API Reference
Getting Your API Key
- Log in to your Dashboard
- Go to Settings → API Keys
- Click "Create Key" and copy your API key
- Store it securely (environment variable recommended)
Recommended: Use the NPM Package
For most use cases we recommend using the javascript-obfuscator npm package (v5.3.0+) directly via CLI or Node.js API. This is also the only officially supported way to obfuscate files larger than 4.4MB.
Installation
npm install -g javascript-obfuscator
Examples
# Basic usage (standard obfuscation) javascript-obfuscator input.js --output output.js # VM obfuscation (requires Pro API token) javascript-obfuscator input.js --output output.js \ --pro-api-token=<YOUR_PRO_API_TOKEN> \ --vm-obfuscation=true \ --options-preset=vm-medium-obfuscation # VM obfuscation with a specific version (requires Pro API token) javascript-obfuscator input.js --output output.js \ --pro-api-token=<YOUR_PRO_API_TOKEN> \ --pro-api-version=5.0.3 \ --vm-obfuscation=true \ --vm-bytecode-format=binary # Obfuscation with Parse HTML option (requires Pro API token) javascript-obfuscator input.js --output output.js \ --pro-api-token=<YOUR_PRO_API_TOKEN> \ --parse-html=true \ --compact=true \ --control-flow-flattening=true \ --dead-code-injection=true \ --string-array=true # Standard obfuscation (no token needed) javascript-obfuscator input.js --output output.js \ --compact=true \ --control-flow-flattening=true \ --dead-code-injection=true \ --string-array=true
See CLI documentation for all available options.
const JavaScriptObfuscator = require('javascript-obfuscator');
const code = `
function calculateSecret(x, y) {
return x * y + 42;
}
`;
// VM obfuscation (requires Pro API token)
const vmResult = await JavaScriptObfuscator.obfuscatePro(
code,
{
vmObfuscation: true,
vmBytecodeFormat: 'binary',
compact: true
},
{
apiToken: process.env.OBFUSCATOR_API_TOKEN,
// version: '5.0.3', // optional: specify version
// timeout: 300000 // optional: timeout in ms (default: 5 min)
},
(message) => console.log('Progress:', message) // optional: progress callback
);
// Obfuscation with Parse HTML option (requires Pro API token)
const htmlResult = await JavaScriptObfuscator.obfuscatePro(
code,
{
parseHtml: true,
compact: true,
controlFlowFlattening: true,
deadCodeInjection: true,
stringArray: true
},
{
apiToken: process.env.OBFUSCATOR_API_TOKEN
},
(message) => console.log('Progress:', message) // optional: progress callback
);
console.log(htmlResult.getObfuscatedCode());
// Standard obfuscation (no token needed)
const standardResult = JavaScriptObfuscator.obfuscate(code, {
compact: true,
controlFlowFlattening: true,
deadCodeInjection: true,
stringArray: true
});
console.log(standardResult.getObfuscatedCode());See API documentation for all available options.
Endpoint
https://obfuscator.io/api/v1/obfuscateMethod
Headers
Content-Type: application/jsonAuthorization: Bearer YOUR_API_TOKENQuery Parameters
versionDefaults to latest (5.2.2).
Response Format
The API uses NDJSON streaming (application/x-ndjson). Large results are automatically chunked in 1MB pieces for reliable delivery.
codeoptions - Obfuscation options object
At least one Pro feature is required: vmObfuscation: true or parseHtml: true
Available options: compact, controlFlowFlattening, deadCodeInjection, stringArray, sourceMap, and more.
See the Options Reference section for the complete list of available options.
Response is streamed as newline-delimited JSON (NDJSON). Each line is a JSON object with a type field:
progress - Status updates during processing
result - Final result for small outputs (<1MB)
chunk - Partial data for large outputs (1MB chunks)
chunk_end - Signals all chunks sent
error - Error message if processing failed
Error Response
{"type": "error", "message": "Error description"}Quick example using cURL to obfuscate code via the API.
curl -X POST https://obfuscator.io/api/v1/obfuscate \
-H "Content-Type: application/json" \
-H "Authorization: Bearer $OBFUSCATOR_API_TOKEN" \
-d '{
"code": "function test() { return 42; }",
"options": { "vmObfuscation": true, "compact": true }
}'Full example with streaming and chunk reassembly.
// Optional: specify version via query parameter (default: latest)
const response = await fetch("https://obfuscator.io/api/v1/obfuscate?version=5.2.2", {
method: "POST",
headers: {
"Content-Type": "application/json",
"Authorization": "Bearer YOUR_API_TOKEN"
},
body: JSON.stringify({
code: yourCode,
options: { vmObfuscation: true, compact: true }
})
});
const reader = response.body.getReader();
const decoder = new TextDecoder();
// Buffers for reassembling chunked responses
const codeChunks = [];
const sourceMapChunks = [];
let result = { code: '', sourceMap: '' };
while (true) {
const { done, value } = await reader.read();
if (done) break;
const lines = decoder.decode(value).split('\n');
for (const line of lines) {
if (!line) continue;
const msg = JSON.parse(line);
switch (msg.type) {
case 'progress':
console.log(msg.message);
break;
case 'chunk':
// Large results are sent in 1MB chunks
if (msg.field === 'code') codeChunks[msg.index] = msg.data;
if (msg.field === 'sourceMap') sourceMapChunks[msg.index] = msg.data;
break;
case 'chunk_end':
result.code = codeChunks.join('');
result.sourceMap = sourceMapChunks.join('') || msg.sourceMap || '';
break;
case 'result':
result = { code: msg.code, sourceMap: msg.sourceMap || '' };
break;
case 'error':
throw new Error(msg.message);
}
}
}
console.log('Done:', result.code);Rate limit: 30 requests per minute
Max file size (REST API): 4MB (Pro), 4.4MB (Team/Business)
Max output size: Unlimited (streamed in chunks)
Monthly quota: Based on your subscription plan
HTTP 429: Rate limit or quota exceeded. HTTP 413: Input too large.
Larger files: Team/Business plans support up to 7MB/10MB via CLI or Node.js API, which automatically handle large file uploads.
400 - Bad request (invalid JSON, missing code)
401 - Unauthorized (invalid or missing API key)
403 - Forbidden (API access not included in plan)
413 - Payload too large (exceeds plan limit)
429 - Too many requests or quota exceeded
500 - Internal server error