Would the use of HttpService be safe to use in this situation?

0aronas · January 18, 2025, 9:29pm

In my upcoming game, I want to add a feature where the player receives benefits if they are following me. I have a local script in StarterGui which connects a text button click and fires a remote function to the server. This is the code from the server:

local function get(url: string): string
	return game.HttpService:GetAsync(url)
end
local function checkFollow(plr)
	local url = "https://friends.roproxy.com/v1/users/%d/followings?limit=100"
	local cursor = ""
	while cursor do
		local response = get(url:format(plr.UserId).."&cursor="..cursor)
		local data = game.HttpService:JSONDecode(response)
		for _, user in pairs(data.data) do
			if user.id == 158899144 then
				return true
			end
		end
		cursor = data.nextPageCursor 
	end
	return false 
end
checkFollowFunction.OnServerInvoke = checkFollow

This is my first time using HttpService, so when enabling it in the game settings and seeing a warning, I got concerned. Also, is the method I am using safe too? What I mean is the URL. Can it be trusted?

Can anyone let me know if I need to adjust my code?

xendatro · January 18, 2025, 9:34pm

Yes that seems like it should work, though you might have some issues with caching. I’m not really sure how Roproxy handles this internally. The URL is just a proxy host that, in essence, allows you to make HTTP requests to roblox.com, because you’re unable to directly do that from Studio. Normally, you shouldn’t trust requesting to sites that you don’t know in your game without having done much research, but in this case, RoProxy has been the face of Roblox proxies for years and can be trusted.

0aronas · January 18, 2025, 9:39pm

Hi, thank you for your reply. Are you aware of any front page games that may use Roproxy? Or are you 100% certain it can be trusted.

xendatro · January 18, 2025, 9:53pm

I cannot speak to the security of any software that I am not directly involved with, but like I said, RoProxy has been the go-to Roblox proxy for at least a few years now. That alone should hopefully speak for itself. That being said, there’s no such thing as a guarantee. Maybe the developers of RoProxy are evil and have been waiting 4 years to plot something really malicious, I don’t know. But I would bet against it.

In terms of games that use it, I am not involved with any games that are currently on the front page, but I own two games that currently use it, and at one point were front page games.

Puzzle Doors (9.8M+ visits)
Find Your Friends! (3.0M+ visits)

Considering what you’re using it for is pretty benign, I wouldn’t be too worried. There are some cases where one might use their security token to access certain requests, which I’d be more cautious of, but in your case, you’re just making a request to see a player’s followings without submitting any sensitive data.

0aronas · January 18, 2025, 9:57pm

Okay, thank you so much for the clarification

So if this is the only request I will be using in the game, I should have nothing to worry about, yes?

xendatro · January 18, 2025, 9:59pm

Yes, it should be fine. Feel free to read the RoProxy thread for more information.

0aronas · January 18, 2025, 10:01pm

Perfect, thank you. Have a good day/night!