Announcing Datastore APIs for Open Cloud

I am currently using the datastore api to allow users to send messages in-experience from on my website, however currently I can’t do this without some hacky solution since I am unable to filter the messages that I am putting into my datastore.

Then how do I restrict an API key to only some of my data stores? For example, external services that only manage a certain data store.

Perhaps scopes was the wrong word to use. I’m not very familiar with data stores, sorry.

API keys can already be restricted to only specific operations for specific datastores.
For example, say you have a datastore named “player_datastore” and you want to allow only Get and Set entries but not Delete to this particular datastore. This can be done already now.

Our tutorials explain how to do this.

1 Like

There should be API that returns both the entry key and the value. It’s otherwise really inconvenient to get all the keys first, then run a separate request for every single key.

Has anyone else tested the throttling limits?
I was trying to load some data into Roblox that I would previously have to manually (only like 40mb worth) (Yeah I know I can just use smaller chunks but I am curious what’s causing the issue.
and was trying to do it in 4mb chunks as 4mb should be able to fit in a datastore key according to the documentation here, however I seem to not be able to send data over 1mb even though datastores can obviously store more than that.
Perhaps there is an additional limit to setting an entry that the documentation hasn’t stated?

Thanks for reporting the issue, we will look into this issue. We added write throughput based throttling in opencloud datastores. The limit is 10MB per min, writing keys over 1MB should work. We will look investigate.

1 Like

It would perhaps make sense for the errors to be specific as to what throttling limit is being broken.
Though admittedly this would make it easier for people to do things right at the limits of the throttling which you presumably don’t want everyone doing.

But yeah I’ve tried waiting half an hour then sending a 2MB chunk, and still fails.
There definitely seems to be some kind of limit at 1MB.

1 Like

RoVer uses Discord to verify. This means if just your Discord gets compromised they can take innapropiate behaviour through your Discord account on-to Roblox without having direct access to even your Roblox account. It’s not a proper verification & leaves vulnerabilities. Even making your own system for the service can be very vulnerable & if it becomes a problem I can imagine Roblox trying to take it down or block requests from the service to make sure it’s users are safe(For someone like Boatbomber they would probably take contact first). Again this gives no direct access to the Roblox accounts but through the service & in the games their activity is displayed just the same to others.
OAuth2 is fast & secure, as well a industry standard. I can’t imagine it’s too far into the future either.

2 Likes

Great update! This will cut down on the necessity for external databases for a lot of games where outside modification is required.

Are there any plans to introduce OpenCloud APIs for MemoryStore? Having those would allow me to easily control real-time events (such as universe-wide commands, trading, etc) externally. You can somewhat accomplish this with Datastores or HTTPService, though it’s rather clunky, and I feel MemoryStore is a lot more geared to something like that. Cheers!

6 Likes

This is actually fine; you should filter the text at the time it gets displayed, not when it gets stored. This is because Roblox could change the way text filtering works at any time, and you need the text in your game to be compliant with the current version of the text filter, not a previous (potentially outdated) version of it.

However, this becomes an issue when I later retrieve this data from outside a Roblox server, as the information is not filtered.

However, this is impossible to comply with since text filtering requires at least the player who sent the message to be in-game.

Great update, it will be useful for data erasure requests in my case.
However, I see that we can only access GlobalDataStore class, and not OrderedDataStore. Will that be implemented in the future ?

4 Likes

Sorry if this is the wrong place! I’m not sure if this is just me but the API seems to be giving me a 404 error.

image

I only started having this problem today. Was working fine yesterday.

Hi! What endpoint are you hitting? Not sure if its just the picture but after the universeId in the url you should have the continuation of the endpoint url. ie: for list datastores there would be /standard-datastores after it

The list of endpoints can be found here : Open Cloud: Data Store API Reference

My bad with the first image!

The second image is the one from my program using the proper endpoint url.

The endpoint I am using is https://apis.roblox.com/datastores/v1/1141258827/standard-datastores/datastore/entries/entry

Welp. Looks like we now have to start encrypting important data if we want to risk someone getting their hands an API key.

The url contains /universes before the universeId.

Try this url https://apis.roblox.com/datastores/v1/universes/1141258827/standard-datastores/datastore/entries/entry and see if that works :smiley:

1 Like

API keys can only be created by the owner of the experience, unless you are using this feature, no extra security should be needed.

Yes, but it never hurts to take extra measures in case one gets leaked. At least if you work on a team that is.

As of currently only the place/ group owner can create API keys and in-fact new permissions were added to groups to allow people to create them, however as of currently no other team member can create API keys, so this shouldn’t be an issue.

If you don’t create one, then it can’t be leaked. I don’t understand why you are annoyed by this update despite the fact that it impacts 0 bit on previous experiences.