API Documentation

Integrate the HexGuard obfuscation API into your own scripts and tools.

Endpoint

POSThttps://hexguard.com.br/api/obfuscate/v1

Authentication

Send your API key in the Authorization header as a Bearer token.

Authorization: Bearer hg_your_api_key_here

Get your API key

Parameters

file*stringThe .lua source code as a plain string field. Max 2 MB.

filename*stringFilename for the source (must end in ".lua"), e.g. "myscript.lua".

side*string"client" or "server". Client adds anti-decompiler wrapper.

noRenameflagDisable variable renaming.

noStringsflagDisable string encryption.

noNumbersflagDisable number obfuscation.

noControlFlowflagDisable control flow obfuscation.

noDeadCodeflagDisable dead code injection.

noMinifyflagDisable minification.

noUpvalueWrapflagDisable upvalue wrapping.

noShuffleflagDisable statement shuffle.

noAiTrapflagDisable AI trap patterns.

noCfgFlattenflagDisable CFG flattening.

noApiAliasflagDisable MTA API aliasing.

oneLineflagCollapse output to one line.

preserveLocalsflagPreserve local function names.

preserveGlobalsflagAuto-detect and preserve all global identifiers.

seedintegerInteger seed for deterministic output (0 – 2³¹−1).

* Required · Flags are sent as form fields with value "1"

Returns

On success: binary .luac file (application/octet-stream). On error: JSON with an "error" field.

Error Codes

400Bad request — missing file, wrong extension, invalid side, or invalid Lua syntax.

401Missing or invalid API key.

402Insufficient credits.

403Discord account no longer member of HexGuard server.

429Rate limit exceeded (10 req/min per IP).

500Internal error (obfuscation or compile failure).

503Could not reach Discord API to verify membership.

Code Examples

keywordbuilt-in / APIfunction callstringnumberoption flagcomment

local API_KEY = "hg_your_api_key_here"
local API_URL = "https://hexguard.com.br/api/obfuscate/v1"

-- Read the source file
local fileHandle = fileOpen("myscript.lua")
if not fileHandle then return end
local content = fileRead(fileHandle, fileGetSize(fileHandle))
fileClose(fileHandle)

-- POST to HexGuard API
fetchRemote(API_URL, {
    method   = "POST",
    headers  = { ["Authorization"] = "Bearer " .. API_KEY },
    formFields = {
        file     = content,        -- file content as plain string
        filename = "myscript.lua", -- filename sent separately
        side     = "client",
        -- optional: disable passes you don't need
        noMinify   = "1",    -- keep whitespace (useful for debugging)
        noShuffle  = "1",    -- skip statement reordering
        noDeadCode = "1",    -- skip dead code injection
        seed       = "1337", -- reproducible output
    },
    queueName      = "hexguard",
    connectTimeout = 30000,
    callbackMode   = 1,
}, function(responseData, responseInfo)
    if responseInfo.statusCode ~= 200 then
        outputDebugString("[HexGuard] Error: HTTP " .. responseInfo.statusCode .. " — " .. tostring(responseData))
        return
    end
    local out = fileCreate("myscript.luac")
    if out then
        fileWrite(out, responseData)
        fileClose(out)
        outputDebugString("[HexGuard] Saved as myscript.luac")
    end
end)