no extra permission gate, login/secure-note/payment-card entry types, explicit CVV/CVC refusal

View Password Manager Documentation →

SocialGPT Chrome Extension

Browser-wide AI assistant extension for Toolbox replies, fact-checking, Facebook admin workflows, and SoundCloud capture.

Access: Chrome extension popup / browser context menus
Features: Browser-wide AI mode, selection overlays, Facebook admin statistics opt-in, SoundCloud insights capture

View SocialGPT Chrome Extension Documentation →

X Mention Bot / ToolGPT

Public-facing X/Twitter bot identity backed by the Tools-side X mention/reply system.

Access: public guide under /docs/en/x-bot; admin control room under /admin/social-media-tools/x-bot
Features: mention polling, watch keywords, dry-run candidate replies, manual approval flow, thread-context capture, public FAQ, prompt-transparency notes, ToolGPT identity notes

View X Mention Bot Documentation →

View the public ToolGPT changelog →

RSS Watch - Feed Viewer

Web-based RSS aggregator with categorization, feed source management, and inline editing.

Access: /rss (requires permission:rss)
Features: Feed management, category views, AI analytics, search

View RSS Watch Documentation →

Playwright Guide

Focused how-to guide for using Playwright in Tools through stored admin scripts, browserbot.sh, and the project E2E test runner.

Access: Browser Automation admin under /admin/browser-automation and Playwright E2E admin under /admin/browser-automation/playwright
Features: stored scripts, persistent profiles, record/open helper flows, shell wrapper usage, E2E runs, first-time setup checklist

View Playwright Guide →

Microsoft To Do

Personal Microsoft To Do integration for authenticated users, with bidirectional sync and authenticated API access.

Access: /settings/integrations/microsoft-todo (requires login)
Features: OAuth connect, list/task management, immediate sync, authenticated /api/microsoft-todo/* endpoints

View Microsoft To Do Documentation →

Whisper Transcriptions

Queued media transcription service with owner/admin progress visibility in both web UI and API.

Access: /whisper (requires permission:whisper.use)
Features: URL queueing, stage progress, retries/failures, owner/admin visibility, authenticated /api/whisper/*

View Whisper Documentation →

Menstrual Tracking

Personal cycle tracking UI for authenticated users, now with optional reminder SMS and parent alerts.

Access: /menstrual-tracking (requires login)
Features: birth date and first-start profile, smarter gap-aware cycle registration, estimated next cycle date, optional SMS reminders, and parent alerts

View Menstrual Tracking Documentation →

My Profile

Personal account settings and service overview page for authenticated users.

Access: /users/profile (requires login)
Features: update name/email, save mobile number, set/change password, use the login page's forgot-password/reset flow, manage Google account linking, link child accounts, and jump directly to available service settings

View My Profile Documentation →

Online Sessions

Live overview of current Tools visitors, split into logged-in users, guests, and likely bots.

Access: public /online, admin detail view under /admin/security/online-users
Features: separate bot/guest/user counters, grouped live session detail for admins, an admin-managed IP/CIDR whitelist that can hide trusted internal traffic from the live online counters, and configurable user-agent bot rules for classifying internal tools/automation clients as bots everywhere those counters are shown

vBulletin Onboarding

Slug-based public onboarding flow with invite keys, status pages, delegated key creators, and scoped forum-group approval.

Access: public onboarding under /vbulletin/onboarding, admin management under /admin/security/vbulletin, delegated key creation under /vbulletin/onboarding/keys
Features: slug-only and slug+key onboarding URLs, status pages, scheduled forum-account matching, optional auto-approve, per-config invite-key delegation, and optional per-key success redirects

View vBulletin Onboarding Documentation →

Snöbollseffekten – how do I get in?

Step-by-step screenshot walkthrough for the existing-account-first onboarding variant used by Snöbollseffekten.

Access: public guide under /docs/en/snobollseffekten
Features: screenshots for the onboarding page, forum registration, invite-code field, final onboarding action, and the status page

View the Snöbollseffekten guide →

Snöbollseffekten vBulletin integration

Technical note for the Snöbollseffekten-specific vBulletin header hook, route handling, logo swap, and member widgets.

Access: public guide under /docs/en/snobollseffekten-vbulletin-integration
Features: /snowball to /snowball/forum redirect rules, header-based logo replacement, early logo-hide CSS, preload/preconnect hints, Tools bundle loading, and member-widget notes for latest-member.js plus member-count.js

View the Snöbollseffekten vBulletin integration note →

OAuth Endpoints (Slack + SoundCloud)

Reference for OAuth start/callback endpoints, plus Slack redirect URL guidance.

Access: Web routes under /oauth/*
Includes: Slack start/callback/callback-url, SoundCloud start/callback

View OAuth Endpoints Documentation →

Authentication & Tokens

API Key Authentication

Used for server-to-server requests to public APIs:

Authorization: Bearer sk-YOUR_API_KEY_HERE

Where to find your key:

Log in to Tools
Navigate to My API Keys (/keys/mine)
Create or copy an existing key

Web Session Authentication

Used for browser-based requests to protected endpoints:

Automatic via browser cookies
Requires permission:rss, permission:openai.manage, etc.

Tools AI Bearer Tokens

Special tokens for AI-specific operations:

Authorization: Bearer YOUR_TOOLS_AI_TOKEN

Usage: /api/ai/url/analyze and similar AI endpoints

Quick Reference

Feature	Endpoint	Auth	Rate Limit
IRC Search	`POST /api/irclog/search`	API Key	60/min
RSS Analytics	`POST /feed-admin/analytics/generate`	Web Session	20/min
SMS Send	`POST /api/sms/send`	API Key	300/min
MCU Search	`GET /api/mcu/timeline`	Public	300/min
DNS Query	`GET /api/dns/zones`	API Key	60/min
DNSBL Query	`POST /api/dnsbl/query`	API Key	9000/min

Error Handling

All APIs follow standard HTTP status codes:

200 OK - Request successful
400 Bad Request - Invalid parameters or validation error
401 Unauthorized - Missing or invalid authentication
403 Forbidden - Authenticated but missing required permissions
429 Too Many Requests - Rate limit exceeded
500 Internal Server Error - Server-side error

Error Response Format

{
  "ok": false,
  "error": "Human-readable error message",
  "error_code": "VALIDATION_ERROR"
}

Tools Environment

Tools supports multiple domains using a single .env configuration by detecting the current request host.

Production: https://tools.tornevall.net
Development: https://tools.tornevall.com
Local: http://localhost:8000

Changelog

For recent changes and new features: View Changelog →

Last Updated: 2026-05-19 API Version: v1

Tornevall Networks