Add an Open Cloud API credentials "introspect" endpoint

As a Roblox developer, it is currently too hard to introspect Open Cloud API credentials that do not go through the OAuth 2.0 flow.

There exists an introspect endpoint for OAuth 2.0 tokens, but there is no equivalent for Open Cloud API credentials. In the current state, automation tools need to work off blind trust that everything is configured properly, or require the maintenance of a Roblox user’s auth session to stay alive.

Currently, you must pass a cookie authenticated POST request to, and or GET<apiKey>; but this workflow is not friendly to server based deployment environments.

The OAuth 2.0 /v1/token/introspect is useful for debugging, and removes the need to navigate to the creator dashboard to verify you have the correct CIDR or scope provided; this should be extended to normal Open Cloud API keys.

As a use-case; this could act as a “health check” for the remote environment to ensure an API token is valid, and has all required scopes before starting it’s process. For example, the use-case of an open-source deployment tool where new users may improperly configure their API credential- the introspect allows the application to validate the settings for them and notify the user what needs to be added/removed.


Can you explain more about a specific scenario where you hit this issue last? (specifically where you had to introspect an API key you created from the server)