Documentation
Learn how to integrate external scanners and gateways with Quantok
Quantok is a management and visualization platform for post-quantum security tooling. The actual scanning and gateway operations happen in external services that you deploy and manage on your infrastructure.
┌──────────────────────────────────────────────────────────────┐
│ Your Infrastructure │
│ ┌─────────────┐ ┌─────────────┐ ┌─────────────────────┐ │
│ │ pqcscan │ │ tlsx │ │ SSLyze │ │
│ │ scanner │ │ scanner │ │ scanner │ │
│ └──────┬──────┘ └──────┬──────┘ └──────────┬──────────┘ │
│ │ │ │ │
│ └────────────────┼─────────────────────┘ │
│ │ │
│ ▼ │
│ ┌───────────────────────────────────────────────────────┐ │
│ │ Quantok Shield Gateways │ │
│ │ (Envoy + OpenSSL + oqs-provider) │ │
│ └───────────────────────────────────────────────────────┘ │
└──────────────────────────────────────────────────────────────┘
│
│ Webhooks (HTTPS)
▼
┌──────────────────────────────────────────────────────────────┐
│ Quantok Platform │
│ ┌─────────────┐ ┌─────────────┐ ┌─────────────────────┐ │
│ │ Discover │ │ Shield │ │ Detect │ │
│ │ Dashboard │ │ Dashboard │ │ Dashboard │ │
│ └─────────────┘ └─────────────┘ └─────────────────────┘ │
│ │ │
│ ▼ │
│ ┌───────────────────────┐ │
│ │ Supabase (Postgres)│ │
│ └───────────────────────┘ │
└──────────────────────────────────────────────────────────────┘pqcscan
Rust tool to scan TLS/SSH services for post-quantum cryptography algorithm support. Detects PQ key exchange and signature algorithms.
tlsx
Fast TLS grabber from Project Discovery. Collects TLS metadata including versions, cipher suites, and certificate information.
SSLyze
Python-based TLS/SSL configuration analyzer. Comprehensive scanning of TLS endpoints with detailed reporting.
liboqs
Open Quantum Safe C library implementing post-quantum key encapsulation and signature algorithms. Core dependency for all OQS tools.
liboqs-python
Python bindings for liboqs. Used by Python-based services for PQ key generation and cryptographic operations.
oqs-provider
OpenSSL 3 provider enabling post-quantum and hybrid TLS. Core component of Quantok Shield gateways.
oqs-demos
Reference implementations and demos for OQS integration. Quantok uses hardened variants of these deployments.
/api/webhooks/scan-resultsSubmit scan results from pqcscan, tlsx, or sslyze
Request Body:
{
"scan_job_id": "uuid",
"source": "pqcscan" | "tlsx" | "sslyze",
"raw_json": { ... },
"api_key": "qtk_..."
}/api/webhooks/gateway-metricsSubmit telemetry from Quantok Shield gateways
Request Body:
{
"gateway_id": "uuid",
"api_key": "qtk_...",
"time_bucket": "2024-01-15T10:00:00Z",
"requests_total": 1000,
"pq_handshakes": 500,
"hybrid_handshakes": 300,
"classical_only_handshakes": 200,
"avg_latency_ms": 15.5
}/api/webhooks/alertsCreate security alerts from external monitoring
Request Body:
{
"project_id": "uuid",
"api_key": "qtk_...",
"alert_type": "hndl_exposure",
"severity": "critical" | "high" | "medium" | "low" | "info",
"message": "Alert description",
"source": "pqcscan",
"details_json": { ... }
}All webhook requests must include an api_key field in the request body. API keys can be created in the dashboard under Settings → API Keys.
Example Request
curl -X POST https://your-quantok.vercel.app/api/webhooks/scan-results \
-H "Content-Type: application/json" \
-d '{
"scan_job_id": "550e8400-e29b-41d4-a716-446655440000",
"source": "pqcscan",
"raw_json": {"pq_support": true, "algorithms": ["ML-KEM-768"]},
"api_key": "qtk_abc123def456..."
}'