Authentication and limits
Base URL:
https://api.guardyn.xyz
Send the complete workspace API key in the x-api-key header:
x-api-key: gdn_live_REDACTED
content-type: application/json
Roblox requires the header value to be a Secret. Guardyn also accepts Authorization: Bearer and x-guardyn-key for non-Roblox server integrations, but x-api-key is the supported Roblox form.
Key lifecycle
- The complete key is returned once at creation.
- Guardyn stores a keyed hash and a short display prefix.
- Revocation is immediate.
- A workspace may have more than one active key during rotation.
- Create the replacement, update the Roblox Secret, verify traffic on the new key, then revoke the old key.
Limits
- 600 authenticated API requests per key per minute.
- 30 invalid-key attempts per source IP hash per minute.
- Report bodies: 128 KiB maximum.
- Restriction-check bodies: 16 KiB maximum.
- Report text and each context message: 1,000 characters maximum.
- Context: four messages maximum.
Plan report allowances are counted per workspace from the start of each UTC calendar month.