Install from s&box GitHub source
YAML Source is the Network Storage authoring standard.
Use the s&box Library Manager install for auto-updates. GitHub is best for agents, source review, contributions, and manual installs.

Preventing Stat Tampering with Endpoints

The common s&box security problem is trusting the client with player stats, currency, or inventory writes. Network Storage endpoints let the client ask for an a...

# Preventing Stat Tampering with Endpoints

The common s&box security problem is trusting the client with player stats, currency, or inventory writes. Network Storage endpoints let the client ask for an action while the backend decides whether the write is valid.

## Secure Transaction Flow

- The game sends a small request, such as `buy-car`.
- sboxcool.com verifies the s&box and SteamID auth context.
- The endpoint reads protected player data.
- Game Values provide authoritative prices or stats.
- The endpoint writes only if every check passes.

```yml
sourceVersion: "1"
kind: endpoint
name: Buy Car
slug: buy-car
method: POST
steps:
  - id: player
    type: read
    collection: players
    key: "{{steamId}}_default"
  - id: can_afford
    type: condition
    check:
      field: player.money
      op: ">="
      value: 45000
    onFail:
      status: 400
      error: INSUFFICIENT_FUNDS
```

This is the server-side authority layer for sbox secure transactions, validating player money, and preventing cheating in player stats.