Use Roblox APIs only with MANTLE_OPEN_CLOUD_API_KEY, remove the need for ROBLOSECURITY

[MayGo]

Is there already a way to use mantle without ROBLOSECURITY? Locally it is taken from Roblox studio. And CI still needs it.

How many mantle-s features still use ROBLOSECURITY? And how many mantles features still need to use ROBLOSECURITY as there is no Open Cloud API replacement?

Describe your problem Using ROBLOSECURITY in CI is fine. But when it gets invalid, I have to replace it in every project. Currently, I am using VPN for work, and that is in a different timezone, I have to be very careful not to open Studio or Roblox when being connected, because Roblox will see that ROBLOSECURITY used is not in the same region as when it was logged in and it invalidates that cookie.

Describe the solution you'd like

Would be nice to live without needing to use ROBLOSECURITY.

[Etheroit]

Open Cloud usage is very limited as those APIs are not directly tied to any account. You may see full list of Open Cloud endpoints at: https://create.roblox.com/docs/cloud/open-cloud/ . Open Cloud currently supports:

• Inventory - checking if user owns item / listing items [Not really useful in Mantle]
• Instances - modifying particular instances in a place (listing them. getting, updating) [Mantle uses Rojo instead and uploads whole place]
• Experience Notifications - just sending notifications [Not supported by Mantle]
• Assets - uploading, updating, retrieving assets (only work for Audio, Decals, Models and Videos) [Could be useful]
• Data Stores - interacting with DataStores [Not useful in Mantle]
• Messaging - interacting with MessagingService [Not useful in Mantle]
• Place publishing - publishing ONLY places (just the file) [Used in Mantle]

As you can see there are no Open Cloud endpoints for configuring the place / experience (including social media links), badges, gamepasses, devproducts, creating assets which are named / aliased game assets, thumbnails and so on. Therefore most of used APIs are based on standard web Roblox user-facing APIs therefore they require ROBLOSECURITY. To sum up - functions such as uploading gamepasses, badges, thumbnails, social media links, game settings are being processed just like you'd do it on web using user account - so you need a token which represents specific account which is ROBLOSECURITY.

There is currently no other way and I highly doubt that Roblox would implement all currently-existing APIs to Open Cloud.

Atm if you'd like to avoid using ROBLOSECURITY, you could (should) probably just stop using Mantle at all. Using the Place Publishing is all you can currently do only using the Open Cloud.

I would suggest to close the issue as currently there is no way to expand the Open Cloud Api Key usage in Mantle.

[blake-mealey]

As @Etheroit mentioned, Open Cloud is very limited atm. Currently the only API we are using from Open Cloud is Place Publishing. It looks like we will be able to use the Assets APIs to replace some of the old ones but I haven't looked into this yet.

Closing this ticket for now since Open Cloud can't support all our use-cases, but I agree that eventually that would be ideal.