As a Roblox developer, it is currently too hard to introspect Open Cloud API credentials that do not go through the OAuth 2.0 flow.
There exists an introspect endpoint for OAuth 2.0 tokens, but there is no equivalent for Open Cloud API credentials. In the current state, automation tools need to work off blind trust that everything is configured properly, or require the maintenance of a Roblox user’s auth session to stay alive.
Currently, you must pass a cookie authenticated
POST request to
https://apis.roblox.com/cloud-authentication/v1/apiKeys, and or
https://apis.roblox.com/cloud-authentication/v1/apiKey/<apiKey>; but this workflow is not friendly to server based deployment environments.
The OAuth 2.0
/v1/token/introspect is useful for debugging, and removes the need to navigate to the creator dashboard to verify you have the correct CIDR or scope provided; this should be extended to normal Open Cloud API keys.
As a use-case; this could act as a “health check” for the remote environment to ensure an API token is valid, and has all required scopes before starting it’s process. For example, the use-case of an open-source deployment tool where new users may improperly configure their API credential- the introspect allows the application to validate the settings for them and notify the user what needs to be added/removed.