Developer Platform
ReformCode exposes CODE and REFORM as a developer platform, not just a web app. Use API keys to connect IDE extensions, CI jobs, internal CLIs, partner automations, repository scanners, and workflow bots to the same analysis and transform surfaces users access in the product.
What You Can Build
- VS Code-style workflow bridges: authenticate once, then send code to analysis, transform, validation, and repo workflows.
- CI and PR automation: run ReformCode analysis before merge, summarize risk, and fail builds when quality gates are missed.
- Internal starter factories: call REFORM to transform or white-label a repo, then continue in CODE for edits, preview, Git, and deploy.
- Partner integrations: embed ReformCode evidence, badges, trust data, and streamed intelligence into external developer products.
API Keys
Create keys from Settings → Developers. Each key has a name, scope list, one-year default expiry, status, preview, last-used timestamp, and revocation action. Full tokens are only returned once.
API keys can be sent either way:
Authorization: Bearer rc_live_...
x-api-key: rc_live_...
Available scopes:
api:v1
account:read
search:read
analysis:write
transform:write
workspace:write
Account API
Browser-session authenticated users can manage keys through the account API:
curl -X GET "https://reformcode.com/api/account/api-keys" \
-H "Cookie: reformcode_session=..."
curl -X POST "https://reformcode.com/api/account/api-keys" \
-H "Content-Type: application/json" \
-H "Cookie: reformcode_session=..." \
-d '{
"name": "CI release gate",
"scopes": ["api:v1", "analysis:write", "transform:write", "workspace:write"],
"ttlDays": 365
}'
curl -X DELETE "https://reformcode.com/api/account/api-keys/key_id" \
-H "Cookie: reformcode_session=..."
The POST response includes a one-time token. Store it in your CI secret manager or local IDE secret storage immediately.
First API Calls
Health and public search are safe connectivity checks:
curl "https://reformcode.com/api/v1/health"
curl "https://reformcode.com/api/v1/search?q=nextjs&sources=github,npm&limit=5" \
-H "x-api-key: $REFORMCODE_API_KEY"
Analysis uses Server-Sent Events:
curl -N "https://reformcode.com/api/v1/analyze/stream" \
-H "Authorization: Bearer $REFORMCODE_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"code": "function add(a, b) { return a + b }",
"language": "javascript",
"prompt": "Review correctness, security, maintainability, and tests."
}'
Transform uses the REFORM transform contract:
curl -N "https://reformcode.com/api/v1/transform/stream" \
-H "Authorization: Bearer $REFORMCODE_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"request": {
"code": "export default function Page(){ return <h1>Hello</h1> }",
"sourceLanguage": "tsx",
"targetLanguage": "tsx",
"conversionCategory": "snippet",
"instructions": "Modernize this component and add accessibility notes."
}
}'
Trust Graph and Code Genome intelligence is available publicly for adoption, comparison, and replacement workflows:
curl "https://reformcode.com/api/trust/network?kind=package&target=react"
curl "https://reformcode.com/api/trust/network?kind=comparison&target=package:react..vs..package:vue..vs..package:svelte"
The response keeps the TrustNetworkSnapshot fields at the top level and adds codeGenome for rank, percentile, forecasts, recommendations, and moat signals.
Local IDE Bridge
VS Code and local IDE clients can push a workspace into CODE with API-key auth. The endpoint creates a persisted builder session, returns a CODE URL, returns a VS Code deep link, and writes /.reformcode/local-ide-bridge.json into the synced workspace.
curl -X POST "https://reformcode.com/api/workspace/sync" \
-H "Authorization: Bearer $REFORMCODE_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"name": "local-starter",
"source": "vscode",
"localRootName": "local-starter",
"branchName": "feature/reform",
"remoteUrl": "https://github.com/acme/local-starter.git",
"files": {
"/package.json": "{\"name\":\"local-starter\"}",
"/src/App.tsx": "export default function App(){ return <main>Ready</main> }"
}
}'
The bridge requires the workspace:write scope for API-key calls. It intentionally stores the workspace folder name, Git metadata, synced file contents, proof-loop status, CODE URL, VS Code URI, and reports URL, but not the absolute local filesystem path.
Product Positioning
The platform should feel like a hybrid of a SaaS control plane and a serious coding environment:
- REFORM mode remixes existing repositories into a starter that matches the user's stack, naming, brand, and conventions.
- CODE mode takes that starter into editor, preview, Git, workflow validation, report evidence, and deployment proof.
- Developer Platform lets teams automate the same flow through keys, docs, OpenAPI, rate-limit visibility, and future SDKs.
Operational Notes
- Store API keys as secrets, never in source control.
- Revoke keys from Settings → Developers when a laptop, CI secret, or extension environment is replaced.
- Watch
X-RateLimit-*andRetry-Afterheaders on API responses. - AI endpoints still consume ReformCode credits unless the account has unlimited credits.
- Use
/api-docsfor endpoint reference and/docs/api/openapi.yamlfor generated clients.