Roblox API integration
Guardyn provides a custom HTTP API rather than built-in Button or Command installers. Keep all HTTP requests and the Guardyn API key in a server Script. A studio may build its own interface or use a community template published through Guardyn Resources.
The same endpoint supports two collection patterns. A studio can send a specific reported chat or in-game message with optional surrounding context, or send the reporter's own written description as one text value without context. Guardyn stores what the studio submits; it does not collect additional conversation data itself.
Required rules
- Never call Guardyn directly from a LocalScript.
- Store the key as a Roblox Secret restricted to
api.guardyn.xyz. - Use only the
x-api-keyandcontent-typeheaders. - Filter all user-generated text appropriately before sending it to Guardyn.
- Use
Player.User.Idfor persistence and transmission within the current game. - Always include the Guardyn game ID.
- Generate one stable
client_report_idper user submission and reuse it on retries. - Force context participants to
Redacted. - Prompt the player to use Roblox Report Abuse after Guardyn accepts the report.
- Use POST for restriction checks and fail open on timeout or server error.
Minimal server request helper
local HttpService = game:GetService("HttpService")
local function post(path, body)
return HttpService:RequestAsync({
Url = "https://api.guardyn.xyz" .. path,
Method = "POST",
Headers = {
["content-type"] = "application/json",
["x-api-key"] = HttpService:GetSecret("GUARDYN_API_KEY"),
},
Body = HttpService:JSONEncode(body),
})
end
Validate every value again in the server Script because clients can invoke RemoteEvents with arbitrary data.