API is Application Programming Interface, a way a developer can communicate with the application. For example, you could send a POST request to a Twitter API to post a tweet, and it would do it. There are also GET, PUT, PATCH and DELETE HTTP methods.
1 Like
I’d love to see this expanded to all assets!
This would enable me to automate uploading plugins and modules via GitHub Actions without risking using my ROBLOSECURITY cookie (obviously Rojo would need to support API keys too to allow this to happen).
In addition to this, I’d like to see the ability to assign an API key to a single (or group of) assets. This would allow me to create an API key for a single plugin (for example), and should it accidentally get leaked, would protect other projects.
Finally, in relation to automating uploads via GitHub; it’d be nice to have™️ an option to select GitHub’s IP addresses from the API key creation page, in order to save time looking up possible IP addresses that GitHub might use.
3 Likes
With the introduction of formalized API keys (rather than cookies), are there plans to enroll Roblox into Github’s Secret Scanning Program, to automatically invalidate leaked tokens?
Given the age demographic, there are many inexperienced developers who fail to use environmental variables or do not employ .gitignore files- I’ve personally invalidated a few hundred public .ROBLOSECURITY cookies throughout the year periodically sweeping GitHub.
3 Likes
This is long needed! From what I understand… no more making bot accounts for games! This. is. incredible.
Also, I feel I might be wrong… So please correct me!
This would be incredible… Just incredible! You can also make tons of cool stuff, like automatically ranking up a user if done in-game (although ranking someone in-game on it’s own would be dumb, it’s an example!)
Roblox is growing rapidly! Honestly, Roblox does a lot of bad things and nobody recognizes the good things. If this is added, developers will have more options for everything you said without using something that is possibly untrusted, like Noblox.js
Exactly what I was thinking… Fingers crossed!
I think the API keys need your local IP address, something like 192.000.0.0. I don’t think they will work with your public IP address.
So this is basically like oAuth2, right?
I would suggest to use Auth ID for Auth instead of IP it seem danger to giving someone IP
Your local IP is only relevant for your local network. You need to supply the public IP address.
1 Like
Small (and late!) correction here: rbx_dom_lua is not an implementation of any file format and essentially only provides a minimal API to:
- read Instance properties as plain data;
- write plain data to Instance properties.
There do exist implementations of the Roblox file formats in Lua, but I can’t recall at the moment where they are, if they’re maintained, or if they even work at all anymore! It’s definitely not the sort of work one would like to do with Lua 
1 Like
Will this allow better version control? We are crying for it.
I love this it’s works so well I didn’t expect it to do so good and my game is way harder for people to steal and such that you so much roblox
Speaking of automation, I have a way too many users utilizing a library that I’ve made for this purpose. This is a heavy-weighted ask but, could we get a proper API to authenticate to?
A lot of users, well over the thousands, have been utilizing various libraries like mine and have been leaking cookies in the process. I want to give my users a better authentication method but, I simply can’t because Roblox doesn’t provide it.
Ideally though, generating a token that serves as an application rather than account would protect malicious behavior imo and would benefit both parties. Discord, Slack, etc all follow this paradigm.
Plus, on the bright side, it gives third-party enthusiasts some level of hope.
Edit: Another idea that would be nice is to open up the datastore API so that datastores can be accessed outside of the Roblox platform. API key to authenticate, have permissions tied to said key (read, write, both), reference a table and then, do what you want. It would be so powerful and I’d 100% switch to using datastores.
Database hosting on its own is a pain. What Roblox provides for free is fantastic. I just need more versatility. That plus, being able to delete tables. I have way too many tables in one of my test places.
5 Likes
Is there a limit on the file size of a place we can publish with this API? Tried multiple times to publish a 36 MB place file but keep getting a 504 response. It does work when I try to publish an empty baseplate though.
The size limit is currently 4MB, see Open Cloud - Publishing Your Places with API Keys is Now Live! - #94 by pizza_shadows
The size limit is 4MB currently. We’re working to increase it.
Is there an ETA on this and what the increased size limit would be? Would love to get to using this in current projects!
1 Like
A very nice addition would be DataStore and MemoryStore endpoints, and webhooks that we can use in order to publish seemless events to a central server, say an EC2 instance from AWS, without doing long-polling and wasting potential resources (requests limit, bandwidth, etc…). Teleporting users from a place to other, making sure that they’re online, using a VPS, would also be cool, without having to resort to multiple HTTPS requests. Some of these visions may seem hard, but they will be a pretty cool addition to roblox, in making matchmaking more accessible. I’m very hyped in seeing more endpoints coming to roblox!
1 Like
Very excited to use this, especially the DataStore API. If we can read and write to DataStores from outside roblox, it opens up so many possibilities for new projects and ideas.
1 Like