.qt-noscript-shell{position:fixed;inset:0;background:#04091a;color:#e5edf7;font-family:ui-sans-serif,system-ui,sans-serif;display:flex;align-items:center;justify-content:center;padding:24px;z-index:99999}.qt-noscript-card{max-width:560px;width:100%;background:rgba(8,18,42,.6);border:1px solid rgba(0,229,255,.22);border-radius:16px;padding:32px;box-shadow:0 0 60px rgba(0,229,255,.08)}.qt-noscript-eyebrow{font-family:ui-monospace,SFMono-Regular,Menlo,monospace;font-size:11px;letter-spacing:.25em;text-transform:uppercase;color:#67e8f9;margin-bottom:14px}.qt-noscript-title{font-size:30px;line-height:1.15;font-weight:700;color:#fff;letter-spacing:-.01em;margin:0 0 16px}.qt-noscript-body{font-size:15px;line-height:1.6;color:#b5c5dd;margin:0 0 18px}.qt-noscript-list{font-size:14px;line-height:1.65;color:#b5c5dd;margin:0 0 22px;padding-left:18px}.qt-noscript-list li{margin-bottom:6px}.qt-noscript-list code{font-family:ui-monospace,SFMono-Regular,Menlo,monospace;font-size:13px;color:#67e8f9;background:rgba(0,229,255,.08);padding:1px 6px;border-radius:4px}.qt-noscript-actions{display:flex;flex-wrap:wrap;gap:10px}.qt-noscript-btn{display:inline-flex;align-items:center;gap:6px;padding:10px 18px;border-radius:999px;font-size:13px;font-weight:600;letter-spacing:.02em;text-decoration:none;border:1px solid rgba(0,229,255,.4);color:#e5edf7}.qt-noscript-btn-primary{background:#67e8f9;color:#04091a;border-color:#67e8f9}.qt-noscript-foot{margin-top:22px;font-family:ui-monospace,SFMono-Regular,Menlo,monospace;font-size:11px;letter-spacing:.15em;color:#5d7394;text-transform:uppercase}

JavaScript required

QorTrace needs JavaScript to run.

QorTrace is a cryptographic risk and PQC migration platform. The interface, live scans, and methodology viewer all run in your browser — they can't render without JavaScript.

Enable JavaScript for qortrace.com in your browser settings, then refresh.
Using a privacy extension (NoScript, uBlock, Brave Shields)? Allow scripts for this site only.
Just need the methodology or a sample report? Use the static fallbacks below.

Email for static methodology PDF View raw sample audit

QorTrace — methodology qortrace-method-v0.2

Get started

Authentication

Every QorBOM™ Partner API request requires a Bearer API key issued to your partner-tenant account. Apply via the partner application form — we'll mint and email you a sandbox key within two business days.

Key format

Key

qb_live_xxxxxxxxxxxxxxxx_yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy

live or test · 16-char lookup · 32-char secret

HTTP header

Authorization: Bearer qb_live_…

Same scheme Stripe, OpenAI, and Anthropic use. Drop into any standard HTTP client.

Storage & rotation

Show-once secret.The plaintext secret is shown to you exactly once during key creation. Store it in your secrets manager (1Password, HashiCorp Vault, AWS Secrets Manager) immediately. Lost keys can be revoked + reissued; the secret bytes cannot be recovered.

Rotation is recommended every 90 days. Generate the new key first (both old + new are valid during overlap), roll callers over, then revoke the old one.

Environments

Environment	Key prefix	Base URL
Sandbox	`qb_test_…`	`https://api.qorbom.com`
Production	`qb_live_…`	`https://api.qorbom.com`

Both environments live behind the same URL; the prefix decides the tenant routing. Test-mode scans count against a 25/day soft cap.

Example

curl https://api.qorbom.com/api/v1/cbom/health \
  -H "Authorization: Bearer $QORBOM_KEY"

The health endpoint is public, but sending your key lets the response include tenant-specific quota + rate-limit metadata in the X-QorBOM-* response headers.