If it's not terribly important I'd have an interface to auto-hardcode the generated key when they copy the script from your server (having no idea what game or how the "user scripts" feature works in it). Don't need to store it then. Assuming also the user scripts are secured behind an authentication wall.
I'd pass the key in the "Authorization" header, just raw. Gotta support CORS limited to the game's domain, which shouldn't be too difficult since most backend stacks have a switch/config for it.
I would use this, for example... if I wanted to stream iHeartRadio and store a default station per user to start playing when the game loads (I did this recently with a Discord bot for funsies, they have a nice API).
I ended up going with a JWT and encoding the user id into it. This works good as I've left bare minimum information in there and I just use this ID when calls to my APIs occur to run the user ID through a policy on the route which checks their access level. I can then accept or deny plus attach in their user profile if I want to then use it further down stream. Revoking access is nice and simple this way too as each member has an access level I can switch and just block them at the policy.
Interesting you are using discord bots. I've built a few telegram bots now it's definitely a lot of fun and oddly satisfying running commands through a messenger!
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
If it's not terribly important I'd have an interface to auto-hardcode the generated key when they copy the script from your server (having no idea what game or how the "user scripts" feature works in it). Don't need to store it then. Assuming also the user scripts are secured behind an authentication wall.
I'd pass the key in the "Authorization" header, just raw. Gotta support CORS limited to the game's domain, which shouldn't be too difficult since most backend stacks have a switch/config for it.
I would use this, for example... if I wanted to stream iHeartRadio and store a default station per user to start playing when the game loads (I did this recently with a Discord bot for funsies, they have a nice API).
I ended up going with a JWT and encoding the user id into it. This works good as I've left bare minimum information in there and I just use this ID when calls to my APIs occur to run the user ID through a policy on the route which checks their access level. I can then accept or deny plus attach in their user profile if I want to then use it further down stream. Revoking access is nice and simple this way too as each member has an access level I can switch and just block them at the policy.
Interesting you are using discord bots. I've built a few telegram bots now it's definitely a lot of fun and oddly satisfying running commands through a messenger!