Skip to main content
XCS provides a REST API for programmatic access to access control features. The primary interface is the Consumer API v1, which uses API key authentication and supports health checks, organization listing, and remote unlock.

Available APIs

Consumer API

The Consumer API provides programmatic access to XCS access control features. Use it to check service health, verify authentication, and trigger remote unlocks.

Remote Unlock

Trigger door unlocks programmatically with universe-scoped or player-scoped commands delivered through Roblox MessagingService.

Authentication

The Consumer API uses API key authentication. Pass your API key in the X-API-Key header:
curl -H "X-API-Key: your-api-key-here" \
  https://api.restrafes.co/api/consumer/v1/
Use the X-API-Key header, not the Authorization: Bearer header. The platform API (v3 routes) uses session-based authentication via browser cookies.

Base URL

https://api.restrafes.co/api/consumer/v1
All Consumer API endpoints are relative to this base URL.

Rate Limiting

Rate limits are enforced per API key. Exceeding the limit returns a 429 Too Many Requests response. If you encounter rate limiting, reduce your request frequency.

API Key Management

Organization API keys are generated from the organization management page on the XCS dashboard. Only organization Owners and Admins can generate and revoke API keys.