Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/Nuu-maan/Filly-Discord-Token-Filler/llms.txt

Use this file to discover all available pages before exploring further.

This page documents how Filly Discord Token Filler integrates with the Discord API, including endpoints, headers, authentication, and response handling.

API Endpoints

Filly uses the Discord v9 API for all operations.

Join Server Endpoint

POST /api/v9/invites/{invite}
endpoint
Joins a Discord server using an invite code.Location: index.py:187URL Format:
https://discord.com/api/v9/invites/{invite}
Request Body:
{}
Headers Required:
  • authorization - Discord token
  • All standard headers from _setup_session()
Example Request:
self.session.headers["authorization"] = token_only
response = self.session.post(f"https://discord.com/api/v9/invites/{invite}", json={})

Join Server with Captcha Solution

POST /api/v9/invites/{invite} (with captcha)
endpoint
Joins a Discord server with captcha solution headers.Location: index.py:206-209URL Format:
https://discord.com/api/v9/invites/{invite}
Request Body:
{}
Additional Headers:
  • authorization - Discord token
  • x-captcha-key - Captcha solution from solver
  • x-captcha-rqtoken - Token from captcha challenge response
Example Request:
self.client.headers.update({
    "authorization": token_only,
    "x-captcha-key": solution,
    "x-captcha-rqtoken": response.json()['captcha_rqtoken']
})
response = self.client.post(
    f"https://discord.com/api/v9/invites/{invite}",
    json={},
    proxy=None if self.config.proxyless else self.proxy
)

HTTP Session Setup

The DiscordJoiner class uses curl_cffi to impersonate Chrome and bypass bot detection.

Session Creation

Location: index.py:76-80 
def _get_session(self):
    try:
        return request.Session(impersonate="chrome"), request.Session(impersonate="chrome")
    except Exception:
        return self._get_session()
  • Creates two sessions: self.session and self.client
  • Both impersonate Chrome browser
  • Retry mechanism if session creation fails

Proxy Configuration

Location: index.py:83-88 
if not self.config.proxyless:
    proxies = Path('input/proxies.txt').read_text().splitlines()
    self.proxy = f"http://{random.choice(proxies)}".replace(
        'sessionid', str(random.randint(1327390889, 1399999999))
    )
    self.session.proxies = {"http": self.proxy, "https": self.proxy}
  • Loads proxies from input/proxies.txt
  • Randomizes session ID in proxy URL
  • Applies to both HTTP and HTTPS

HTTP Headers

All headers are configured in the _setup_session() method (index.py:90-108).

Complete Headers List

accept
string
default:"*/*"
Accept header for all content types.Value:
*/*
accept-language
string
default:"en-US,en;q=0.9"
Language preferences for responses.Value:
en-US,en;q=0.9
content-type
string
default:"application/json"
Content type for request bodies.Value:
application/json
origin
string
default:"https://discord.com"
Origin header indicating request source.Value:
https://discord.com
priority
string
default:"u=1, i"
Request priority hints.Value:
u=1, i
referer
string
Referrer URL indicating navigation source.Value:
https://discord.com/channels/@me/1338000752110600309
sec-ch-ua
string
Chrome user agent client hints.Location: index.py:28, 97Value:
"Google Chrome";v="133", "Chromium";v="133", "Not;A=Brand";v="8"
Generated From:
sec_ch_ua = f'"Google Chrome";v="{chrome_version}", "Chromium";v="{chrome_version}", "Not;A=Brand";v="8"'
sec-ch-ua-mobile
string
default:"?0"
Indicates not a mobile browser.Value:
?0
sec-ch-ua-platform
string
default:"Windows"
Operating system platform.Value:
"Windows"
sec-fetch-dest
string
default:"empty"
Fetch destination type.Value:
empty
sec-fetch-mode
string
default:"cors"
Fetch mode for CORS requests.Value:
cors
sec-fetch-site
string
default:"same-origin"
Indicates same-origin request.Value:
same-origin
user-agent
string
User-Agent string identifying the browser.Location: index.py:29, 103Value:
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
Generated From:
user_agent = f'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/{chrome_version}.0.0.0 Safari/537.36'
x-debug-options
string
default:"bugReporterEnabled"
Discord debug options.Value:
bugReporterEnabled
x-discord-locale
string
default:"en-US"
Discord locale preference.Value:
en-US
x-discord-timezone
string
default:"Asia/Calcutta"
Discord timezone setting.Value:
Asia/Calcutta
x-super-properties
string
Base64-encoded browser fingerprint data.Location: index.py:107Encoded Value:
eyJvcyI6IldpbmRvd3MiLCJicm93c2VyIjoiQ2hyb21lIiwiZGV2aWNlIjoiIiwic3lzdGVtX2xvY2FsZSI6ImVuLVVTIiwiaGFzX2NsaWVudF9tb2RzIjpmYWxzZSwiYnJvd3Nlcl91c2VyX2FnZW50IjoiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzEzMy4wLjAuMCBTYWZhcmkvNTM3LjM2IiwiYnJvd3Nlcl92ZXJzaW9uIjoiMTMzLjAuMC4wIiwib3NfdmVyc2lvbiI6IjEwIiwicmVmZXJyZXIiOiIiLCJyZWZlcnJpbmdfZG9tYWluIjoiIiwicmVmZXJyZXJfY3VycmVudCI6IiIsInJlZmVycmluZ19kb21haW5fY3VycmVudCI6IiIsInJlbGVhc2VfY2hhbm5lbCI6InN0YWJsZSIsImNsaWVudF9idWlsZF9udW1iZXIiOjM2Njk1NSwiY2xpZW50X2V2ZW50X3NvdXJjZSI6bnVsbH0=
Decoded JSON:
{
  "os": "Windows",
  "browser": "Chrome",
  "device": "",
  "system_locale": "en-US",
  "has_client_mods": false,
  "browser_user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36",
  "browser_version": "133.0.0.0",
  "os_version": "10",
  "referrer": "",
  "referring_domain": "",
  "referrer_current": "",
  "referring_domain_current": "",
  "release_channel": "stable",
  "client_build_number": 366955,
  "client_event_source": null
}

Dynamic Headers

authorization
string
Discord token for authentication.Location: index.py:186, 201Set Before Each Request:
self.session.headers["authorization"] = token_only
Format:
  • Token only (not with email:password prefix)
  • Extracted from token using .split(":")[-1]
x-captcha-key
string
Captcha solution from solving service.Location: index.py:202Set When Captcha Detected:
self.client.headers.update({
    "x-captcha-key": solution
})
x-captcha-rqtoken
string
Captcha request token from Discord challenge.Location: index.py:203Set When Captcha Detected:
self.client.headers.update({
    "x-captcha-rqtoken": response.json()['captcha_rqtoken']
})

Authentication

Token Format

Location: index.py:183-184 
token_only = token.split(":")[-1]
masked_token = f"{token_only.split('.')[0]}.*****"
  • Tokens may be in email:password:token or token format
  • Only the token part (after last :) is used
  • Tokens are masked in logs for security

Token Authorization

Location: index.py:186 
self.session.headers["authorization"] = token_only
  • Set in the authorization header
  • Updated before each join request
  • Not prefixed with “Bot” or “Bearer”

Response Handling

Response handling is implemented in _handle_response() method (index.py:138-179).

HTTP Status Codes

200 OK
response
Successfully joined the server.Location: index.py:145-149Actions:
  • Log success message
  • Append token to output/joined.txt
  • Increment stats.joined counter
Example:
if response.status_code == 200:
    NovaLogger.win("Successfully Joined Server", token=masked_token, thread=self.thread_number)
    self._append_to_file("joined.txt", token)
    self.stats.joined += 1
401 Unauthorized
response
Invalid or unauthorized token.Location: index.py:151-156Actions:
  • Log failure message
  • Append token to output/invalid.txt
  • Remove token from tokens list
  • Increment stats.invalid counter
Example:
if response.status_code == 401:
    NovaLogger.fail("Invalid Token", token=masked_token, thread=self.thread_number)
    self._append_to_file("invalid.txt", token)
    token_manager.remove_token(token)
    self.stats.invalid += 1
403 Forbidden
response
Token is locked or banned.Location: index.py:158-163Actions:
  • Log locked message
  • Append token to output/locked.txt
  • Remove token from tokens list
  • Increment stats.locked counter
Example:
if response.status_code == 403:
    NovaLogger.fail("Locked Token", token=masked_token, thread=self.thread_number)
    self._append_to_file("locked.txt", token)
    token_manager.remove_token(token)
    self.stats.locked += 1
429 Too Many Requests
response
Rate limited by Discord.Location: index.py:141-143Actions:
  • Log rate limit message
  • No file output
  • Token remains in rotation
Example:
if response.status_code == 429:
    NovaLogger.fail("Rate Limited", token=masked_token, thread=self.thread_number)
    return

Response Body Checks

captcha_sitekey
response-field
Indicates captcha challenge is required.Location: index.py:189Check:
if "captcha_sitekey" in response.text and self.config.captcha["solve_captcha"]:
Actions:
  • Log captcha detection
  • Append token to output/captcha.txt
  • Increment stats.captcha counter
  • Initiate captcha solving flow
captcha_rqdata
response-field
Captcha challenge data for solving.Location: index.py:195Usage:
solution = self._handle_captcha(
    response.json()['captcha_rqdata'],
    response.json()['captcha_rqtoken']
)
captcha_rqtoken
response-field
Captcha request token for validation.Location: index.py:196, 203Usage:
self.client.headers.update({
    "x-captcha-rqtoken": response.json()['captcha_rqtoken']
})
captcha_key
response-field
Indicates captcha solution was invalid.Location: index.py:171-175Actions:
  • Log solver failure
  • Append token to output/failed_captcha.txt
  • Increment stats.failed counter
Unknown Message
response-field
Indicates token-related issue.Location: index.py:165-169Actions:
  • Log token issue
  • Append token to output/failed_token.txt
  • Increment stats.failed counter

Captcha Integration

Captcha solving is handled by the Solver class from data/solver.py.

Captcha Detection Flow

Location: index.py:189-210
  1. Check if response contains "captcha_sitekey"
  2. Extract captcha_rqdata and captcha_rqtoken from response
  3. Call appropriate solver based on config
  4. Update headers with solution
  5. Retry join request with captcha headers

Supported Captcha Solvers

razorcap
solver
RazorCap API integration.Location: solver.py:55-89Endpoint: https://api.razorcap.xyz/Timeout: 120 seconds
hcoptcha
solver
HCOptcha API integration.Location: solver.py:127-164Endpoint: https://api.hcoptcha.com/api/
csolver
solver
CSolver API integration.Location: solver.py:33-53Endpoint: https://api.csolver.xyz/solveHardcoded API Key: 71144850f4fb4cc55fc0ee6935badddf
capmonster
solver
CapMonster Cloud integration.Location: solver.py:203-239Endpoint: https://api.capmonster.cloud/

Error Handling

Session Creation Retry

Location: index.py:76-80 
def _get_session(self):
    try:
        return request.Session(impersonate="chrome"), request.Session(impersonate="chrome")
    except Exception:
        return self._get_session()
  • Infinite retry on session creation failure
  • Uses recursion to retry

Join Request Error Handling

Location: index.py:213-217 
except Exception as e:
    NovaLogger.fail("Error", error=e, thread=self.thread_number)
finally:
    self.session.close()
    self.client.close()
  • Catches all exceptions during join
  • Logs error with thread number
  • Always closes sessions in finally block

Session Cleanup

Location: index.py:216-221 
finally:
    self.session.close()
    self.client.close()
    
    if self.config.delay > 0:
        NovaLogger.note(f"Sleeping for {self.config.delay} seconds")
        time.sleep(self.config.delay)
  • Sessions always closed after each join attempt
  • Delay applied after cleanup if configured
  • New joiner instance created for each token