Authentication
Depending on deployment, public tool endpoints can run without login or with a bearer token. Stored reports, exports and higher limits are intended to use an API/user token.
Authorization: Bearer <token>
Accept: application/jsonPublic API
Balou Tools API
Use the Balou Tools diagnostic engine programmatically for DNS, security, performance and domain-health workflows.
Rate limits
Production integrations should respect 429 responses, evaluate Retry-After and cache results. Diagnostic tools can load external targets and are deliberately rate-limited.
HTTP/1.1 429 Too Many Requests
Retry-After: 60Example endpoints
GET
/api/tools/dns-check/{domain} DNS records, SPF/DMARC and mail-related DNS signals
GET
/api/tools/security-header-check?url={url} HTTP security headers, score and findings
GET
/api/tools/pagespeed-check?url={url} PageSpeed/Core Web Vitals report
GET
/api/tools/domain-health/{domain} Aggregated DNS, SSL, headers, performance and mail health
GET
/api/tools/redirect-check?url={url} Redirect chain and hop timings
GET
/api/reports/{reportId}/export?format=json Stored report export when report IDs are enabled
Example requests
curl -H "Accept: application/json" \
"https://balou.tools/api/tools/security-header-check?url=https%3A%2F%2Fexample.com"
curl -H "Authorization: Bearer $BALOU_TOKEN" \
"https://balou.tools/api/tools/domain-health/example.com"Note: This API documentation describes the stabilized public contract. Internal admin and AI endpoints are not part of this public API.