We are excited to announce an improvement on Open Cloud security: API keys that are unused for more than 60 days will automatically expire starting Jan 5, 2022. In addition, you can now see detailed status of your API keys on the Creator Dashboard.
Open Cloud allows you to build tools and applications that can securely access your resources in Roblox cloud, such as places and player data, through standard web APIs. In the long term, we strive to empower a thriving application ecosystem that helps maximize your productivity. To begin with, we launched API keys so that you can configure granular permissions needed for your tools, similar to setting up a badge to enter an office building and corresponding rooms.
API keys are a convenient way to create the credentials you need. However, sometimes you may generate a key for temporary usage and then forget about it. When a bad actor steals the key, they can still use it to access your resources.
To mitigate this risk, we now monitor the usage of your keys and if there is no activity, including sending API requests and any edits, for more than 60 days, the system will automatically expire the key. Once it’s expired, a bad actor won’t be able to access any of your resources anymore. If you want to use the key again, you can simply make an update to the key or toggle the enable/disable button on the API key edit page.
In addition, you can now see the detailed status of your keys. If the key is ready to use, the status will be “Active”. Otherwise, the UI will show reasons for the key to be inactive, such as “Expired”, “Disabled”, etc. A tooltip will show more explanations for each status when you hover. You may need to take multiple actions to reactivate your key.
We hope you enjoy this update! Check out the “API Key Status” section in our documentation to learn more. As always, please don’t hesitate to leave any feedback so that we can keep improving.
The Roblox Creator Services Team