# Vanguard API Documentation > Vanguard is a webhook proxy and security toolkit for Roblox serversides. It validates, filters, and proxies webhook requests to Discord. Base URL: https://vapi.exoliner.wtf Auth: JWT token in `Authorization` header (no Bearer prefix) --- ## Authentication POST /api/v1/login Body: { "code": "" } Returns JWT token. GET /api/v1/user/me Returns: { id, username, email, rank, balance, discordid, sellerAuthorization, avatar } Ranks: NONE, PRO, MAX, STAFF, OWNER GET /api/v1/user/limit Returns: user request limits and current usage. GET /api/v1/user/licenses?page={page}&limit={limit}&search={query} Returns: paginated list of purchased licenses. --- ## Serversides GET /api/v1/serverside Returns: list of all user serversides. GET /api/v1/serverside?id={id} Returns: details for a specific serverside. POST /api/v1/serverside/create Body: { "name": "My Server" } Creates a new serverside. POST /api/v1/serverside Body: { "id": "ss_abc", "name": "New Name" } Renames a serverside. DELETE /api/v1/serverside/delete Body: { "id": "ss_abc" } Deletes a serverside. GET /api/v1/serverside/analytics?id={id} Returns: request analytics for a serverside. GET /api/v1/activities?id={id}&page={page}&limit={limit}&activityType={type}&sort={sort} Returns: paginated activity logs. Sort: "newest" or "oldest". POST /api/v1/module/{id} Body: { "moduleId": "12345678" } Updates the main module ID for HTTP linker. --- ## Webhooks GET /api/v1/serverside/webhook/{serversideId} Returns: list of webhooks for a serverside. POST /api/v1/serverside/webhook/create Body: { "serversideId": "ss_abc", "url": "https://discord.com/api/webhooks/...", "name": "My Webhook" } Creates a new webhook. PUT /api/v1/serverside/webhooks/{webhookId} Updates a webhook's URL, name, or settings. DELETE /api/v1/serverside/webhooks/{webhookId} Deletes a webhook. ### Webhook Templates GET /api/v1/serverside/webhook/template Returns: list of templates. POST /api/v1/serverside/webhook/template/create Creates a new template. DELETE /api/v1/serverside/webhook/template/delete Deletes a template. ### Secure Variables Use in webhook body — server-signed, tamper-proof: - {{vanguard.player_name}} — Verified player username - {{vanguard.player_id}} — Verified player Roblox ID - {{vanguard.game_id}} — Game universe ID - {{vanguard.server_id}} — Server job ID - {{vanguard.timestamp}} — UTC timestamp - {{vanguard.request_id}} — Unique request ID --- ## Security & Obfuscation GET /api/v1/serverside/security/analytics?id={id}&range={range} Returns: security analytics, blocked requests, threat types. Range: "24h", "7d", "30d" POST /api/v1/obfuscate Body: { "code": "print('hello')", "preset": "Strong" } Presets: Strong, Medium, Weak, Minify Returns: { success: true, obfuscated: "..." } --- ## Marketplace GET /api/v1/shop/items?page={page}&limit={limit}&search={query}&sort={sort} Returns: paginated marketplace items. Sort: "newest", "popular", "price_asc", "price_desc" POST /api/v1/shop/items/buy Body: { "itemId": "item_abc" } Purchases item, deducts balance. ### Seller Endpoints (requires sellerAuthorization) POST /api/v1/shop/items/create — Create listing POST /api/v1/shop/items/update — Update listing DELETE /api/v1/shop/items/delete — Delete listing POST /api/v1/shop/restock/{productId} — Add licenses to product GET /api/v1/shop/licenses?productId={id} — Get product licenses GET /api/v1/shop/statistics?range={range} — Sales stats (7d, 30d, 6m, 1y, lifetime) --- ## Plans & Billing POST /api/v1/vanguard/balance/redeem Body: { "key": "XXXX-XXXX-XXXX-XXXX" } Redeems a license key to add balance or activate a plan. POST /api/v1/vanguard/buy Body: { "plan": "PRO", "autoRenew": true } Purchases a subscription using account balance. Plans: PRO ($10/mo), MAX ($20/mo) POST /api/v1/vanguard/subscription/update Body: { "plan": "MAX", "autoRenew": false } Changes plan or toggles auto-renewal. POST /api/v1/shop/subscription/update Updates marketplace subscription renewal settings. ### Rate Limits | Plan | Requests/min | Requests/month | |------|-------------|----------------| | Free | 30 | 10,000 | | Pro | 120 | 100,000 | | Max | Unlimited | Unlimited | --- ## Error Codes 200 — Success 400 — Bad Request 401 — Unauthorized (invalid/expired JWT) 403 — Forbidden (game validation failed) 404 — Not Found 429 — Rate limit exceeded (includes retryAfter field) 500 — Server Error Error format: { success: false, error: "type", message: "description" } --- ## Lua Example ```lua local HttpService = game:GetService("HttpService") local PROXY = "https://vapi.exoliner.wtf/v1/webhook/proxy/YOUR_SERVER_ID" local data = { embeds = {{ title = "Player Event", color = 65416, fields = { { name = "Player", value = "{{vanguard.player_name}}", inline = true }, { name = "Server", value = "{{vanguard.server_id}}", inline = true }, }, timestamp = "{{vanguard.timestamp}}" }} } pcall(function() HttpService:PostAsync(PROXY, HttpService:JSONEncode(data)) end) ``` ## Links - Dashboard: /dashboard - Pricing: /pricing - Docs: /docs - Discord: https://discord.gg/exploiting