RoPIN - Verify client identity via numeric PIN



Verify client identity with RoPIN. Users can create a numeric PIN and then use it to verify their identity whenever making high-value transactions in an experience. For example, a high-value trade in a simulator game could require PIN verification to ensure that the users participating in the trade are who they say they are.

Video Example


Developers can integrate the RoPIN API into their experiences. They can create a custom UI for verification and allow users to create their own numeric PINs which can then be used in the future to verify their identity during high-value transactions. A client can send a verification request to the server which can verify their identity and call a callback function (such as completing the trade) if verification is successful.


All PIN information is held securely on the server and persists between sessions. Clients cannot access PIN information unless explicitly allowed by the experience developer(s).


RoPIN only provides an API, allowing the developer to customize almost any aspect of RoPIN, including the UI, length of the PIN, callback functions, and more.


RoPIN is available for free on GitHub and the Roblox Marketplace. You can also view the documentation and API reference on GitHub.

Get it on Roblox!Get it on GitHub!

Other popular resources I've made

Would be better if you provide us with images or videos? Don’t you think? Also the image buttons don’t work.


This sounds and looks absolutely wonderful, I had my little sibling lose my 200+ Robux. This might help into situations like these!


I already like what I’m hearing about your system. Can’t wait to try it out!

1 Like

I think you should add a way for players to be able to reset their pins. Although I already know how like using the datastore editor and etc, some people may not know how to reset pins themselves. I’m talking about developers so I think you should just add a way to reset pins into your API.

Genuinely awesome idea.

Perhaps you could make it so that there’s one place to go to where you can set your pin, have that place save it to an external database, then have the places that use ropin read from the external database so that the player’s pin persists throughout all games that use ropin.

Whether you do that or not, though, this is still a good idea. Keep it up!

1 Like

Wouldn’t this kind of cancel the entire purpose of having a pin in the first place?

Realstically there is no way to “verify” ownership of the client aside from knowing the pin. If you know the pin, you are theoretically the owner of the account even if you do not own the account (say the pin was stolen.)

There’s a good reply to one of my threads about this topic that sums it up pretty accurately:

1 Like

Yeah, I guess you are right. That would defeat the purpose.

1 Like

I expected this to be another crappy “anti bot” measure that could be easily bypassed, but this is genuinely a really cool idea. Although remembering a PIN for a lot of casual games is not something I would want to do, this could still be useful for high value Robux purchases or trades. Nice job!

1 Like

As an opt-in, this acts as a really good multi-factor authentication method. Some other options to consider as well:

  1. For trading high-value items, add an “escrow” for 24-48 hours where the items aren’t yet transferred. This allows players who are compromised to get access to their account and cancel the transaction
  2. Perhaps only require the PIN when trading to people who are new to the game, have low value etc. (i.e. someone’s bot account)
  3. Don’t allow the same item to be traded multiple times within a short period
  4. Instead of just listing the items each player has (i.e. DataStore where a player has “itemA,itemB,itemC”) instead make a new datastore entry for every unique item and attach a transaction history to it so you can track the exact item that is being traded and revert it if needed without losing track.
1 Like

Gang where do u put it at? i dont know

I would suggest you not tell the users in the game, to use their account pin for such.
Could mislead and be bad if data is breached.

What do you mean? I don’t understand what you’re trying to say.

No one ever said to use the account pin. It’s simply a four digit combination, Roblox account pin doesn’t own that idea.

And security breaches is an interesting thing, these codes don’t even need to be stored cryptographically: they’re just client-side pins with extra steps (server-side saving.) A developer with the unsecured pin doesn’t allow them access to anything.

1 Like

I meant, there should be a disclaimer telling the user not to add their account pin, in ANY way.
Just to be safe.

The UI is your job to make, not the OPs job. RoPIN just provides the API for you to use for your own custom-made pin system.

The take away is that you have the ability to make the UI so you can add the disclaimer yourself.

This doesn’t seem like a very good idea to verify user-identity (Roblox PIN is already not recommended), a malicious user could simply guess the PIN after enough time and if the real-user forgets their PIN, there is no valid way for the developer to verify their identity.

1 Like

I mean there is a isVerified thing that we could check to see if the person can be trusted or not but that wouldn’t really fix all of the problems.