Roleplay Project · API

Telemetry & integration API

Internal endpoints for the modded game server, anti-cheat clients, and the Discord control plane. Not a public API — requests require a signed telemetry key.

Operational

Public endpoints

Authenticated by x-telemetry-key header. Rate-limited at the edge.

POST /v1/health Heartbeat

POST /v1/event Telemetry event

GET /v1/config Runtime config

POST /discord/interactions Ed25519-signed

curl -X POST https://api.roleplayproject.net/v1/health \
     -H "x-telemetry-key: <your-key>" \
     -H "Content-Type: application/json" \
     -d '{"server":"prod","playerCount":42}'

/admin/* endpoints are bound to localhost only and are blocked at the edge. Public requests against admin paths return 403 unconditionally.

Status

APIOnline
Authx-telemetry-key
TLSLet's Encrypt
Rate limit30 r/s general · 10 r/s /v1
Body limit256 KB v1 · 2 MB discord
RegionEU-West-2

Security posture

HSTS365d, preload, includeSubDomains
X-Frame-OptionsDENY
X-Content-Type-Optionsnosniff
Referrer-Policyno-referrer
Permissions-Policygeolocation, camera, microphone, payment, usb · disabled
X-Forwarded-ForRewritten — client-supplied chain discarded
Discord interactionsEd25519 signature verified (tweetnacl)
SecretsLoaded from .env (600), never in source