Welcome to Hazy Docs

Hazy is an enterprise-grade Discord bot powered by a high-performance Flask Web Dashboard running on a gthread worker cluster. This documentation provides deep technical specifications of our internal APIs, module workflows, and endpoint payloads.

All data management is handled securely through Discord's OAuth2 protocol, ensuring absolute data integrity across your communities.

Authentication & OAuth2 Lifecycle

The Hazy web ecosystem strictly enforces session validation on all `/api/*` routes.

  • Endpoint: GET /api/auth/discord
  • Flow: When a user logs in, they are redirected to Discord's official OAuth authorization portal. Upon return, Hazy securely requests a bearer token and caches the user's guilds locally to reduce external API latency.
  • Heartbeat Validation: The POST /api/users/heartbeat/ endpoint continuously validates active dashboard sessions.
  • Security: All dashboard mutating actions require both a valid session cookie and verifying the user has the Administrator or Manage Server permission in the target guild via the /api/guilds/ index.

Shared Configurations API

Hazy allows server administrators to export their entire server's bot configuration (Welcome messages, Forms, Anti-Raid rules) into a shareable template.

Creating a Template

Executing a POST request to /api/shared-configs/ with a valid configuration JSON payload generates a unique hash identifier. This hash can be imported by any other authenticated user.

Fetching Templates

Fetching GET /api/shared-configs/ returns the global repository of public configuration templates, alongside their usage statistics and author metadata.

Welcome Engine & Live Previews

Hazy features an intricate Welcome and Boost rendering engine that generates real-time Discord Embed previews directly in your browser.

Canvas Rendering Pipeline

The Welcome Engine utilizes a low-level graphics pipeline powered by canvas to dynamically composite profile pictures, text overlays, and backgrounds in real-time. This entirely bypasses the need for slow external image APIs.

  • Layer 1: Background: User-uploaded HD backgrounds are cached in memory.
  • Layer 2: Avatar Masking: The user's Discord avatar is fetched, circularized using vector clipping paths, and overlaid with a customizable border.
  • Layer 3: Typography: TrueType fonts are rasterized and dropped onto the image with optional drop-shadows for high readability against varied backgrounds.
Performance Metric: The entire compositing process takes under 45ms per image.

Live Preview Architecture

Instead of manually testing welcome messages in your server, the dashboard utilizes the POST /api/config/<guild_id>/welcome-preview/ and POST /api/config/<guild_id>/embed-preview/ endpoints. As you type, the browser dispatches the JSON payload to our servers which process the variables (like {user} or {server}) and return a fully sanitized HTML element identical to Discord's native UI.

Custom Canvas Images

Using POST /api/bot/welcome-image/, you can upload a custom PNG/JPG. Hazy will utilize its internal Canvas engine to layer the joining member's avatar seamlessly onto your custom background.

Verification Gates API

Protect your community using Hazy's robust role-verification system.

Method Endpoint Functionality
GET /api/config/<guild_id>/verify-roles/ Fetches the current verification configuration, including the targeted channel, designated unverified role, and granted verified role.
POST /api/config/<guild_id>/verify-roles/ Deploys the interactive verification button to the designated Discord channel.
POST /api/config/<guild_id>/verification-preview/ Renders the exact layout of the verification panel before deploying it.

Dynamic Form Builder

The Dynamic Forms engine eliminates the need for third-party application websites. You can create staff applications, ban appeals, or feedback forms directly within Discord.

Dynamic Validation Logic

Hazy's Form Builder is not just a text input system; it features a Turing-complete validation engine built directly into the Discord modal system.

When a user submits an application, the backend parses the responses through a configurable Regex (Regular Expression) validation chain. If the user fails to meet the length requirements or inputs blacklisted terms, the application is silently rejected and logged in the Audit Logs.

The GET/POST /api/config/<guild_id>/forms/ endpoint handles the CRUD operations for forms. Each form payload consists of:

  • Questions Array: Supports multiple data types (Short Text, Paragraph, Multiple Choice).
  • Output Channel: The Discord channel where completed forms will be dumped as a detailed embed.
  • Access Control: Specific roles required to see or execute the form.

Giveaways Service

Hazy integrates a complete Giveaway lifecycle manager. Unlike slash commands, the web dashboard provides absolute control over the giveaway logic.

Giveaway Creation Workflow

POST /api/giveaways/<guild_id>/create/

Payload Example:
{
    "prize": "Discord Nitro",
    "winners": 1,
    "duration_seconds": 86400,
    "channel_id": "10493850183918231",
    "required_roles": ["98234810234"],
    "host_id": "YOUR_USER_ID"
}

Once created, the dashboard tracks active giveaways via GET /api/giveaways/<guild_id>/. Administrators can prematurely end, reroll, or delete a giveaway via the DELETE /api/giveaways/<guild_id>/<message_id>/ endpoint.

Automated Backups Architecture

Hazy's backup system is a lifeline against server raids. It takes deep snapshots of your server's architectural state.

Cryptographic Backup Integrity

Every time you create a backup via POST /api/backup/<guild_id>/, the entire state of your server (Roles, Channels, Permissions, Emojis) is serialized into a highly compressed binary format.

Before being saved to the database, the payload is signed with an HMAC-SHA256 signature. This guarantees that if a malicious actor attempts to manually modify the backup database entry to inject a rogue administrator role, the signature validation will fail and the restoration process will automatically abort.

  • Snapshot Generation: POST /api/backup/<guild_id>/ triggers the bot to cache all roles (with their exact permissions), category structures, text/voice channels, and channel overrides into the database.
  • Restoration Protocol: In the event of a catastrophic raid, issuing a POST /api/backup/<guild_id>/restore command forces Hazy to wipe compromised channels and systematically rebuild the server identically to the saved state using the Discord REST API rate-limits responsibly.

Global Ban Network

Hazy integrates a powerful Cross-Server Ban (Global Ban) engine designed to pre-emptively neutralize known raiders, scammers, and malicious actors before they can compromise your community.

Ban Syndication Endpoints

Method Endpoint Functionality
GET /api/bans/ Fetches a paginated global repository of all flagged users, including evidence hashes and the issuing moderator ID.
GET /api/bans/search/ Query an exact Discord ID to check if a user is present in Hazy's global blacklist before accepting their server join request.
DELETE /api/bans/<ban_id>/ Revokes a global ban and immediately dispatches a webhook to all participating servers to lift the restriction locally.

Embed Templates Infrastructure

Why write JSON every time you need an announcement? Hazy allows administrators to design, save, and dynamically inject variables into Discord Embed templates via the dashboard.

  • Storage Strategy: Calling POST /api/embed-templates/<guild_id>/ stores the exact JSON architecture of your embed (Colors, Fields, Thumbnails, Author blocks) into a secure Redis cache layer.
  • Runtime Injection: You can fetch and render an existing template instantly using GET /api/embed-templates/<guild_id>/<template_id>, passing URL parameters to dynamically replace variables like {user.mention} before sending it to a channel.

Discord Audit Logs Sync

Instead of forcing administrators to check Discord natively, Hazy pulls logs securely.

The GET /api/discord/<guild_id>/audit-logs/ endpoint requests the latest 50 audit entries directly from Discord's servers, parsing raw event types (like MEMBER_KICK or CHANNEL_DELETE) into a beautiful, human-readable timeline directly on your dashboard.

Server Analytics Engine

For data-driven community managers, the GET /api/analytics/<guild_id>/ endpoint compiles massive datasets regarding user retention and activity.

The dashboard renders these metrics using advanced charting libraries, displaying message volume trends, daily active members, and peak activity hours. You can even export these stats via GET /api/stats/export/ for external spreadsheet analysis.

Invite Tracking Network

Hazy listens to the GUILD_MEMBER_ADD gateway event and cross-references it with a cached version of all server invites to pinpoint exactly which invite code was used.

The GET /api/config/<guild_id>/invite-stats/ endpoint delivers a sorted leaderboard of the top inviters, the effectiveness of vanity URLs, and flags suspicious accounts using fake invites.

Moderation Commands

The following slash commands are related to moderation and managing your server.

/ban

Ban a user from the server.

Option Type Description Required
user User Select the user to ban (Paste ID if not in server). Yes
reason String Reason for the ban. Yes
messages Integer Delete messages from the last: Yes

/kick

Kick a user from the server.

Option Type Description Required
user User Select the user to kick. Yes
reason String Reason for the kick. Yes

/mute

Temporarily mute a user.

Option Type Description Required
user User Select the user to mute. Yes
duration String Mute duration (e.g., 10m, 1h, 2d). Yes
reason String Reason for the mute. Yes

/purge

Delete a specific number of messages from the channel.

Option Type Description Required
amount Integer Number of messages to delete (1–500) Yes

/unban

Unban a user by their ID.

Option Type Description Required
id String User ID to unban. Yes
reason String Reason for unbanning (optional). No

/unmute

Removes timeout from a user.

Option Type Description Required
user User User to unmute. Yes

Administration Commands

The following slash commands are related to administration and managing your server.

/addrole

Assign a role to a user.

Option Type Description Required
user User User to assign the role to. Yes
role Role Role to be assigned. Yes

/massrole

Assign a role to all members of the server.

Option Type Description Required
role Role The role to assign to all members. Yes

/temprole

Temporarily assigns a role to a user.

Option Type Description Required
user User User to assign the role to Yes
role Role Role to assign Yes
duration String Duration (e.g. 30m, 1h, 2d) Yes

/logs

Enable or disable server logs.

Option Type Description Required
status String Turn logs on or off. Yes

Utility Commands

The following slash commands are related to utility and managing your server.

/help

Displays a clean list of available Hazy commands.

No options required.

/serverinfo

Displays clean and readable server information.

No options required.

/userinfo

Displays information about a user.

Option Type Description Required
user User Select the user to get information about. Yes

/suggest

Submit a suggestion to the server.

Option Type Description Required
text String Your suggestion Yes

/poll

Create a quick poll.

Option Type Description Required
question String The poll question Yes
option1 String Option 1 Yes
option2 String Option 2 Yes
option3 String Option 3 (optional) No
option4 String Option 4 (optional) No
option5 String Option 5 (optional) No

/roles

Manage and display emoji role panel

Option Type Description Required
add Subcommand Link a role to an emoji No
panel Subcommand Send the emoji role embed No
remove Subcommand Remove a linked role from the panel No

Features Commands

The following slash commands are related to features and managing your server.

/forms

Send the application form configured in the panel.

No options required.

/giveaway

Create a giveaway.

Option Type Description Required
prizes String Comma-separated prizes Yes
winners Integer Number of winners Yes
duration String e.g., 1m, 1h, 1d Yes

/guess

Start a guessing game

No options required.

/invites

View invite statistics

Option Type Description Required
user Subcommand View invite statistics for a user No
leaderboard Subcommand View the invite leaderboard No

/staff

Launch the staff recruitment system.

No options required.

/tickets

Start the ticket system

Option Type Description Required
message String Extra message (optional) No

/verify

Send the verification panel

No options required.

/channel

Lock or unlock a channel.

Option Type Description Required
action String Choose whether to lock or unlock the channel. Yes
channel Channel Select the channel to modify. Yes

Real-Time Push Notifications

The Hazy architecture utilizes a high-throughput websocket bridge combined with the /api/push/ REST endpoint to dispatch live alerts.

When critical infrastructure events occur (e.g., A mass-raid is detected, or a global ban is issued), the internal backend fires a POST /api/push/ payload containing the severity level and cryptographic signature. The connected frontend dashboards instantly render these alerts without requiring page reloads, ensuring administrators are always aware of active threats.

User Management Module

Hazy provides enterprise-grade management over dashboard access and granular user privileges through the /api/users/ route family.

By issuing a PUT /api/users/<discord_id>/ request, administrators can manually override a user's dashboard clearance level, restrict them from viewing specific server analytics, or completely revoke their OAuth2 access tokens to force an immediate session termination.

REST API Specifications

Hazy provides raw endpoints for developers building external integrations. All endpoints return strictly formatted JSON payloads.

Authentication

All API endpoints (except public statistics) require a valid Discord OAuth2 session. Pass the session cookie or authorization bearer token depending on your integration type.

Rate Limiting: Endpoints are strictly rate-limited to 60 requests per minute per IP to prevent spam and abuse.

GET /api/stats/

Fetch global platform statistics including total users, active servers, and latency.

python
import requests

response = requests.get('https://hazy.app/api/stats/')
data = response.json()

print(f"Total Servers: {data['total_servers']}")
print(f"Ping: {data['ping']}ms")

GET /api/discord/<guild_id>/audit-logs/

Fetch securely parsed Discord audit logs for a specific server. Requires Administrator or Manage Server permissions on the target guild.

javascript (Node.js)
const fetch = require('node-fetch');

async function getAuditLogs(guildId, sessionCookie) {
  const response = await fetch(`https://hazy.app/api/discord/$${guildId}/audit-logs/`, {
    headers: {
      'Cookie': `session=$${sessionCookie}`
    }
  });
  
  if (response.status === 429) {
    console.error("Rate limit exceeded. Please slow down your requests.");
    return;
  }
  
  const logs = await response.json();
  return logs;
}

POST /api/giveaways/<guild_id>/create/

Programmatically spawn a new giveaway in the specified server. The payload must include the channel ID, duration, and prizes.

cURL
curl -X POST https://hazy.app/api/giveaways/1234567890/create/ \\
  -H "Cookie: session=YOUR_SESSION_COOKIE" \\
  -H "Content-Type: application/json" \\
  -d '{
    "channel_id": "9876543210",
    "prize": "Discord Nitro",
    "winners": 1,
    "duration": "24h"
  }'

Live Infrastructure Playground

Execute a real-time diagnostic ping against the Hazy core network. This directly hits the GET /api/v1/health endpoint to test latency.

Discord Gateway
--ms
API Response Edge
--ms
Cluster Status
ONLINE

Live Edge Latency Graph