I’m currently trying to make a script with which it’d be possible to send Messages to other users - however roblox keeps returning the error: “Authorization has been denied for this request.”.
I have no clue as to why this is happening, I send both the roblosecurity cookie and the x-csrf-token in the request.
Which API request gives you this error? It might be that you try to login which possibly changes the cookie or modifies authorization. I personally wouldn’t even bother with the login API as a cookie is sufficient enough to basically do anything. Your error most definitely comes from authorization, and although I’d think it would be the x-csrf-token, you have provided it so I think it has to do with you trying to login. If I am correct, the login API requires another API call to get a Captcha and a second one to verify. This is very confusing and I don’t know how exactly it works, so just scrap the authorization part all-together and use cookie instead. (Basically, you can make any calls you want by just providing the cookie and the x-csrf-token wherever needed)
You don’t need the login API for the x-csrf-token. You can make two calls to the privatemessage API in order to retrieve it. The first one is used to retrieve the x-csrf-token and the second is used to make the call. I made a topic while back asking why I kept getting an error, and I realized the existence of x-csrf-token, which was not documented anywhere in Roblox. Here is a sample code that utilizes a recursive function that gets the x-csrf-token and then attempts to call again (this was in Python):
I am pretty sure your authorization attempt is messing you up as it is incomplete and registers the cookie as invalid. Additionally, it could be that your cookie might be invalid. That can happen to. In short, just recursively call your function for the x-csrf-token and then attempt to call it again with the x-csrf-token. That should work for as long as your cookie is valid.
Then are you sure your cookie is valid? Authorization denied is usually because you have invalid authorization, which in our case would be your cookie. I find it odd that it wouldn’t return an x-csrf-token. I’ll check it out on my bot, but do check out if your cookie is valid.
This has nothing to do with his question. He isn’t using HTTPService nor is he making the requests from the website itself. He is using Node.js and an external script.
??? Could you please elaborate, why would they need to be proxied through another server? He should be able to use the roblox api perfectly fine outside roblox studio.
No worries, just please check next time before replying to a thread.
Please add "Content-Type": "application/json" in the request headers, and here’s a similar thread which was answered, please check it to see if it resolves your issue.