Securing HttpService

HttpService is the way to send data from your game to a website to be stored. My biggest question is how do I secure this data. Of course all this data is on a ServerScript, so hackers shouldn’t be able to see data be sent, but in the off chance of an exploiter/hacker finding this website, can’t they just :PostAsync() to it to? And if so how do I stop this? Is there some kind of key I can send over to my website to stop this? Because I really don’t want my data to be corrupted or altered. Thank you!

1 Like

If they find the website they can prob find the key.

Roblox is making the new Secret item thing for issues like this, but for now you can just use a code.

Using a secret API key for your website would be the way to go.
When your website receives requests, if a request has the correct key, let them do their thing, if they don’t, then return a 400 (Bad Request).

make an authentication token only the server and the website knows
otherwise just return a 401 not authorized
liek if youre handling the code with express for example:

app.get("/", (req, res) => {
    if (["key"] == "woah a cool secret key that only you and the server know") {
        return res.send(200)
    } else {
        return res.send(401)

lol my code is probably inaccurate but u get the idea