Open Cloud: API Key & Documentation Improvements

Hi Creators,

We are excited to announce significant improvements to Open Cloud API Key management, plus changes to the documentation.

Open Cloud API Key Management

Allow API keys access to all your experiences

Previously, creators were required to select individual experiences they wanted an API key to have access to, causing friction for those with many experiences. Now, you can allow your API Key to access all of your user-owned resources and group-owned resources for groups that you have the required permissions on.

Important Note: Be careful when granting access to all experiences. Doing this means your API Key will also have access to experiences that are created in the future. This applies to both User-owned and Group-owned experiences that you have access to.

This feature can be applied to any scope that allows for experience selection. Anytime you select an experience-targeted scope, the “Restrict by Experience” toggle will be disabled by default, allowing access to any of your experiences. Click this to restrict access to specific experiences.

530×347 19.8 KB

Toggle “Restrict by Experience” to limit permissions to specific experiences.

Updated Datastores Permissions

We also added more granular permissions that enable group members to manage your group-owned experiences’ datastores:

• Edit Data Stores for all group experiences
• Delete Data Stores for all group experiences

These can be configured via the Community management page on Creator Hub.

Other UX Improvements

We have made several improvements based on feedback you provided via surveys and focus groups. These changes have been rolled out over the past two months:

1. CIDR Selection is now optional: In the past, you were required to select a CIDR range that your API Key could be used from. This was commonly set as 0.0.0.0/0, thereby allowing access from any IP address. In order to reduce friction, we have hidden this CIDR restriction behind a toggle and allowed the key to be used from any IP by default

531×148 7.05 KB

2. Simplifying scope selection when multiple experiences are selected: Previously, you had to select individual experiences and then select which scopes you wanted to grant access for each one. Now, you can select a group of experiences and apply your selected scopes to all of them.

951×372 26.2 KB

3. Experience search: We added dynamic, search-on-keystroke functionality when searching for experiences. Search results will be updated as you type.
4. Experience “Open In New Tab” button added: Now, you no longer have to go back to the Creations tab and find your experience, you can open experience details right from the API Key page.
5. Removed unnecessary buttons: The “Add API System” and “Add Experience” buttons have been removed. Just click on the API System or Experience and it will automatically be added.

Documentation

We’ve already started to roll out ‘Try It Out’ in the Open Cloud documentation, and we also released a new Scopes docs page that lists all available scopes, the APIs they support, a description, and their target types.

960×477 50.8 KB

We heard your feedback about discoverability/consistency and have since consolidated all public endpoints into a single Swagger/OpenAPI document. This specification is open source and a single source of truth for public Roblox endpoints. It can be used to generate SDKs and leverage other OpenAPI-compatible tools to streamline your development. We are updating the current Creator Hub Open Cloud documentation to consume and render pages from this document as well, bringing the same consistency of format and discoverability to Creator Hub.

Please share any feedback with us below. Thank you!

This topic was automatically opened after 10 minutes.

Any ETA for when we are gonna be able to use the group API keys to download/export places? Right now we are forced to use https://assetdelivery.roblox.com/v2/assetId/{placeId} which only works with the account’s cookie.

Does this mean we’ll be able to use GroupAPI Key’s for MessagingService now, as per this bug?

Group API Keys do support Messaging Service, and you can now use user-owned api keys to send messages to your group’s experiences too.

I like how convenient this would make giving perms to project be whilst also allowing safety at the same time! Especially allowing the ability to pick the games within the scope of what’s allowed to be worked on by certain developers.

Mind if I ask how the progress of third party interoperability for meshes and images are going? Because being able to change mesh and image appearance and have it saved into studio without re-exporting would be both convenient in time and less waste in computer storage.

And mind if I ask about the progress of detailed Place version history? Because I like being able to tell who made most progress for pay reasons and who caused certain attacks on the project to know who must be fired for rogue behavior.

(sorry if I seem to be talking irrelevantly, I am excited for these features as someone who is fond of seeing work being done simpler and thus faster)

Oh, has it been fixed in roughly the past month? I’m glad to hear that if so! I’m gonna go test it out now, thank you for letting me know!

@appletree008 Are we sure that this is live?

Simplifying scope selection when multiple experiences are selected: Previously, you had to select individual experiences and then select which scopes you wanted to grant access for each one. Now, you can select a group of experiences and apply your selected scopes to all of them.

image3284×1414 267 KB

This would be very useful for my team, as I developed a custom workflow using Lune/Rojo/Vscode/Github to enable we the programmers to work on multiple features at the same time while being able to utilize Git’s version control service (We use lune to export assets into a .rbxmx format so they can be stored directly in the Git project and tracked). As of right now, we all use local place files to work on our features and manually publish into our designated live place when we need to test in a live test place. Having the ability to read/export places would allow us to work directly in our designated live places and give us the benefits of having a live test place.

Does anyone also have a similar workflow?

@Hooksmith Is this feature viable or are there concerns on implementing it?

Thanks for calling this out - this still only applies within the API System that you selected. So within memory-stores, you can select multiple experiences and both scopes will be applied. In the past you had to select an experience and then select both memory store scopes and then select another experience and select both memory store scopes again.

Everything you described is already doable. I am asking for exporting to be doable with the group API keys because it’s safer and unifies the entire workflow instead of needing different solutions.
My deployment workflow is like this:

1. Validate inputs - Makes sure you specified a valid place and environment

2. Install packages and build sourcemaps

3. Mantle deploy

4. Generate config files accessible by the game’s code and obtained from mantle outputs

5. Export base place - Builds a fresh .rbxl template

6. Create temporary copy - Copies source code to _Copy folder for processing

7. DarkLua minification

8. Build final place - Compiles the minified code into the final .rbxl file

9. Publish to Roblox through open cloud

You can also do https://apis.roblox.com/asset-delivery-api/v1/assetId/{placeId} using an account’s API key rather than its cookie, however there’s still no way to do it with a group key which isn’t ideal.

I assumed my response implied that I understood I could already do it with user auth, but no one on my team feels safe putting their personal account cookie even in a .env file, hence why I request a Group API key solution

To unblock yourself for now, have you considered making an alt account with access only to your group’s experiences? You can then make a user-owned key under this account that could be used to download the group’s places.

To add to this note (paraphrasing a fix to the docs we have going out shortly), in case you are trying this now - you should handle compression for the request you make to the location URL that you get back from the https://apis.roblox.com/asset-delivery-api/v1/ APIs.

If you are using cURL, you can just pass --compressed as a parameter. Otherwise, pass Accept-Encoding: gzip as a request header and check if the response needs decompressing.

Please consider supporting animation uploads through Open Cloud. This would be incredibly helpful for many beginner developers, as uploading animations isn’t currently a straightforward process and could unlock a lot of valuable use cases.

Through .rbxm or .rbxmx

Thanks for the feedback! What kind of use cases are you thinking about out of curiosity?

In my case, I’ve built an AI game builder with a growing user base that automatically retrieves pre-made animations from our database if relevant. (say 4 diverse punch/kick animations)

Most of our users are beginners who’ve just started learning Roblox development thanks to our AI application, and many of them are now genuinely enjoying the process of creating their own games. We’ve built a system to guide users through the process, but it’s not entirely straightforward. It would be much more efficient if, similar to how Sounds work, we could integrate a way to automatically upload animations.

More importantly, this could also serve in a powerful teaching platform for learning Roblox scripting.

This could work, however my main concern is just ease of use over anything else. Downloading and publishing places often go hand-in-hand so it would make sense for the keys to be handled in the same place, at least for my use case.