Cookies are region locked on some Roblox APIs even with "Account Session Protection" disabled

sasial · October 3, 2024, 9:46am

I’m trying to make a call to https://assetdelivery.roblox.com/v1/asset?id={BUILDING_PLACE}, with a cookie on an account that has “Account Session Protection” disabled. Yet the API route is region locked and returns Error 409 (Conflict).

A private message is associated with this bug report

NinjaFurfante07 · October 3, 2024, 4:56pm

A workaround is to connect to a vpn with the same IP of the server where the bot account is being hosted.

Hooksmith · October 3, 2024, 4:58pm

It’s not entirely clear from your thread, but could you confirm that this is actually the issue you’re seeing, e.g. with the exact same call on different devices you either see an error or a success? Is there any other issue going on here or does it purely seem related to the location where the cookie is used from?

sasial · October 3, 2024, 8:35pm

That’s correct - it’s purely related to the issue.
The same API call with the same cookie succeeds on my local machine (and downloads the place), yet on the GitHub Actions runner it fails.

RuizuKun_Dev · October 4, 2024, 3:18pm

I can vouch, had the exact same issue @Hooksmith

ttaahw · October 4, 2024, 7:11pm

Hi there and thanks for the report!

Currently, Account Session Protection covers some aspects of session protection that validate your session specific to a device.

However, the opt-out feature does not currently disable certain geographic restrictions we may place on sessions. We understand that this may impact certain automation workflows and we hope to offer more specific guidance around this use case in the future.

Thanks again for the feedback!

sasial · October 6, 2024, 6:41am

How would you suggest I download a place in CI then? This is impacting my game. I appriciate you responding but I need a hand looking for a workaround.

Bestspyboy · October 6, 2024, 10:47am

does an API key suit your use? i’m not familiar with your use case but if the current Open Cloud routes don’t suit your use, you could create a feature request for any additional scopes you need.

RuizuKun_Dev · October 6, 2024, 6:23pm

no, it doesn’t because there isn’t an API for that

there is no Cloud API for downloading .rbxl with API_KEY for auth

@ttaahw thank you, i also need a solution for this as well it is disrupting my work

Bestspyboy · October 7, 2024, 7:18pm

:‎)

totally get that it’s not an actual solution just suggesting it!

RuizuKun_Dev · October 21, 2024, 11:46pm

can you suggest an alternative to this? I have CI/CD broken on me multiple times because of the cookie, and it’s all because we need to download the rbxl