API Changes - Introducing reverse search

API Changes - Introducing reverse search

I am updating the Aquarius API - and it may help you build your next cool thing, and it may have some privacy implications for you.

What's changed

The most common way to query the API is for someone to provide your Discord account id, which is a long number that looks like this: 183601072344924160, we use this id to look up your account link, if it exists. If we find one, we return it - allowing that bot or application to access your "link".

The change is that users (and applications) will now be get the Discord account(s) a Roblox account is associated with (Roblox -> Discord). We place some additional restrictions on this to prevent abuse, which you can read about in the docs and below.

To protect your privacy, you can opt-out and only allow Discord -> Roblox account queries, if you'd like to do so, you can find more information under the heading "How do I opt out?". Please note that if you opt-out, applications can still get your link using your Discord account id. To have your account link deleted, contact me.

In addition to this, I am updating Polaris to fully use the Aquarius verification system, so it will share codes with it and no longer generate it's own codes - this means self-hosted bots will no longer function.

Note: While you can opt-out, I do not recommend it as it can cause issues and is not necessary for most people.

Why it matters

For most users, it doesn't.

However, a lot of APIs don't expose this information on the basis of privacy concerns - and implement a range of control measures - usually API keys - to prevent abuse. I've opted to go for this different method, to encourage open use but also restrict the wishes of users.

I hosted a public consultation, and some users expressed concerns - which is why I've gone for the opt-out system.

For public figures, opting out of this change may make sense. If you are not a public figure, people being able to fetch your Discord id will not cause you any harm - and will likely benefit you.

All someone can do it with your Discord id is send you a friend request, and uniquely identify your discord account. Pretty harmless, but pretty useful for keeping in touch - right?

What have you done to prevent abuse?

In order to prevent abuse, I've put several measures in place, including:

  • Robust API monitoring
  • A lower API limit of 30 requests per minute.
  • An opt-out system, which you can read more about below.

I will issue API bans to anyone that abuses the API, and if necessary I will bring in client tokens - but these will be (pretty much) freely issued.

Users of this API MUST not store any record of the results retrieved from this API. If you do so, you may be violating the wishes of users who later opt-out. If you are found to be doing this, you will be barred from using the API.

How do I opt out?

You can opt-out by going to the Verification dashboard here. If you need to, login and then you can click "Learn more" to see more information, and customise your consent.

Get in touch

Contact me directly via. my Contact page