Key registry

Live API keys with shared workspace storage, quotas, and one-time reveal.

Keys are hashed on the VPS, revealed once, and require Google Authenticator before creation. Use them from Roblox Studio through the SDK or direct HTTPS calls.

Protected registry One-time reveal HMAC hashed

Generate keys like production credentials, not disposable tokens.

Each key has a product scope, request trail, revocation path, and a one-time raw-key reveal. Storage is shared across the workspace plan, not assigned to individual keys.

Auth Docs

Signed-in owner Keys belong to the verified account workspace.

Google Authenticator 2FA must be enabled before creation unlocks.

Server-side usage Use keys from server scripts and backend workers only.

Protected keys

Create a scoped live key

Locked

Key name Product scope

Shared workspace storage

All APIs write into the same plan quota. Create keys for scopes and rotation, not separate storage buckets.

Inventory

Active live keys

Usage

Lifecycle

Generate, copy once, monitor, rotate.

2FA gate

Only secured accounts can create live keys.

Hashed storage

The raw key is never stored after the one-time reveal.

Usage tracking

Requests and storage bytes update from real API traffic.

SDK quickstart

Drop the ModuleScript into ServerScriptService.

Studio

local RobloxAPIs = require(script.RobloxAPIs)
local client = RobloxAPIs.new("rba_sk_live_...")

game.Players.PlayerAdded:Connect(function(player)
  client:ModerateJoin(player)
end)