Yeah, I use that token system for securing remotes but keep in mind exploiters can see remotes and get the token. You cannot prevent exploiting totally this way but it would prevent noobs who don’t know what they’re doing.
note: do not overcomplicate development, fighting exploiting is a lost war as we have less access: instead just secure your remotes server-side with checks etc…
The best way to think of cheating is that a cheater gets to use all of your local scripts, and they get to write their own. So while you can slow down their ability to cheat, it won’t stop them. As other have said, best to just make sure they aren’t being very obvious with their cheats to minimize the impact they can have on players that aren’t cheating.
Sanitize & validate any info coming from the client. That’s all you really can do. You can also setup some security on the client but keep in mind, they can disable local scripts.
Except if your anti cheat is located in a critical location, which removing it breaks the game.
But still, yeah, people can listen to remotes and spoof them, your better friend is to so server side checks.