So I have an API endpoint that connects Roblox to an external database, but Roblox is the only thing that would ever have to use the API. I don’t want any random servers accessing my API and modifying data. Are there certain Roblox server IPs that you can whitelist, or any other way to check if it’s a valid Roblox server making the request?
You could store a key on the server-side of your roblox game that is sent with the request to verify it is from your roblox server.
Thanks for the suggestion. I’m actually doing that currently. I have a 50 character string of random letters and numbers used as a key, but I wasn’t sure if that would be the most secure way of going about it. That was another one of my questions.
I’m 100% not an expert on external databases, but if this key is stored on the server-side of your roblox game and NEVER sent to the client for any reason, then it is 100% secure.
The only possible breach to this is if someone has developer access to your game, and they leak the key.
Okay. That’s what I was thinking too. I’ll just make sure that nobody gets access to the game unless trusted, and then hide the key if for some reason I had to have someone I didn’t fully trust with editing access, although that would be kind of weird if I had someone I didn’t trust as a developer. Thanks for the info.
No worries, best of luck with your database!
You could just whitelist place ID’s as another solution.