Building the Belmont Private API Core

A deep dive into how we engineered a sub-10ms authentication and DRM system to protect our standalone scripts from piracy without sacrificing server startup performance.

The Bloat Problem

When we first looked at how traditional FiveM resources handled licensing, we were horrified. Scripts were pulling down massive external dependencies, running synchronous HTTP requests blocking the main thread during startup, and ultimately providing terrible user experiences just to check if a license key was valid.

Engineering the Solution

We decided to build the Belmont Private API from scratch. Our requirements were simple:

• Must execute validation in under 10ms globally.
• Must not block the main execution thread of the game server.
• Must provide unbreakable IP and Hardware binding.

We chose Go for the validation nodes because of its extreme concurrency performance and low memory footprint. We paired this with Redis for an ultra-fast caching layer.

// Core logic for fast validation
func validate(key string, ip string) bool {
    hash := crypto.SHA256(key + ip)
    if val, err := redis.Get(hash); err == nil {
        return val == "true"
    }
    // Fallback to slow DB check asynchronously
    go checkDatabase(key, ip)
    return false
}

The Result

The resulting system allows our software to boot instantly. When a client starts a Belmont Software resource, the authorization check resolves before the next server tick even fires. We successfully mitigated piracy while actually improving the startup times compared to competitor scripts.