POST Auth Required /api/v1/log/{category}

Log lets trusted Roblox servers send important events to Kiba. Kiba forwards those events to the configured Discord webhook, and moderation logs can also be stored as user infractions.

This endpoint requires the bearer token. Only call it from server-side code. Never put the API key in a LocalScript or public module.

Plain English Flow

  1. Your game detects a server event, validation failure, or moderation action.
  2. The Roblox ServerScript sends a JSON payload to /api/v1/log/{category}.
  3. Kiba routes the event to the matching Discord webhook.
  4. If the category is moderation and a valid code is included, Kiba stores it with that linked user.

Categories

CategoryUse forExample
serverServer lifecycle and backend status.Server booted, shutdown started, datastore warning.
ingameGameplay validation and non-staff events.Code prompt opened, callback parse failed, suspicious state.
moderationStaff or automated enforcement events.Warning, kick, exploit detection, item removal.

Endpoint

POST https://api.kiba-is-a.top/api/v1/log/moderation
Authorization: Bearer YOUR_API_KEY
Content-Type: application/json

Request Body

{
    "event_type": "warning",
    "roblox_username": "PlayerName",
    "roblox_user_id": 12345678,
    "description": "Exploit behavior detected by AntiCheat",
    "issued_by": "AntiCheat",
    "code": "AB12"
}
FieldRequiredMeaning
event_typeYesShort event label, such as boot, warning, kick, or callback_error.
descriptionYesHuman-readable explanation of what happened.
roblox_usernameNoAffected player's username, usually player.Name.
roblox_user_idNoAffected player's Roblox user ID, usually player.UserId.
issued_byNoSource of the event, such as staff name, system name, or script name.
codeNoPlayer's 4-character Kiba code. Include this when the event should attach to the linked user.

Roblox Server Example

Wrap logging in a helper so all scripts send the same shape of event. This example intentionally stays server-side. 

local HttpService = game:GetService("HttpService")

local API_KEY = "YOUR_API_KEY"
local LOG_BASE = "https://api.kiba-is-a.top/api/v1/log/"

local function sendKibaLog(category, payload)
    local ok, response = pcall(function()
        return HttpService:RequestAsync({
            Url = LOG_BASE .. category,
            Method = "POST",
            Headers = {
                ["Authorization"] = "Bearer " .. API_KEY,
                ["Content-Type"] = "application/json"
            },
            Body = HttpService:JSONEncode(payload)
        })
    end)

    if not ok then
        warn("Kiba log request failed: " .. tostring(response))
        return false
    end

    if not response.Success then
        warn("Kiba log rejected: " .. tostring(response.StatusCode) .. " " .. response.Body)
        return false
    end

    return true
end

local function reportModeration(player, action, description, issuedBy)
    sendKibaLog("moderation", {
        event_type = action,
        roblox_username = player.Name,
        roblox_user_id = player.UserId,
        description = description,
        issued_by = issuedBy or "Server",
        code = player:GetAttribute("KibaCode")
    })
end

Common Examples

Server boot

sendKibaLog("server", {
    event_type = "boot",
    description = "Roblox server started",
    issued_by = game.JobId
})

In-game validation issue

sendKibaLog("ingame", {
    event_type = "callback_parse_error",
    description = "Callback response could not be parsed",
    issued_by = "PresencePoller"
})

Moderation action

reportModeration(player, "warning", "Exploit behavior detected", "AntiCheat")

Out-of-Game Test

curl -X POST https://api.kiba-is-a.top/api/v1/log/moderation \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"event_type":"warning","roblox_username":"PlayerName","roblox_user_id":12345678,"description":"Exploit behavior detected","issued_by":"AntiCheat","code":"AB12"}'

Success Response

{
    "status": "logged",
    "category": "moderation"
}

Errors

HTTPCauseFix
400Unknown category or invalid code.Use server, ingame, or moderation; send 4-character codes only.
401Missing or invalid bearer token.Check the server-side API key.
422Payload validation failed.Include event_type and description; keep roblox_user_id positive.
429Rate limit exceeded.Batch noisy events or slow down repeated reports.

Rate Limit

POST /log/* allows 30 requests per minute per IP.