Can I use API keys for this?

Hey there everyone!

I am working on a forum dedicated to Roblox development and I have quite a particular question that I can’t seem to find the answer for in regarding API keys.

My issue here is simple: Roblox doesn’t have any public authentication API that I can us. I’m just a mere user of the site and no where near anyone in the Roblox corp that could grant me access to the API so I have to resort to going through very hacky ways in order to make sure that I avoid impersonations on the site.

So what I want to do is to have users start the verification process over on Discord (which is mandatory to join for initial screening) and through a verification command join a game where they’ll confirm their identity. Then through HTML requests, the server sends information to Discourse and updates their username to whatever username they have on Roblox and update their trust level to reflect that they are verified.

I do know that there’s an update endpoint but it only shows “username” in the allowed urls so I am asking, if there’s possible for us to update trust levels through the update API? If not, would alternatively granting a verified badge work instead?

What I’d do is have a plugin use a custom user field that would validate the membership when the custom field was saved. Having to verify both Discord and Roblox seems superfluous.

You might, for example, generate a random number and have them add it to their profile on Discord or Roblox and then have a before_save validate that their remote profile had the key in it.

Yes, that is possible. It’s a PUT to /admin/users/${user.id}/trust_level passing the parameter level with the number of the trust level you want.

You can learn all the API can do at How to reverse engineer the Discourse API