A server-side key system built with Node.js + Express + MongoDB Atlas.
It generates 24-hour unique keys, validates them, auto-removes expired keys, and prevents spam with rate-limiting.
Useful for Roblox, APIs, or any project where temporary access keys are needed.
- Generate unique keys (
xxxx-xxxx-xxxx-xxxx) - Keys last 24 hours then expire automatically
- Auto-cleanup using MongoDB TTL index
- Device-persistent keys in browser (cookies)
- Rate-limiting (3s per request)
- Endpoints to get, verify, and validate keys
- Deployable on Vercel, Render, Railway, or any Node host
node-key-system/
│ .env
│ package.json
│ server.js
├─ models/
│ └─ Key.js
├─ middleware/
│ └─ rate-limit.js
├─ routes/
│ └─ keys.js
├─ public/
│ ├─ getkey.html
│ ├─ generatekey.html
│ └─ js/
│ ├─ generate.js
│ ├─ validate.js
│ └─ verify.js
git clone https://github.com/YOUR-USERNAME/node-key-system.git
cd node-key-systemnpm installPORT=3000
MONGODB_URI=mongodb+srv://<username>:<password>@<cluster>.mongodb.net/nodekeysystem?retryWrites=true&w=majority
KEY_COOKIE_NAME=node_key_system_device
RATE_LIMIT_WINDOW_MS=3000Replace <username>, <password>, and <cluster> with your MongoDB Atlas connection string.
npm run devThe server runs on http://localhost:3000
- Push your project to GitHub.
- Go to Vercel, create a new project, and import the repository.
- Add environment variables in Project → Settings → Environment Variables:
MONGODB_URIKEY_COOKIE_NAME=node_key_system_deviceRATE_LIMIT_WINDOW_MS=3000
- Deploy the project.
If you encounter persistent MongoDB connection errors, consider hosting on Render, Railway, or Fly.io, which handle long-lived connections more reliably.
Returns or generates a key for the requesting device.
{
"ok": true,
"key": "8a62-9438-8027-f7dc",
"expiresAt": "2025-09-25T11:00:00.000Z"
}Body:
{ "key": "xxxx-xxxx-xxxx-xxxx" }Response:
{ "ok": true, "message": "Key valid" }Validates a key directly via query string.
{ "ok": true, "message": "Key valid" }/getkey.html→ Generate and copy a key/generatekey.html→ Manually generate key/js/validate.js?KEY=xxxx→ Validate by script
- A client requests a key.
- The server checks if the device already has one.
- If no key exists, a new one is generated, stored in MongoDB, and tied to the device.
- Keys expire after 24 hours and are automatically removed by MongoDB TTL index.
- Validation and verification endpoints check if a key is valid or expired.
- Rate-limiting prevents multiple requests within 3 seconds.
Client (Browser / Roblox / API)
│
▼
HTML Pages / Roblox GUI
│
▼
Express Server (server.js)
│
┌───────────────────┐
│ rate-limit.js │
│ routes/keys.js │
│ models/Key.js │
└───────────────────┘
│
▼
MongoDB Atlas
- Stores active keys
- TTL auto-deletes expired keys
Error:
MongooseServerSelectionError: Could not connect to any servers in your MongoDB Atlas cluster
Fix:
- Ensure your current IP is whitelisted in MongoDB Atlas Network Access.
- In development, whitelist
0.0.0.0/0to allow all IPs. - Check your
.envMONGODB_URImatches Atlas connection string.
- Enable HTTP Requests in Roblox Studio → Game Settings → Security.
- Ensure your endpoint is HTTPS (
https://...). - Roblox does not send cookies, so
/api/get-keymay issue new keys each call. - If needed, add a Roblox-specific endpoint (e.g.
/api/get-key-roblox) that ignores cookies.
If you get blocked after spamming requests, wait 3 seconds before making a new request. The rate-limit is per device.
- Ensure MongoDB TTL index is created on
expiresAtfield. - In Atlas, check the collection → Indexes → verify TTL index exists.
MIT License – free to use, modify, and distribute.
Made by RushDoesProgramming (RushScripts)