Hello. So, I am making a product buying hub and whitelist system. You buy the product in the hub, and then your user ID is added to a Trello list.
My scripts are below. They are letting me buy the product, but are not making a Trello card, or sending a notification. I am using the free Trello API, found here.
This is being printed, along with all my prints up to the point where it makes the card. I have no other errors, and cannot find an issue.
-- Removed to prevent stealing now solved. Sorry.
Scripts
LocalScript inside a TextButton inside a Frame inside a ScreenGui inside StarterGui.
-- Removed to prevent stealing now solved. Sorry.
ServerScript inside ServerScriptService.
-- Removed to prevent stealing now solved. Sorry.
LocalScript inside StarterGui.
-- Removed to prevent stealing now solved. Sorry.
Inside ReplicatedStorage, I have 2 remote events:
Notification
PromptPurchaseEvent
If you need any more info, let me know. But I am really struggling and cannot find any issues. Thanks
It seems I have now found a fix! It was just something stupid that is stupid.
I had to change…
local NewCard = TrelloAPI:AddCard(player.UserId,player.Name .. " purchased the product at " .. dt:FormatUniversalTime("LLLL", "en-us") .. " UTC. \n**Note:** The player name mentioned was the user's name AT THE TIME OF PURCHASE. Their name may have been changed since, however, their user ID (the card title) always remains the same.",ListID)
…to…
local NewCard = TrelloAPI:AddCard("" .. player.UserId .. "","**" .. player.Name .. "** purchased the product at " .. dt:FormatUniversalTime("LLLL", "en-us") .. " UTC. \n\n**Note:** The player name mentioned was the user's name AT THE TIME OF PURCHASE. Their name may have been changed since, however, their user ID (the card title) always remains the same.",ListID)
I highly reccomend not to use trello for whitelisting products, it can be easily leaked. And token can be stolen aswell, so it can be abused
I agree with what he said, especially if I believe what you mean by hub, I’m guessing exploit script hub, you should be careful with that, if I am correct, considering someone could simply use a http request spy and log the http requests, and see all arguments, headers, etc passed through on the request. You would most likely have to implement an anti http request spy, not necessarily hard to made, because it is just hooking functions, and throwing in a few conditions to make sure there are no malicious arguments within the functions parameters.
And they would simply have your token to the API, but please correct me if I am wrong.
Why it needed to be like that, no idea!?