Leaderboard

For a access scoped accounts. Step 1. Make a backup of your acl.xml file. Step 2. Create a new account with for example the name: /register user_XTrqveZgi8 {password} Step 3. Modify the acl.xml. Add a group: Used for defining who has access to what. The prefix user.{username} is used to define that it is a user account that is granted access. <group name="webaccess"> <acl name="webaccess_acl"></acl> <object name="user.user_XTrqveZgi8"></object> </group> And the access list: Used to define the access rights. Replace resource.{resourcename}.http with the resource that is allowed to be accessed to. You can also rename webaccess_acl, but you also have to update the same name in the acl tag located in the group: <acl name="{name}"></acl>) <acl name="webaccess_acl"> <right name="resource.resourcename.http" access="true"></right> </acl> This all will grand the user 'user_XTrqveZgi8' access to http requests to resource {X}. Things to keep in mind: Never use an old ACL, because not yet created -> known accountnames can be recreated by a random player in your server. Always make a backup of your ACL file.

UPDATE: I figured that it was an acl issue, that I had to enable HTTP for everyone, so the created API can be available for everyone, even the ones who don't have any auth But I will be needing help on ACL, since I am creating a new form scratch gamemode, I will need to write my own and custom acl as well. Or perhaps use the current account system of MTA as well since I can't edit to create my own And I appreciate a lot for the helps IIYAMA gave me during this issue with the stuff I had with CEF and how they should communicate.

Not sure what kind of backend you use. But here is an npm packets that could be used for inspiration. Probably some dependencies are deprecated. https://github.com/4O4/node-mtasa/tree/master The authOptions: https://github.com/4O4/node-mtasa/blob/aeac8ab9417a7b6a65f117491d1e648a6ad62422/src/client.ts#L107C17-L107C28 Using it in request: https://github.com/4O4/node-mtasa/blob/aeac8ab9417a7b6a65f117491d1e648a6ad62422/src/client.ts#L62 But under the hood (in JS) it is something like this: const credentials = `${username}:${password}`; const encodedCredentials = Buffer.from(credentials).toString('base64'); const result = "Authorization: Basic " + encodedCredentials The header is: Authorization The value is something like: Basic bWlqblVzZXI6Z2VoZWltV2FjaHR3b29yZA==

It should be for security concerns. You wouldn't want to visit a site that is designed to look for 'new functions' and starts call them. If you take a look at this page: https://wiki.multitheftauto.com/wiki/Meta.xml You can see that it is possible to call an export function over http What syntax do you need for calling an export function? http://<your IP>:<your port>/<resource_name>/call/<exported_function_name> https://wiki.multitheftauto.com/wiki/Resource_Web_Access How does authentication works? https://en.wikipedia.org/wiki/Basic_access_authentication#Client_side A 'basic' authentication should the way to go. It requires login credentials of an MTA user account with the correct permissions. This has to be passed every request. When you connect through the browser: http://127.0.0.1:22005/resourcebrowser/ You more or less understand what to expect. There is also a section about 'Router', which is new. Might be useful. https://wiki.multitheftauto.com/wiki/Resource_Web_Access#Router For inspiration https://community.multitheftauto.com/index.php?p=resources&s=details&id=18781 This resource is about fetching data from MTA to a (remote) host. This is the opposite of what you are trying to achieve, but probably still useful. Fetching from MTA to remote host Creating a MTA user (installation_s.lua) that only has the correct permissions.