Open Cloud - Publishing Your Places with API Keys is Now Live!

Same thing happens to me. Just zoom out your browser.

Roblox is Improving now and make the Developers work easily to do and secured. :eyes:

2 Likes

What do I do with my API key? Is there a service or endpoint for it?

Awesome! Will this eventually support Cross-Universe DataStores?

1 Like

Does this have some sort of limit to how much data we can publish at once through this? I’m getting a 500 error when I try uploading.

It’s a rbxlx file that’s about 25MB.

ah yeah unfortunately our file size limit at this time is fairly small (4MB). we’re working on increasing the limit.

2 Likes

I hope that in the future there would be a possibility to have a API for Right to Erasure requests too! I know that I store player information in my own database to use with my own panels or external services. Therefor such an API would be extremly helpful. I suggest these endpoints:

  • A endpoint where pending Right to Erasure requests can be retrived, preferably letting you specify a game id. Each request has the user’s id.
  • Once I delete the data, I call a endpoint with the id I deleted data for and the Right to Erasure request get deleted from the endpoint above.

The gameowner should be able to toggle if the Right to Erasure api is enabled from the game settings.

1 Like

If a Roblox message api was created, you could do this.

heavy breathing intensifies

YESSSSSS

It’s finally here!

I’m so happy that Roblox is finally providing an Open Could for our API Keys.

1 Like

Damn! This is really exciting for third party development tools! Really looking forwards to see some tutorials come out as I am myself have my head spinning from API keys! Oh god I already feel the warning coming… Ay, when you make your screen small it does work for me though! Might be a patch!

I’m not completely sure what this means, but it looks really interesting! I might want to try messing with this some time!

What is an API and why would I use one?

IP is needed to secure the API requests. You don’t want someone else to call the API(yes, you could create an enter username and password place, but like this better)

API is Application Programming Interface, a way a developer can communicate with the application. For example, you could send a POST request to a Twitter API to post a tweet, and it would do it. There are also GET, PUT, PATCH and DELETE HTTP methods.

1 Like

I’d love to see this expanded to all assets!

This would enable me to automate uploading plugins and modules via GitHub Actions without risking using my ROBLOSECURITY cookie (obviously Rojo would need to support API keys too to allow this to happen).

In addition to this, I’d like to see the ability to assign an API key to a single (or group of) assets. This would allow me to create an API key for a single plugin (for example), and should it accidentally get leaked, would protect other projects.

Finally, in relation to automating uploads via GitHub; it’d be nice to have™️ an option to select GitHub’s IP addresses from the API key creation page, in order to save time looking up possible IP addresses that GitHub might use.

3 Likes

With the introduction of formalized API keys (rather than cookies), are there plans to enroll Roblox into Github’s Secret Scanning Program, to automatically invalidate leaked tokens?

Given the age demographic, there are many inexperienced developers who fail to use environmental variables or do not employ .gitignore files- I’ve personally invalidated a few hundred public .ROBLOSECURITY cookies throughout the year periodically sweeping GitHub.

3 Likes

This is long needed! From what I understand… no more making bot accounts for games! This. is. incredible.

Also, I feel I might be wrong… So please correct me!

This would be incredible… Just incredible! You can also make tons of cool stuff, like automatically ranking up a user if done in-game (although ranking someone in-game on it’s own would be dumb, it’s an example!)

Roblox is growing rapidly! Honestly, Roblox does a lot of bad things and nobody recognizes the good things. If this is added, developers will have more options for everything you said without using something that is possibly untrusted, like Noblox.js

Exactly what I was thinking… Fingers crossed!

I think the API keys need your local IP address, something like 192.000.0.0. I don’t think they will work with your public IP address.