Many times when creating, I need to communicate to a server outside of rec room for a game, whether it be a database or a discord bot. Having an API chip would unlock many potentials like, trivia games, chatgpt, multiple instance communication, or just your own database.
However with such a powerful tool it has a drawback:
DDOS attacks:
This is a major concern with dealing with APIs. When sending a request, it sends your computer’s IP address. If this IP address gets in the hands of a malicious creator he can send lots of data to your internet and fill up your bandwith…
Solution?.. A dedicated server could be a solution. (This is also another reason to switch to dedicated servers) Instead of sending the request on the player’s client it would instead open up a small dedicated server that will then send the request and then communicate back to the player, this will send it’s IP to the API instead of the players IP.
I like this solution to that security issue with direct API requests. I also made a post about API requests here before and I’m glad this feature is still in peoples minds.
Having this would open up a world of possibilities!
TOS Change: In order for this to happen rec room needs to change their TOS , because we will be sending data to other servers/databases a tos change will need to be made.
This could be a cool concept, it would be crazy to access ChatGPT or other AI APIs. Of course you would need crazy safeguards for this to be practical. You can do lots of cool things, but also do a lot of not so nice things. If it gets throttled to only support the RR API, the actual usefulness of this isn’t that high anymore. There just isn’t a good way to make sure people don’t do funny things. I suppose they can have a white list for APIs but RR also has limitations to strings and data. Cool concept, not super practical though.
Yes it does have it, but Roblox doesn’t truly care about kids and the COPPA laws and will not take true steps to lower the chances of these happening.
I’ve played Roblox before… one “game” gave people who followed the developer on Twitter (now X) extra stuff each IRL day. (Edit: If I’m not mistaken this sort of thing is already against Rec Room’s CCoC to do such a task)
The only “safe” way to access such things would be to proxy it through Rec Room’s own servers so only Rec Room’s servers can send and receive the API calls… though this would cost Rec Room money due to how many API requests would be happening from their servers.
rec.net/ban as an example and raw HTTP request headers… these as a concept visual, that isn’t exactly setting a good image for yourself, mainly the URL.
Even if it went through Rec Room’s own API services, there is nothing to stop bad people from secretly encoding the data to bypass filters.
And lastly, rate limiting alone won’t help. Many websites’ free APIs require you to pay up if you are a company, which Rec Room is, or if you want to use more API requests than just a small few per month.
Finally, you are talking to an adult who knows AND understands comptuer security.
Some API’s do require companies to pay for their API endpoints but its not rec room who is using the API for their needs, its the creator. Section 230 of the Communications Decency Act protests companies from this type of issue.
I’ll not give info on “how to” but it lies more on the tracking users’ actions. Purchases, actions, even just when they are in the room… these are not allowed to be tracked by random people.
For the API part, unless it is the individual users’ systems sending it directly, then it has to go through Rec Room’s IP addresses… Also, this can be used maliciously to have gullible people enter the login credentials for their email / etc. into a room and get them logged by a malicious user.
EDIT: You’d be surprised how tech … unsavvy … some people are.
You do realise on rec net it tells you how many players bought your room items, there is no security issue there.
Why would it be an issue for games to track what players do? Every other game in the world dose that.
As per the Rec Room’s IP addresses hacking… woulden’t roblox already be hacked by now if that could actually happen? If roblox can add it, so can rec room.
, because we will be sending data to other servers/databases a tos change will need to be made.