Currently, as of 4/8/26, there is a chance Roblox accounts arbitrarily deemed as “suspicious” will be locked. In the case of automated “service” accounts used to hold opencloud API keys, this completely breaks automation through opencloud.
Several months ago, Roblox announced they were deprecating group API keys. As a result of this, developers are expected to move their opencloud API keys into “service” user accounts.
However, there is currently a fatal flaw with this : These user accounts, explicitly used for automation with opencloud, can be randomly moderated for “suspicious” activity:
This is critically breaking. Service accounts should under no circumstances be arbitrarily moderated by an AI like this. This can take down production environments, team workflows and more.
Expected behavior
It is expected that accounts (created at the request of Roblox) used for the sole purpose of holding opencloud API keys & calling web APIs would not be arbitrarily moderated by AI and asked to upload a government ID.
This genuinely should not even be possible. Why can’t we specify an account as a “service” account which restricts it from doing things like playing games & etc, but also gives it MUCH more moderation protections and cannot be banned unless manually reviewed by a human?
Is this with account protections disabled? Roblox pretty explicitly describes the scenarios in which service accounts are utilized and allows you to turn off the protections on those cases (from a service account of my own, which is heavily utilized):
