API Reference
ProIntegrate wYnFuscate into your CI/CD pipeline, build tools, or custom applications with our REST API. Available for Pro and Enterprise plans.
Quick Start
Generate an API Key
Go to Dashboard → Settings → API Keys and create a new key.
Submit a file for obfuscation
Loading...Poll for completion
Loading...Download the obfuscated file
Loading...(Optional) Delete the job to free storage
Loading...Endpoints Overview
| Method | Endpoint | Description |
|---|---|---|
| POST | /obfuscate | Submit a file for obfuscation |
| GET | /jobs/{id} | Get job status and details |
| GET | /jobs/{id}/download | Download obfuscated output |
| DELETE | /jobs/{id} | Delete job and free storage |
Authentication
All API requests require authentication using a Bearer token. Include your API key in the Authorization header:
Loading...Keep your API key secure
Never expose your API key in client-side code, public repositories, or logs. API keys have full access to your account's obfuscation capabilities.
API Key Format
API keys follow the format wynf_ followed by 32 alphanumeric characters. Example: wynf_WA26Jeusd6JQWowkJYbo1peqyKJFe5uE
Key Limits
- Each account can have 1 active API key at a time
- Revoke your existing key before creating a new one
- Keys are shown only once at creation - store them securely
- Keys are automatically revoked if you downgrade from Pro/Enterprise
Base URL
Loading...All endpoints are relative to this base URL. Use HTTPS for all requests.
Endpoints
/obfuscateSubmit a Lua file for obfuscation. Returns a job ID that you can use to check status and download the result.
Request
| Parameter | Type | Required | Description |
|---|---|---|---|
file | File | Yes | The .lua file to obfuscate (max 5MB Pro, 10MB Enterprise) |
targetPlatform | String | No | Target Lua platform (default: ROBLOX). See available platforms below. |
securityTier | String | No | Security tier: STANDARD (default), ENHANCED, or MAX. See tiers below. |
enhancedCompression | String | No | Set to "true" to enable Enhanced VM Compression. Reduces output file size at the cost of slightly slower initialization. Pro and Enterprise only. Target platform must support load or loadstring. |
node | String | No | Obfuscator node: STABLE (default) or BETA. Beta uses the latest pre-release obfuscator for testing. Basic, Pro, and Enterprise only. |
autoApplyMacros | String | No | Set to "true" to automatically inject WYNF_JIT_MAX wrappers on hot functions. Basic, Pro, and Enterprise only (or credits). |
optimizeSource | String | No | Set to "true" to enable source-level optimizations before obfuscation. Basic, Pro, and Enterprise only (or credits). |
enableLineInfo | String | No | Set to "true" to remap runtime errors to original source lines. May have a slight impact on performance when enabled. |
performanceMode | String | No | Set to "true" to enable Performance Mode. Prioritizes runtime speed over some polymorphic hardening. Standalone option, combinable with any security tier. Beta node only. Basic, Pro, and Enterprise only (or credits). |
Target Platforms
Specify the Lua runtime your script will run on. This optimizes the obfuscated output for compatibility.
| Value | Description |
|---|---|
AUTO | Universal mode - works across multiple Lua runtimes. |
ROBLOX | Roblox (Luau) - Default. Optimized for Roblox game scripts. |
ROBLOX_COMPAT | Roblox (Max Compatibility) - Reduced security for maximum compatibility across custom Roblox environments. |
LUAU | Standalone Luau CLI runtime. |
LUA51 | Standard Lua 5.1. |
LUA52 | Standard Lua 5.2. |
LUA53 | Standard Lua 5.3. |
LUA54 | Standard Lua 5.4. |
LUAJIT | LuaJIT 2.x. High-performance JIT compiler. |
Security Tiers
| Tier | Description |
|---|---|
STANDARD | Baseline protection with fast processing. Recommended for most scripts. (Default) |
ENHANCED | Additional protection layers with moderate overhead. |
MAX | Maximum security with all protection features. Comes with a performance trade-off. |
Obfuscator Nodes
Choose which obfuscator release to use. The beta node runs the latest pre-release version for testing new features and fixes before they are promoted to stable.
| Value | Description |
|---|---|
STABLE | Production obfuscator. Thoroughly tested and reliable. (Default) |
BETA | Pre-release obfuscator for testing. May include new features, optimizations, or bug fixes not yet in stable. Basic, Pro, and Enterprise only. |
Example Request
Loading...Example Request (with Target Platform)
Loading...Example Request (with Security Tier)
Loading...Example Request (with Beta Node)
Loading...Example Request (with Source Optimization)
Loading...Example Request (with Line Info)
Loading...Example Request (with Performance Mode - Beta Node)
Loading...Example Request (with All Options)
Loading...Example Request (with Enhanced Compression)
Loading...Response
Loading.../jobs/{id}Get the current status and details of an obfuscation job.
Job Statuses
pendingQueued for processing
processingCurrently obfuscating
completedReady to download
failedError occurred
Polling Rate Limits
Important: This endpoint has rate limits to prevent abuse:
- Per-minute limit: 20 requests/min (FREE/PRO), 60 requests/min (Enterprise)
- Per-job limit: Maximum 120 polls per job (all plans)
Recommended polling strategy: Start with 2-second intervals, then use exponential backoff (double the interval each time, max 30 seconds). Most jobs complete within 5-15 seconds.
Example Request
Loading...Response (Completed)
Loading...Response (Failed)
Loading.../jobs/{id}/downloadDownload the obfuscated file. Only available when job status is completed.
Example Request
Loading...Response Headers
Loading...Note: Files are retained for 14 days after creation. After expiration, the download endpoint returns a 410 Gone error.
/jobs/{id}Delete a job and its obfuscated output file from storage. This permanently removes the file and frees up your storage quota.
This action is permanent
Deleted jobs cannot be recovered. Make sure you have downloaded any files you need before deleting.
Example Request
Loading...Response
Loading...Response Fields
| Field | Type | Description |
|---|---|---|
success | boolean | Always true on success |
jobId | string | The ID of the deleted job |
deletedFiles | string[] | Which files were deleted (typically output) |
storageFreed | number | Bytes freed from your storage quota |
Error Responses
| HTTP | Code | Description |
|---|---|---|
401 | UNAUTHORIZED | Invalid or missing API key |
403 | FORBIDDEN | API key lacks jobs:write scope |
404 | NOT_FOUND | Job not found or already deleted |
Error Codes
| HTTP | Code | Description |
|---|---|---|
400 | BAD_REQUEST | Invalid request parameters |
400 | INVALID_FILE | File validation failed (wrong type, too large, etc.) |
400 | NOT_READY | Job not completed yet (for download endpoint) |
401 | UNAUTHORIZED | Missing or invalid API key |
401 | INVALID_KEY | API key format is invalid or key not found |
401 | KEY_REVOKED | API key has been revoked |
401 | KEY_EXPIRED | API key has expired |
403 | FORBIDDEN | API key lacks required scope |
403 | PLAN_DOWNGRADED | Account no longer has API access (downgraded plan) |
403 | QUOTA_EXCEEDED | Daily quota or concurrent job limit exceeded |
404 | NOT_FOUND | Job not found or doesn't belong to your account |
410 | EXPIRED | Job files have expired (14-day retention) |
429 | RATE_LIMIT_EXCEEDED | Too many requests, slow down |
500 | INTERNAL_ERROR | Server error, please retry |
503 | SERVICE_UNAVAILABLE | Service is under maintenance |
Error Response Format
Loading...Rate Limits
API requests are subject to rate limits to ensure fair usage. Limits are applied per API key.
| Plan | Per Hour | Per Day | Concurrent Jobs |
|---|---|---|---|
| Pro | 10 requests | 50 requests | 3 jobs |
| Enterprise | 300 requests | Unlimited | 10 jobs |
When rate limited, the API returns 429 Too Many Requests with a Retry-After header indicating how many seconds to wait before retrying.
Code Examples
Python
Loading...Node.js
Loading...Bash
Loading...Best Practices
Use exponential backoff for polling
Start with 1 second, then 2, 4, 8... to reduce API calls for longer jobs.
Store API keys in environment variables
Never hardcode keys in source code or commit them to repositories.
Handle rate limits gracefully
Check for 429 responses and respect the Retry-After header.
Validate files before uploading
Check file extension and size client-side to avoid wasting API calls.
Download results promptly
Files expire after 14 days. Download and store results in your own storage.