Cloud Security Guide

LD Refund cloud mode stores refunds on LD servers. Your FiveM game server connects outbound only using a server token — not your license key.

Your license key is for dashboard and Discord bot access. Your server token is the secret your game server uses to sync refunds and claim them in-game.

• License owner — full license key and full server token in the dashboard.
• Discord guild admins — masked license key and masked server token only.
• Refund role members — manage refunds, but secrets stay masked.
• FiveM server — server token in server/config.lua (keep this file private).

• Never share your server token in Discord tickets or public chats.
• Do not commit config.lua to public Git repositories.
• Use Rotate token in Manage → Database after staff changes or if you suspect exposure.
• Use Revoke token immediately if leaked, then rotate a new one when ready.
• Keep the LD Refund resource updated for the latest security and performance improvements.

1. Open Manage → Database and click Revoke token.
2. Click Rotate token to generate a new one.
3. Update Config.Cloud.ServerToken on your FiveM server and restart the resource.
4. Review recent refunds for unexpected claims and contact LD support if needed.

A leaked license key alone cannot access the Game API or claim refunds in cloud mode. Still, treat it as sensitive: contact support if someone else activates it to another server, and avoid posting it publicly.

• Game API requests require a valid, active server token.
• Refund claims are transactional — only the matching Discord player can claim a pending refund, and double-claims are rejected.
• Rate limits and request logging help detect abuse.
• License keys are rejected for Game API access — use the server token only.