Questions
Common questions about toran, how it works, and when to use it.
What is toran?
toran is a read-only outbound API inspector. You swap in a toran URL as your base URL, and toran logs the exact requests and responses as they happen. It's designed for debugging third-party API integrations from servers, CI, containers, and AI agents.
How does toran work?
You create a toran with an upstream base URL (e.g., https://api.openai.com). toran gives you a Base URL (e.g., https://abc123.toran.sh). Your code calls the toran URL, which forwards requests to the upstream and logs the full request/response cycle.
Does toran modify my requests?
No. toran is read-only by design. It forwards requests exactly as received and returns responses exactly as the upstream sent them. There are no retries, caching, mutation, automation, or policy enforcement.
How is toran different from an API gateway or observability platform?
toran is a read-only outbound inspection proxy meant for debugging and understanding API behavior. It does not provide routing rules, transformations, authentication layers, rate limiting, caching, or policy enforcement. It's designed to be used when you need clarity, and then removed by changing your base URL back. If you need permanent traffic management or long-term telemetry storage, toran is not trying to replace those tools.
Why wouldn't I just add better logging?
Application logs show what your code intended to send. toran shows what actually went over the wire: the final URL, headers, payload shape, retries, and responses as seen externally. This matters when SDKs inject headers, normalize payloads, retry requests, or when behavior differs across environments. toran also avoids requiring code changes or redeploys just to inspect traffic.
Does toran add latency?
toran adds minimal overhead (typically single-digit milliseconds). The logs include detailed timing breakdowns so you can see exactly how much time is spent in toran vs. the upstream API.
What happens if toran has an outage or can't reach the upstream?
toran fails explicitly. If toran cannot forward a request to the upstream, the request fails rather than silently "passing through" in an unexpected state. toran does not perform hidden retries that could mask issues or change request timing. The intent is to make failures visible and diagnosable, not to behave like infrastructure that mutates reliability characteristics.
Is it safe to use toran with sensitive data?
toran can see the traffic you send through it, so you should treat it like any debugging proxy. toran is built to be trust-forward: read-only by default and designed for limited retention. For details on what is stored and for how long, refer to the Privacy page. If you have strict requirements, prefer using toran only with non-sensitive environments or redact payloads at the source.
Is toran meant to run in production?
toran is not meant to become permanent infrastructure. It can be used against production traffic when you need clarity, but the design intent is temporary debugging and investigation. You should be able to turn toran off instantly by switching your base URL back. If you need always-on monitoring or continuous alerting as a core workflow, toran is not positioning itself as that.
How do I get started?
Create a toran by entering an upstream base URL. You'll receive a toran URL immediately. Swap that URL into your configuration, make a request, and inspect the requests live in your browser.
Can I share torans with my team?
Yes. Create a team and invite your teammates by email. Everyone in the team can see and manage torans created in that team.
You can also create share links for read-only access - perfect for showing requests to someone without giving them full access.
How do teams work?
Think of teams as separate workspaces. You might have a personal team for your side projects, an "iOS Team" for mobile work, and an "API Team" for backend services.
Each team keeps its torans separate, and you control who has access to each one.
Can I move a toran between teams?
No - once a toran is created in a team, it stays there. This keeps things predictable and prevents accidental moves.
If you need the same toran in multiple teams, just create a new one with the same upstream URL.
Are the "coming soon" capabilities available today?
Not necessarily. The Questions and Pricing pages describe what is available today. The Coming Soon page reflects areas of exploration and active development, and those items may evolve or ship incrementally. toran does not sell future capabilities as current entitlements.
How does toran compare to mitmproxy / tcpdump / Wireshark?
Those tools are excellent for local and network-level inspection, but they often require local setup, certificates, or environment-specific access. toran is a hosted, reversible workflow: swap the base URL, observe outbound HTTP behavior live, then remove it. This can be especially convenient for CI, remote environments, or cases where local interception is impractical.
Still have questions?
Visit the Learn page for guides and comparisons, or create a toran to try it yourself.