How to use webhooks in plugins

I’m making a plugin and wish that if an error was to happen it would send it through a webhook to my discord server. but when I do it as you would with any other script I get an error:
HTTP 400 (Bad Request) Any help and or replies would be appreciated.

1 Like

Why not just test the plugin yourself? The HttpEnabled property of HttpService needs to be on anyway. If you include webhooks in your plugin code then a malicious user will find the webhook and abuse it to get action taken against your Discord account. Don’t do this. It is also against the Discord rules to use webhooks for logging.

1 Like

I know but if roblox changes or deprecates something, it would send me a message saying there was an error. But why didn’t you also tell what you told me to the guy you responded to a while ago also with this issue? HttpService error: HTTP 400 (Bad Request)

That was from a long time ago and I didn’t really understand the question. But that was when HttpService was down for a bit.

And when Roblox deprecates or changes something they don’t instantly remove it.

Ok, but can you answer my original question? why am i getting that error?

See:

But please don’t do this. Exposing your webhook is very bad.

I’m not really worried about that, I already have stuff that protects it, so can you answer my original question?

Please read:

And what are you doing to “protect” it?

Can you just answer my original question? the way im protecting it isnt really the point here im simply asking if you know why im getting that error.

Are you able to read this?

I have, and its turned on. thats litteraly the first thing i checked

It could be how you are sending the data then. Such as not JSON-encoding the data before sending it over.

Still, don’t do this.

Its encoded https://gyazo.com/bd7966bef36d68163d4f2f016f48d094

That doesn’t actually change the Data variable, try sending over your code in a text but censoring out the webhook.

Don’t do this tho, your webhook will get abused no matter what you do to “”““protect””“” it

Don’t open source your API keys. Even if it’s obfuscated or whatever you use to “protect” it it can still be acquired by the user.

1 Like

Heres the code https://gyazo.com/9bcfd6346e92234005f5ff99050cf800 (i removed the webhook for now)

I changed code a bit and it still doesn’t work

An HTTP 400 can be quite possibly thousands of different errors, and instead of diving into what those thousands of errors are, I recommend you look over your code, reference other code that uses webhooks and gets them to send, and also make sure you aren’t attempting to send any nil values (which would result in your payload not being defined).

I also want to echo since it appears the point has not been made clear enough, anyone can access your plugin source code, and if a user has malicious intent then they can take your webhook code and spam it with requests which would result in your discord account being permanently terminated.

No matter how well encoded it is, it isn’t enough and you shouldn’t include it. Don’t risk your account safety due to your own laziness in not wanting to test your own plugin when an error is identified.

Figured it out, my string was over the max character limit.

You should just make a proxy server so that you can use the webhook on the proxy server without anyone exposing the API key and all that other stuff.

Here’s an infographic of what should happen:

2 Likes