We can finally read and take use of the description!? I know this is the weirdest part of it all to be excited about, but I’ve so badly wanted to use rank descriptions to hold additional settings that my game can take use of. Sounds like I’ll finally be able to do that now!

I would have expected a way to automatically rank the players in the group but apparently this system is not ready yet.

Also what roblox added about group api is a bit useless nothing that you can already do with Groups API , Really disappointing

And at this point we will continue to use Groups API even if it is not designed to do so, what has been done up to now is not very useful for what the groups really needs

Also what is more disappoint is that in the roadmap they announced this:

and this update of the group API, if there aren’t any others, I don’t think it’s really the right way to manage your group in another way

While I am glad the APIs are moving forward… but the group APIs are really underwhelming. For a couple of groups I am part of, we really needed the ability to write to the group (i.e. group roles) to use this for anything. I see that it is stated that updating will be done in the future, which doesn’t give me confidence it will be any time soon considering how long we have waited only to get read APIs.

Can rate limits be clearly identified on this page? I usually end up just trial and erroring the API or finding old announcement posts for that open cloud api just because of how hidden the rate limits appear to be on the documentation site.

A bit underwhelming if anything. I don’t have much to say really. Don’t know too many uses for these.

Hopefully the group write APIs are done soon. I’ve needed a way to automatically rank-up users for a while now (to prevent group abuse that Roblox still has not properly addressed) but there’s still no way to do this that does not require me to host a bot with my personal account using my own cookies.

The read APIs are nice and are a good step forward, but I hope the staff behind this understand that write APIs for groups are important as well (and for some people, far more important).

Wild idea, perhaps read the full announcement post before commenting? They explicitly elaborated on this:

Cannot wait! Thanks for the updates on these new Open Cloud APIs!

This update makes it easier for programmers to access data on the platform, increases the reliability of obtaining this data and reduces the rate limits for accessing this data. As someone who has played around with apis, this will help to make the platform into a more robust ecosystem. Thanks Roblox!

In case anyone is interested, I have added both the Inventory and Groups APIs to my typescript opencloud wrapper (openblox).

My wrapper is fully typesafe and makes using these 2 APIs easy.

Docs

Openblox Cloud Inventory API Docs
Openblox Cloud Groups API Docs

Inventory Example

This example gets a maximum of 3 pages of items from a users inventory (where each page contains no more than 100 items) using an oauth access token.

import { InventoryApi } from "openblox/apis/cloud";
import { Override, Paginate } from "openblox/interfaces";

const Main = async () => {

  const inventoryItemsForUser_paginatedWithOauthAccessToken = Paginate(Override(InventoryApi.inventoryItemsForUser, { oauthToken: "put oauth access token here" }))

  const allInventoryItems = []
  let [ currentPage, maxPages ] = [ 0, 3 ]
  
  for await (const { data:inventoryItems } of inventoryItemsForUser_paginatedWithOauthAccessToken(45348281, 100, {
    privateServers: true,
    gamePasses: true
  })) {
    currentPage++
    allInventoryItems.push(...inventoryItems)
    if (currentPage == maxPages) break
  }

  console.log(allInventoryItems)
};

Main()

I expected the new update to give us the ability to actually manage our groups and not just read information

we want to allow players to join groups from in game and for our games to have the capability to accept members, rank members, etc from within game

And I still can’t auto rank users? Lame, wouldn’t of been as annoying if your login ip change a year ago wouldnt of broken my node js server

This is great. I’m still looking for the following:

• An API that allows us to rank users without a cookie.
• An API that allows us download a place file. Would be useful for CI/CD.

This is perhaps not your area, but is there any ETA on us being able to upload models through Open Cloud endpoints? It’s been weird to have to rely upon legacy API and using cookies to upload models, to say nothing of the security.

I see the new APIs have a clearer definition of the cursors (named tokens here) with some actual guarantees in place. Will the Data Stores listing APIs get the same guarantees at some point? It currently is a bit unclear and explicitly tells the format is not defined.

During tests where I tried to inventorize all keys of a big data store, at some point around key number 5240000 the nextPageCursor pointed to a page with keys I already had received from requests earlier, but with then different cursors.
The dataset I have inventorized does not go above ± 5240000 keys (the number of keys existing is definitely above this amount), even after running my code iterating through the nextPageCursors for a couple of consecutive days. And the nextPageCursor never returns as null/undefined/empty string.
If these are bugs with the current endpoints, I’d be happy to open an official report on the forum.

Also ooh, I see a V2 for these new APIs, can we expect datastores/messagingservice to see a V2 with a move to /cloud soon too?

Hey, messaged some staff on devforums but I don’t know if it was read but i’ll re-post it here:

Finding the UUID of the given API Key secret via Web-points

I’m implementing a method which has the purpose of getting the given API Key’s UUID when the x-api-key is present in the request headers.

I’m using this to verify whether or not a given API key is valid and usable, as if the API request response does not return the UUID of the API key, then the API key is unavailable. Also, having the API Key UUID allows easier editing when given the Roblox Account / Group Account access that hosts the API key.

I have found an alternative way to do it by having access to the api_keys’ owner’s account, and going through the convoluted method of listing all the api keys, reading the secret preview of each api key, and seeing which of those preview secrets has a match with the given key.

Currently, requests do not give the unique id of the API key when the request header is present.

(trying to get this id)

image857×154 8.58 KB

(through sample python code)

image961×416 76.5 KB

Hmm curious about how what your use case is here. Is there a reason why you want to determine if an API Key is valid? If you try to call an Open Cloud API with an invalid key, you will get an explicit error anyways:

Screen Shot 2023-09-27 at 3.54.29 PM1306×125 19.1 KB

I’ve been in the OAuth group for months now, and I love the Roblox staff in it, so helpful, every single one of you.

I do want to plug a python library that one of my friends’ made, rblx-open-cloud. If you have any feedback, or concerns, make sure you open up a Github issue about it.

I’d find it cleaner just to have one call to see if the api key is valid rather then have the actual requests error saying its not a valid api key. If you tried to do a messagingservice publish request, you’d need information on what universe the api key has access too anyways or it’ll also throw a unauthorized error if the api key is valid, or a invalid api key if the api key is invalid, two errors in one request.

Some APIs require the api key’s unique identifier;

• checking what the specific api key access permissions are
  (uuid needed, not sure if owner account access is needed)

• adding permissions to the specific api key
  (given access to owners account, you need the api uuid)

• enable and disable specific api keys

One case I can think of right now is having access to this information allows pipelines; you can have interfaces for defining and setting up API keys for automation of external api systems.

A pipeline could be such as setting up a collection of api keys to read the datastores of multiple places at once and combining the data with some transformation callback.

Another could be mass-publishing messages to all your games for a announcement system saying a new game is out.

Another is having multiple accounts with api keys for different types of uploaded assets for organization / per-employee asset separation.

And recently you can have it automate the reading of your inventory as well on multiple accounts.

Got it. So to summarize, the request here is that it would be useful to have an endpoint that takes an API Key secret and returns whether it is valid or not? Or are you also asking to return the UUID somehow? Just trying to clarify what is desired