A list of hidden and undocumented apis/endpoints

Resources Community Resources
#4

A alright, thank you for brining this to my attention.

#5

New endpoints to be added:
https://devforum.roblox.com/unread.json?ascending=false
https://devforum.roblox.com/topics/timings
https://devforum.roblox.com/t/TOPIC_ID/MESSAGE_NUM.json?track_visit=true&forceLoad=true
https://devforum.roblox.com/c/CATEGORY_NAME/SUBCATEGORY_NAME/CATEGORY_ID/l/latest.json?ascending=false
https://devforum.roblox.com/drafts.json?offset=0&username=USERNAME
https://devforum.roblox.com/manifest.webmanifest
https://devforum.roblox.com/review/count.json
https://devforum.roblox.com/logs/report_js_error
https://devforum.roblox.com/notifications?recent=true&limit=30
https://devforum.roblox.com/session/USERNAME
https://devforum.roblox.com/session/csrf
https://devforum.roblox.com/auth/oidc
https://apis.roblox.com/application-authorization/v1/authorize?client_id=CLIENT_ID&nonce=NONCE&redirect_uri=https://devforum.roblox.com/auth/oidc/callback&response_type=code&scope=openid+profile+email&state=STATE
https://devforum.roblox.com/auth/oidc/callback?code=HASHEDCODE_TO_RUN_ONREDIRECT&state=STATE
https://www.roblox.com/abusereport/gameupdate?id=UNIVERSE_ID&redirectUrl=REDIRECT_URL
https://devforum.roblox.com/message-bus/BUS_ID/poll
https://devforum.roblox.com/u/USERNAME.json
https://devforum.roblox.com/user-badges/USERNAME.json
https://ads.roblox.com/v1/user-ads/assets/create
https://ads.roblox.com/v1/user-ads/game-passes/create
https://ads.roblox.com/v1/user-ads/groups/create
https://api.roblox.com/reference/deviceinfo
https://api.roblox.com/windows/v1/report-purchase
https://economy.roblox.com/v1/purchases/products/PRODUCT_ID

4 Likes
#6

Another analytics endpoint:
https://ecsv2.roblox.com/client/pbe
image
it requires some query params or something

image
image1391×333 12.4 KB

4 Likes
#7

The above is also persistent on /studio/pbe

3 Likes
#8

All subdomains on https://*.roblox.com/ that exist or did exist.
https://status.roblox.com/
https://t1.roblox.com/
https://gold.roblox.com/
https://nrt1-128-116-120-3.roblox.com/
https://corp.roblox.com/
https://pulsar.roblox.com/
https://silver.roblox.com/
https://cdg1-128-116-122-3.roblox.com/
https://mia1-128-116-127-3.roblox.com/
https://c0.roblox.com/
https://t0.roblox.com/
https://c2.roblox.com/
https://vpn2.roblox.com/
https://t2.roblox.com/
https://sea1-128-116-100-3.roblox.com/
https://ord2-128-116-101-3.roblox.com/
https://ams1-128-116-121-3.roblox.com/
https://iad4-128-116-102-3.roblox.com/
https://fra1-128-116-123-3.roblox.com/
https://ash1-128-116-114-3.roblox.com/
https://waw1-128-116-124-3.roblox.com/
https://dfw1-128-116-125-3.roblox.com/
https://lax1-128-116-116-3.roblox.com/
https://lga1-128-116-126-3.roblox.com/
https://sjc1-128-116-117-3.roblox.com/
https://sin2-128-116-97-3.roblox.com/
https://hkg1-128-116-118-3.roblox.com/
https://lhr1-128-116-119-3.roblox.com/
https://lhr2-128-116-119-3.roblox.com/
https://atl1-128-116-99-3.roblox.com/
https://t3.roblox.com/
https://chi1-128-116-112-44.roblox.com/
https://t4.roblox.com/
https://c5.roblox.com/
https://t5.roblox.com/
https://t7.roblox.com/
https://web230.ra.roblox.com/
https://web290.ra.roblox.com/
https://web211.ra.roblox.com/
https://web202.ra.roblox.com/
https://web212.ra.roblox.com/
https://web332.ra.roblox.com/
https://web242.ra.roblox.com/
https://web213.ra.roblox.com/
https://web204.ra.roblox.com/
https://web244.ra.roblox.com/
https://web254.ra.roblox.com/
https://web206.ra.roblox.com/
https://web326.ra.roblox.com/
https://web247.ra.roblox.com/
https://web208.ra.roblox.com/
https://web288.ra.roblox.com/
https://web209.ra.roblox.com/
https://web229.ra.roblox.com/
https://jira.roblox.com/
https://data.roblox.com/
https://job.roblox.com/
https://misc.roblox.com/
https://midas-android.roblox.com/
https://confluence.roblox.com/
https://perforce.roblox.com/
https://de.roblox.com/
https://infrastructure.roblox.com/
https://friendsite.roblox.com/
https://gamesite.roblox.com/
https://membershipsite.roblox.com/
https://avatarsite.roblox.com/
https://chatsite.roblox.com/
https://bronze.roblox.com/
https://t0-cf.roblox.com/
https://t1-cf.roblox.com/
https://t2-cf.roblox.com/
https://c3-cf.roblox.com/
https://t6-cf.roblox.com/
https://c7-cf.roblox.com/
https://setup-cf.roblox.com/
https://graph.roblox.com/
https://messagerouter.api.roblox.com/
https://clientsettings.api.roblox.com/
https://versioncompatibility.api.roblox.com/
https://setup-ak.roblox.com/
https://c0ak.roblox.com/
https://t0ak.roblox.com/
https://c1ak.roblox.com/
https://c2ak.roblox.com/
https://t2ak.roblox.com/
https://c3ak.roblox.com/
https://t3ak.roblox.com/
https://c4ak.roblox.com/
https://t4ak.roblox.com/
https://c5ak.roblox.com/
https://t5ak.roblox.com/
https://c6ak.roblox.com/
https://t6ak.roblox.com/
https://c7ak.roblox.com/
https://t7ak.roblox.com/
https://imagesak.roblox.com/
https://jsak.roblox.com/
https://uk.roblox.com/
https://mail.roblox.com/
https://t.email.roblox.com/
https://nl.roblox.com/
https://m.roblox.com/
https://forum.roblox.com/
https://o5.em8221.devforum.roblox.com/
https://altdevforum.roblox.com/
https://golden.roblox.com/
https://chi1-origin.roblox.com/
https://bloxcon.roblox.com/
https://search-comparison.roblox.com/
https://vpn.roblox.com/
https://awsvpn.roblox.com/
https://go.roblox.com/
https://help.roblox.com/
https://dmp.roblox.com/
https://shop.roblox.com/
https://fr.roblox.com/
https://jobs.roblox.com/
https://rjobs.roblox.com/
https://public.ecs.roblox.com/
https://test.public.ecs.roblox.com/
https://upload.crashes.roblox.com/
https://sales.roblox.com/
https://themes.roblox.com/
https://affiliates.roblox.com/
https://tfs.roblox.com/
https://apis.roblox.com/
https://partners.roblox.com/
https://developers.roblox.com/
https://punishments.roblox.com/
https://events.roblox.com/
https://news.roblox.com/
https://web120.p1t.roblox.com/
https://web102.p1t.roblox.com/
https://web103.p1t.roblox.com/
https://web104.p1t.roblox.com/
https://web114.p1t.roblox.com/
https://web124.p1t.roblox.com/
https://web115.p1t.roblox.com/
https://web125.p1t.roblox.com/
https://web108.p1t.roblox.com/
https://content.roblox.com/
https://pt.roblox.com/
https://persist.roblox.com/
https://midas-webpay.roblox.com/
https://survey.roblox.com/
https://deploy.roblox.com/
https://community.roblox.com/
https://nrt-gw.vpn.cn.roblox.com/
https://vpn.cn.roblox.com/
https://www.corp.roblox.com/
https://realtime1.roblox.com/
https://lweb7.p1.roblox.com/
https://setup.gametest1.roblox.com/
https://www2.roblox.com/
https://realtime3.roblox.com/
https://logging.service.roblox.com/
https://abuse.roblox.com/
https://notificationsite.roblox.com/
https://groupsite.roblox.com/
https://setup-staging.roblox.com/
https://wikiblog.roblox.com/
https://socialauth.roblox.com/
https://social.roblox.com/
https://wiki-origin.roblox.com/
https://corp-origin.roblox.com/
https://de.help.roblox.com/
https://fr.help.roblox.com/
https://es.help.roblox.com/
https://pt.help.roblox.com/
https://blogs.roblox.com/
https://polls.roblox.com/
https://web111.p1t.roblox.com/
https://web121.p1t.roblox.com/
https://web171.p1t.roblox.com/
https://lweb2.p1t.roblox.com/
https://web123.p1t.roblox.com/
https://web117.p1t.roblox.com/
https://test.roblox.com/
https://gametest.roblox.com/
https://setup-gametest.roblox.com/
https://setup-sitetest.roblox.com/
https://wwsw.roblox.com/
https://cpanel.www--roblox.com/
https://cpcalendars.www--roblox.com/
https://cpcontacts.www--roblox.com/
https://mail.www--roblox.com/
https://webdisk.www--roblox.com/
https://webmail.www--roblox.com/
https://www--roblox.com/
https://www.www--roblox.com/
https://cpanel.web--roblox.com/
https://cpcalendars.web--roblox.com/
https://cpcontacts.web--roblox.com/
https://mail.web--roblox.com/
https://webdisk.web--roblox.com/
https://webmail.web--roblox.com/
https://web--roblox.com/
https://www.web--roblox.com/
https://luobu-create.sitetest1.roblox.com/
https://www.vpn.cn.roblox.com/
https://p1.roblox.com/
https://www.events.roblox.com/
https://dev-altdevforum.roblox.com/
https://www.survey.roblox.com/
https://www.vpn.roblox.com/
https://www.jira.roblox.com/
https://www.tfs.roblox.com/
https://devrel.roblox.com/
https://www.wiki.roblox.com/
https://www.games.api.roblox.com/
https://www.help.roblox.com/
https://www.developer.roblox.com/
https://creatorforum.roblox.com/
https://p4d.roblox.com/
https://services.gametest.roblox.com/
https://services.roblox.com/
https://sitetest.roblox.com/
https://analytics.roblox.com/
https://sitetest2.roblox.com/
https://reports.roblox.com/
https://diag.roblox.com/

8 Likes
#9

I’m actually quite curious what gold.roblox.com is. I inspected Studio traffic using Wireshark today and it seems to be doing something with that endpoint when calling Players:GetUserIdFromNameAsync.

My first guess was that gold.roblox.com is the actual endpoint for API requests, and other API endpoints (e.g. users, auth, etc.) are just aliases for it that setup the request internally. Which then made me think silver.roblox.com is the old API using ASP.

#10

Adding these because it’s useful, these act as replacements for .roblox.com.

ModManager uses it’s S3 bucket to download sitetest branches.
https://sitetest1.robloxlabs.com
https://sitetest2.robloxlabs.com
https://sitetest3.robloxlabs.com (exists but doesn’t have an /index page)

https://s3.amazonaws.com/setup.sitetest2.robloxlabs.com/version.txt

also a lot of these ‘hidden’ APIs do have partners in their relative subdomain, you shouldn’t be using the assetgame APIs where possible

#11

What was the endpoint it was using? Because I know there are tracker pixels on this site.
http://gold.roblox.com/_/_/1px.gif

#12

I don’t know. Wireshark only provides the hostname for encrypted packets. I tried Fiddler too, but it doesn’t pick up requests made from within the context of a DataModel; only requests made by Studio itself.

#13

I know robloxlabs, but in the most recent dump I had I only dumped *.roblox.com subdomains.
There are subdomains on robloxlabs such as https://setup.opstest1.robloxlabs.com/.
These endpoints are not entirely intended to be used, they are only here as a form of resource. And also I know that the ones that don’t have a /index
https://ash1.statping.aws.robloxlabs.com/ is one

#14

Also, are you directly filtering wireshark towards one protocol? Or are you just watching the requests with no filters?

#15

I didn’t apply any filters. Just captured traffic on my Ethernet adapter. I usually use Fiddler, not Wireshark. I just knew Wireshark can usually see things Fiddler can’t.

#16

Such as TCP and TLS, could we push this to a PM to discuss more?

#17

So after days of painful searching and crying to myself I have uncovered a couple of 6000 subdomains on *.roblox.com and *.robloxlabs.com, keep in mind I am not guaranteeing that these aren’t dead yet. Any of them that timeout, they don’t have index pages.

RobloxLabs:
https://analyticsatlantis.aws.robloxlabs.com
https://api.gametest1.robloxlabs.com
https://api.gametest3.robloxlabs.com
https://api.gametest4.robloxlabs.com
https://api.gametest5.robloxlabs.com
https://api.sitetest1.robloxlabs.com
https://api.sitetest3.robloxlabs.com
https://api.sitetest4.robloxlabs.com
https://ash1.statping.aws.robloxlabs.com
https://assetgame.gametest4.robloxlabs.com
https://assetgame.sitetest1.robloxlabs.com
https://assetgame.sitetest3.robloxlabs.com
https://blog.robloxlabs.com
https://cdn.aws.robloxlabs.com
https://chat.gametest3.robloxlabs.com
https://chi1.statping.aws.robloxlabs.com
https://chi1traffic.statping.aws.robloxlabs.com
https://corp.robloxlabs.com
https://devforum-development.robloxlabs.com
https://devforum-staging.robloxlabs.com
https://devrelatlantis.aws.robloxlabs.com
https://discussions.gametest5.robloxlabs.com
https://ecosystem.robloxlabs.com
https://ecosystem.sitetest1.robloxlabs.com
https://ecosystemapi.robloxlabs.com
https://ecosystemapi.sitetest1.robloxlabs.com
https://ecsv2.gametest4.robloxlabs.com
https://ecsv2.sitetest1.robloxlabs.com
https://gametest1.robloxlabs.com
https://gametest3.robloxlabs.com
https://gametest4.robloxlabs.com
https://gametest5.robloxlabs.com
https://kyle.sitetest1.robloxlabs.com
https://lb1.robloxlabs.com
https://lb2.robloxlabs.com
https://lb3.robloxlabs.com
https://m.gametest3.robloxlabs.com
https://nallen.sitetest3.robloxlabs.com
https://nandrew.sitetest3.robloxlabs.com
https://nanthony.sitetest3.robloxlabs.com
https://nantoni.sitetest3.robloxlabs.com
https://napi.gametest1.robloxlabs.com
https://napi.gametest2.robloxlabs.com
https://napi.gametest3.robloxlabs.com
https://napi.gametest5.robloxlabs.com
https://napi.sitetest2.robloxlabs.com
https://nassetgame.gametest1.robloxlabs.com
https://nassetgame.gametest2.robloxlabs.com
https://nassetgame.gametest5.robloxlabs.com
https://nassetgame.sitetest3.robloxlabs.com
https://nclientsettings.api.gametest1.robloxlabs.com
https://nclientsettings.api.gametest2.robloxlabs.com
https://nclientsettings.api.gametest3.robloxlabs.com
https://nclientsettings.api.gametest5.robloxlabs.com
https://nclientsettings.api.sitetest2.robloxlabs.com
https://nclientsettings.api.sitetest3.robloxlabs.com
https://nclientsettingscdn.gametest1.robloxlabs.com
https://nclientsettingscdn.gametest2.robloxlabs.com
https://nclientsettingscdn.gametest5.robloxlabs.com
https://nclientsettingscdn.sitetest2.robloxlabs.com
https://nclientsettingscdn.sitetest3.robloxlabs.com
https://ndata.gametest1.robloxlabs.com
https://ndata.gametest2.robloxlabs.com
https://ndeploy.gametest1.robloxlabs.com
https://necosystem.sitetest1.robloxlabs.com
https://necosystemapi.sitetest1.robloxlabs.com
https://necsv2.gametest1.robloxlabs.com
https://necsv2.gametest2.robloxlabs.com
https://necsv2.gametest5.robloxlabs.com
https://necsv2.sitetest3.robloxlabs.com
https://nephemeralcounters.api.gametest1.robloxlabs.com
https://nephemeralcounters.api.gametest2.robloxlabs.com
https://nephemeralcounters.api.gametest3.robloxlabs.com
https://nephemeralcounters.api.gametest5.robloxlabs.com
https://nephemeralcounters.api.sitetest2.robloxlabs.com
https://nephemeralcounters.api.sitetest3.robloxlabs.com
https://nguru.sitetest3.robloxlabs.com
https://nisaiah.sitetest3.robloxlabs.com
https://nje.sitetest3.robloxlabs.com
https://nlinjun.sitetest3.robloxlabs.com
https://nlocalizationtables.sitetest1.robloxlabs.com
https://nm.gametest1.robloxlabs.com
https://nm.gametest2.robloxlabs.com
https://nm.gametest3.robloxlabs.com
https://nm.gametest4.robloxlabs.com
https://nm.gametest5.robloxlabs.com
https://nm.sitetest1.robloxlabs.com
https://nm.sitetest3.robloxlabs.com
https://nmanika.sitetest3.robloxlabs.com
https://nmedhora.sitetest3.robloxlabs.com
https://nreilly.sitetest3.robloxlabs.com
https://nrosemary.sitetest3.robloxlabs.com
https://nsairam.gametest1.robloxlabs.com
https://nsairam.sitetest3.robloxlabs.com
https://nsetup-ak.gametest1.robloxlabs.com
https://nsetup.gametest1.robloxlabs.com
https://nsetup.gametest2.robloxlabs.com
https://nsetup.gametest3.robloxlabs.com
https://nsetup.gametest4.robloxlabs.com
https://nsetup.gametest5.robloxlabs.com
https://nsetup.sitetest2.robloxlabs.com
https://nsetup.sitetest3.robloxlabs.com
https://nshannon.sitetest3.robloxlabs.com
https://nstatic.gametest1.robloxlabs.com
https://nstatic.gametest2.robloxlabs.com
https://nstatic.gametest5.robloxlabs.com
https://nstatic.sitetest3.robloxlabs.com
https://nversioncompatibility.api.gametest1.robloxlabs.com
https://nversioncompatibility.api.gametest2.robloxlabs.com
https://nversioncompatibility.api.gametest5.robloxlabs.com
https://nversioncompatibility.api.sitetest2.robloxlabs.com
https://nversioncompatibility.api.sitetest3.robloxlabs.com
https://nvlad.sitetest3.robloxlabs.com
https://nweb.gametest1.robloxlabs.com
https://nweb.sitetest2.robloxlabs.com
https://nwiki.gametest1.robloxlabs.com
https://nwww.gametest1.robloxlabs.com
https://nwww.gametest2.robloxlabs.com
https://nwww.gametest3.robloxlabs.com
https://nwww.gametest4.robloxlabs.com
https://nwww.gametest5.robloxlabs.com
https://nwww.m.gametest1.robloxlabs.com
https://nwww.m.sitetest1.robloxlabs.com
https://nwww.sitetest1.robloxlabs.com
https://nwww.sitetest2.robloxlabs.com
https://nwww.sitetest3.robloxlabs.com
https://nwww.sitetest4.robloxlabs.com
https://nying.sitetest3.robloxlabs.com
https://nyunpeng.sitetest3.robloxlabs.com
https://prodengatlantis.aws.robloxlabs.com
https://redash-backbone.aws.robloxlabs.com
https://redash.aws.robloxlabs.com
https://search.gametest4.robloxlabs.com
https://setup-ak.gametest1.robloxlabs.com
https://setup.gametest1.robloxlabs.com
https://setup.gametest2.robloxlabs.com
https://sitetest1.robloxlabs.com
https://sitetest2.robloxlabs.com
https://sitetest3.robloxlabs.com
https://sitetest4.robloxlabs.com
https://snc1.statping.aws.robloxlabs.com
https://socialauth.robloxlabs.com
https://static.gametest4.robloxlabs.com
https://toolsatlantis.aws.robloxlabs.com
https://www.gametest1.robloxlabs.com
https://www.gametest2.robloxlabs.com
https://www.gametest3.robloxlabs.com
https://www.gametest4.robloxlabs.com
https://www.robloxlabs.com
https://www.sitetest1.robloxlabs.com
https://www.sitetest4.robloxlabs.com
https://www.www.gametest1.robloxlabs.com

2 Likes
#18

Almost all gametests are dead btw, I believe gametest4 still exists

1 Like
#19

redirects to

1 Like
#20

Why is this relevant to me? Please explain

#21

GET https://api.roblox.com/developerproducts/list

Parameter Type
universeId int64
page number
#22

This post isn’t actively maintained anymore (last edit November 2nd) if it was, you would have seen it here already.
FYI you forgot the placeId parameter

#23

Some reveal private information about accounts and trying to use them for yourself or other users in code will give a 403 forbidden error unless you have some cookie or something, I think.

1 Like