I’m currently working on a React website that relies heavily on Roblox APIs, especially the V1 Profile Service for rendering profile pictures. I’ve run into some issues with my logging system.
I often get a “429 (Too Many Requests)” response, which means I’m hitting the request limits. I want to clarify that I’m not creating account bots. The system is just for authenticating users, similar to how Discord bots check tokens. I’ve set up high-security standards with multiple hashing methods to protect user data.
Usually, users don’t notice these limits since their requests are made locally. However, my Linux server, which runs several SQL databases for logging, needs to make API requests to verify that a user is a real Roblox player. When more than five people are on the site at the same time, I quickly hit the API request limit.
I could deploy additional servers with static public IP addresses for load balancing, but I’m worried Roblox might not approve of this, even though it could benefit both sides. Plus, it could makes me financially bankrupt if the site only gets a few visitors and I need to rent a Server every time.
Is there any chance Roblox could make an exception for API rate limits for projects like mine? Is it possible to increase the limits for specific IPs? Maybe even other APIs with Authentication-Key?
honestly i cant really help, more came here to complain. I get the same response (error 429, too many requests) even when it has only had 5 requests. How is that even possible? How come it says that if there have been in total 5 requests (in like 1 hour)
Hey @kuritigu , unfortunately, I haven’t gotten to the point of implementing the login system yet, but I may have found a solution I need to try in the next few days.
I believe the issue is related to the token stored inside the cookies. For example, when you visit https://users.roblox.com/v1/users/173487653, you can easily reload the page hundreds of times in a second without getting the “429 Too Many Requests” status.
However, if you delete the cookies and try again, you receive the “429 Too Many Requests” status after just two quick reloads.
I won’t go into too much detail, but basically, the token acts as authentication, determining whether you’re allowed to use a service. It’s often used as a session key so users don’t have to log in after every reload or when switching pages.
Unfortunately, I don’t have any more time today, but I will write a quick script tomorrow to emulate an API GET request using my cookies. If you want to do the same, be sure to run it through a backend system that bridges your user and the Roblox API to avoid exposing your token publicly(!).
When I got a working System, I will let you know with some Code Snippes
