Skip to main content

Roblox API integration

Guardyn provides a custom HTTP API rather than built-in Button or Command installers. Keep all HTTP requests and the Guardyn API key in a server Script. A studio may build its own interface or use a community template published through Guardyn Resources.

The same endpoint supports two collection patterns. A studio can send a specific reported chat or in-game message with optional surrounding context, or send the reporter's own written description as one text value without context. Guardyn stores what the studio submits; it does not collect additional conversation data itself.

Required rules

  • Never call Guardyn directly from a LocalScript.
  • Store the key as a Roblox Secret restricted to api.guardyn.xyz.
  • Use only the x-api-key and content-type headers.
  • Filter all user-generated text appropriately before sending it to Guardyn.
  • Use Player.User.Id for persistence and transmission within the current game.
  • Always include the Guardyn game ID.
  • Generate one stable client_report_id per user submission and reuse it on retries.
  • Force context participants to Redacted.
  • Prompt the player to use Roblox Report Abuse after Guardyn accepts the report.
  • Use POST for restriction checks and fail open on timeout or server error.

Minimal server request helper

local HttpService = game:GetService("HttpService")

local function post(path, body)
return HttpService:RequestAsync({
Url = "https://api.guardyn.xyz" .. path,
Method = "POST",
Headers = {
["content-type"] = "application/json",
["x-api-key"] = HttpService:GetSecret("GUARDYN_API_KEY"),
},
Body = HttpService:JSONEncode(body),
})
end

Validate every value again in the server Script because clients can invoke RemoteEvents with arbitrary data.