So i want a way of making it so i can verify that a roblox player is in a discord server.
I don’t even know where to start
I’ve seen people do Roblox → Discord (such as Bedwars where you input a code from the game into the discord server)
But also Discord → Roblox (haikyuu legends where you generate a code from discord and paste it onto roblox)
Which is the best way of approaching this and how would I go about doing this?
You should not do this kind of cross-platform verification because it exposes your users to privacy risks. Roblox is responsible for protecting its users privacy, Discord is responsible for its users privacy, but nobody is required to think about -and thus isn’t thinking about- the privacy interactions between the two. There are very serious consequences for making users cross-identifiable between Discord and Roblox. The existence of your system also opens up opportunities for malicious actors to create a similar-looking system that is actually just malicious on its own, using the existence of your verification system as camoflauge. You do not want to be responsible for any of this.
I don’t see any fundamental issues with this, front page games commonly introduce this feature with other platforms as well
Plus what “privacy risks” actually exist, id assume the general basis is
People do implement this feature, it is legal to do it, it may be allowed under current Roblox TOS, it may also be allowed under current Discord TOS, but it is a bad idea and you shouldn’t do it. You don’t know what you don’t know and this is serious “there are unknowns” territory. You are creating your own service that is outside of either platforms TOS:
Any mistake you make that causes a security risk will be your legal responsibility.
There are extremely smart and well paid people whose job it is to ensure the safety of this kind of identification system, and that’s not you. Do not do this.
Whether im capable or not i dont see the “security” issues, could you provide some?
as i stated the only off platform communication is to type /code 
Nothing malicious there
just use bloxlink, save yourself the headache
Not after that, i want to reward the player for being in the server. incentivise it, therefore i need to check if they are actually in the server from roblox. bloxlink verifies you’re in the server under x user.
how about entering a code that can only be found in said discord?
but then they wouldnt really need to be in the server, they could easily look it up. rather giving a unique code to each player instead would counter that.
If you want to have a one-time code to enter the server that’s perfectly fine and doesn’t have the issues im describing. What I’m talking about is associating one specific roblox account with one specific discord account. I have a few examples:
I used to play Eclipsis which required this kind of association to enter the server. Because usernames in the server and usernames in Roblox are directly correlated, people would DM me on discord to harass me if the game didn’t go their way. Discord is also very prone to scraping chat messages if you are in the same server as your target. Blocking discord users also does not stop them from reading your messages. Roblox has much stricter controls to stop this kind of stalking, there is no general purpose way to watch what a specific user is doing, and roblox avoids situations where people are forced to be around users they are uncomfortable around.
As for bloxlink, I still think the overall idea is bad, but bloxlink are the ones bearing the responsibility in that case so its less risky in terms of liability.
Yeah im not after that i just want the player to enter a code from the discord to the game. would you know any optimal methods or databases?
The simple way is to generate a code which you then use http to add to a list of valid codes in your discord server. The code can be any random number, preferably they expire so the list of codes doesn’t just grow forever. I don’t know the specifics of building discord bots, but thats all the basic steps.
Note the important missing steps: your api must only accept new codes being added from an authorized source, such as your roblox games, not from any random person who knows the URL. In this case the consequences of this happening anyway are low. However, if you create associations between two platforms, the consequences are that one discord user can impersonate a specific roblox user; thats really bad, thus the above warnings.
you say “list” id assume that’d be a database. Do you know any database services that are good for this type of requirement
Yes, you would need somewhere to store the keys and add them via something like a PUT request.
Most API require you to have a Key to use it anyway.
Actually, theres an easier way. Just have the code be based on the current time. This is how things like OATH work. There is a secret key that both your Roblox and Discord sides share. The code is then generated based on that key and the current time. Thus, the two sides come up with a matching key that changes every so often. See here for the full explanation.
Someone without the secret key cannot generate a code, even though they know the current time. The upcoming codes also can’t be guessed. This won’t make it so every player needs a unique key, though, so don’t use it to give out one-time rewards.
So essentially player generates a code from discord that lasts like 5 minutes in the database. Roblox inputs that code and checks if the code still exists
In the TOTP scheme they only need to share a secret, the two sides never need to communicate with eachother, other than the player entering the code.
wdym by that, could you give an example on how the player would verify they’re in the server?
Regardless of which direction, each side has a code that changes say every 5 minutes. Both sides are following the same sequence of codes, so as long as you got a code from one side recently, you can enter it on the other.