For developers
Game API
Your Roblox game servers call these to check keys and grant perks.
Authentication
Send your secret in the x-api-key header on every request (set GAME_API_KEY in your env). Calls must come from the game server (HttpService enabled). If no key is set, the API runs in demo mode with sample data.
GET
/api/game/pingHealth + auth check.GET
/api/game/entitlement?userId=Does the user have an ACTIVE entitlement? The main check.GET
/api/game/perks?userId=Resolved perks object to apply in-game.GET
/api/game/user?userId=Full summary: active flag, entitlements, keys.GET
/api/game/keys?userId=All keys tied to a user (masked).POST
/api/game/validateCheck a key without redeeming. Body: { key }POST
/api/game/redeemRedeem a key (atomic, single-use). Body: { key, userId, discordId? }POST
/api/game/mintMint a key after an in-game dev-product purchase (idempotent per receipt). Body: { userId, product, receiptId }POST
/api/game/grantGrant an entitlement directly. Body: { userId, product, days? }POST
/api/game/extendAdd time to an entitlement. Body: { userId, product, days }POST
/api/game/revokeRevoke. Body: { key } or { userId, product? }GET
/api/game/statsTotals for dashboards.Example — check a key in Luau
local HttpService = game:GetService("HttpService")
local BASE = "https://bkpremium.online" -- your site URL
local API_KEY = "YOUR_GAME_API_KEY"
-- Call this on PlayerAdded to see if a player has active perks
local function hasActiveKey(userId)
local ok, res = pcall(function()
return HttpService:GetAsync(
BASE .. "/api/game/entitlement?userId=" .. userId,
false,
{ ["x-api-key"] = API_KEY }
)
end)
if not ok then return false end
local data = HttpService:JSONDecode(res)
return data.active == true
end
game.Players.PlayerAdded:Connect(function(plr)
if hasActiveKey(plr.UserId) then
-- grant your perks here
end
end)