Skip to content

Obfuscator API quickstart

Base URL: your Sinister host (same as SinisterClient downloads), e.g. https://app.sinistersoftworks.xyz

Auth header on all endpoints except public preset and plan lists:

X-Obf-Key: OBF-…

Keys are issued by staff and start with OBF-.

List presets

http
GET /api/v1/obfuscate/presets

No auth. Returns standard, aggressive, maximum, tier_c metadata.

Check quota

http
GET /api/v1/obfuscate/quota
X-Obf-Key: your-key-here

Response fields: presetMax, allowedPresets, dailyJobs, jobsToday, maxBytes, totalJobs.

Submit job

http
POST /api/v1/obfuscate
Content-Type: application/json
X-Obf-Key: your-key-here

{
  "source": "print('hello')",
  "preset": "standard"
}

Optional bind_key for tier_c preset (defaults to your API key if omitted).

Returns HTTP 202:

json
{
  "jobId": "",
  "status": "queued",
  "pollUrl": "/api/v1/obfuscate/jobs/…"
}

Poll until ready

http
GET /api/v1/obfuscate/jobs/{jobId}
X-Obf-Key: your-key-here

Statuses: queued, processing, ready, failed.

When ready, response includes output with obfuscated Lua string.

Errors

CodeMeaning
401Missing or invalid key
429Daily quota exhausted
400Syntax error, empty source, or size over limit
503Obfuscator service not running on host

curl example

bash
curl -s -H "X-Obf-Key: YOUR_KEY" https://app.example.com/api/v1/obfuscate/quota

curl -s -X POST https://app.example.com/api/v1/obfuscate \
  -H "Content-Type: application/json" \
  -H "X-Obf-Key: YOUR_KEY" \
  -d "{\"source\":\"print(1)\",\"preset\":\"standard\"}"

Replace host and key. Poll the returned pollUrl until ready.

Staff reference: internal Obfuscator API page for admin key issuance and route wiring notes.