SDKs

Official PostQ SDKs

Submit scans, browse cryptographic assets and keys, and read results from the PostQ API in JavaScript, Python, and .NET. Same surface, idiomatic in each language, semver-stable.

Get an API key View on GitHub

JavaScript / TypeScript

Node 18+

npm install @postq/sdk

npm→Source →

Python

Python 3.9+

pip install postq-sdk

PyPI→Source →

.NET

.NET 8+

dotnet add package PostQ.Sdk

NuGet→Source →

Install

Pick your stack. The API surface is identical across all three.

install

npm install @postq/sdk

Quickstart: submit a scan

Send results from your own scanner, CI pipeline, or compliance script to PostQ. Get back a permalink and a deduplicated record in your dashboard.

submit a scan

import { PostQ } from "@postq/sdk";

const pq = new PostQ({ apiKey: process.env.POSTQ_API_KEY! });

const result = await pq.scans.submit({
  type: "url",
  target: "example.com",
  riskScore: 85,
  riskLevel: "High",
  findings: [
    { severity: "high", title: "RSA-2048 public key" },
  ],
});

console.log(result.url);

Set POSTQ_API_KEY to a pq_live_… key — contact us to request one.

List your scans

Single-page reads or auto-paginated streams over your entire scan history. Cursor-based, never reorders.

list scans

// Single page
const page = await pq.scans.list({ limit: 50 });
for (const scan of page.data) console.log(scan.target, scan.riskLevel);

// Auto-paginated stream
for await (const scan of pq.scans.iterAll()) {
  // ...
}

Typed errors

Every HTTP failure maps to a typed error class so you can catch exactly what you mean.

error handling

import { PostQAuthError, PostQRateLimitError } from "@postq/sdk";

try {
  await pq.scans.list();
} catch (err) {
  if (err instanceof PostQAuthError)      console.error("bad API key");
  else if (err instanceof PostQRateLimitError) console.error("slow down");
  else throw err;
}

API surface

Three SDKs, one shape.

Operation	JS / TS	Python	.NET
Submit a scan	pq.scans.submit(...)	pq.scans.submit(...)	pq.Scans.SubmitAsync(...)
List one page	pq.scans.list(...)	pq.scans.list(...)	pq.Scans.ListAsync(...)
Iterate all	pq.scans.iterAll()	pq.scans.iter_all()	pq.Scans.IterAllAsync()
Health check	pq.health()	pq.health()	pq.HealthAsync()

Tutorial: gate a CI build on quantum risk

Run a scan in GitHub Actions and fail the build if it finds a High/Critical issue. Same pattern works for GitLab CI, CircleCI, or any container.

.github/workflows/postq.yml

name: PostQ scan
on: [push, pull_request]

jobs:
  scan:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-node@v4
        with: { node-version: "20" }
      - run: npm install -g @postq/sdk tsx
      - run: tsx ./scripts/postq-scan.ts
        env:
          POSTQ_API_KEY: ${{ secrets.POSTQ_API_KEY }}

scripts/postq-scan.ts

import { PostQ } from "@postq/sdk";

const pq = new PostQ({ apiKey: process.env.POSTQ_API_KEY! });

const result = await pq.scans.submit({
  type: "url",
  target: process.env.SCAN_TARGET ?? "api.example.com",
  source: "ci-github-actions",
});

console.log("Scan:", result.url);

if (result.riskLevel === "Critical" || result.riskLevel === "High") {
  console.error(`::error::PostQ found ${result.riskLevel} crypto risk`);
  process.exit(2);
}

Ready to start scanning?

Grab an API key, install the SDK for your stack, and submit your first scan in under five minutes.

Get an API key Read API docs