Is there any safe key or password from a game inaccessible for anyone else than the owner?

I don’t know if I was clear with the title, but basically I want to know if there is any kind of function, property, value or something that can be accessed from a game and that is unique, unchangable and inaccessible for any other user in the platform (even using apis or something idk). I need this because im working on a project in glitch.com and I need to send and get information from my app. In order to do this, I was thinking of using a password or some type of key that both game and app would have to avoid anyone can access and even make changes in my app. I was first thinking of using the GameId (or universeId) as the key, but then I quickly realised anyone can easily get it using the Roblox universes api.

You may think I should use any safe password that is only accessible from game server, but even I know server should be safe for this, I’ve heard rumours and seen images of expoiters accessing to server info and even copying games with server scripts included. I know I’m being paranoid, but I wanna take as little risk as possible. Also, with all this stuff of Roblox leaking data and maintenance shutdowns, I feel insecure.

Anyways, thanks for reading and all help is appreciated.

3 Likes

Roblox doesn’t have support for secret keys yet. It’s been a long requested feature, but for now the best way to do it is by storing it on the server

2 Likes

Maybe JobId? But I’m unsure of whether it can be accessed via API or not

make a group and set who you need to join there and make the game enable just for who in the group

It’s completely ridiculous how I’m forced to store my API keys in plain text in a script. Horrible security practice. Roblox needs to implement a feature for this

1 Like

It is accessible from API and I need a key unique for all the game, not only for a single server.

I found a potential solution: I can use game Data Store to save the key value. When I need to access the key in game, I can use GlobalDataStore:GetAsync() and no one would be able to figure out what is that key unless they develop for the game, and I can just simply copy the key to the glitch.com app and save it in a .env file. What I don’t know yet is if someone could access my in-game Data Store using any kind of API, but I don’t think so (if someone knows, please let me know). I will try with this solution and if it works, I’ll mark this publication as the solution.
Thanks to everyone for your help!

There is no publicly available API to access Datastore information for any game. However, I would advise against using such a technique as if the Datastore service has an outage, you would be unable to access your data.

To be clear, information included on the server is NOT accessible by exploiters whatsoever. Objects in ServerScriptService and ServerStorage are never replicated to the client which means having such data leaked is very unlikely. The only case in which someone could get access to the source code of a game is if another developer leaks that information or if your game has a backdoor.

So long as you haven’t accidentally added a backdoor and nobody with access to the game leaks information, the data you put into your server scripts is safe. Just be careful about storing secrets within ModuleScripts since those CAN be accessed if they’re replicated to the client (such as in ReplicatedStorage).

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.