Creator Action Required: New Asset Delivery API Endpoints for Community Tools

Updates Announcements
#1

Hello Creators,

On April 2nd, we will be requiring authentication for all Asset Delivery API endpoints.

Here’s what you need to know:

  • This change affects the following endpoints:

    • https://assetdelivery.roblox.com/v[1,2]/asset/

    • [https://assetdelivery.roblox.com/v[1,2]/assetId/{assetId]

    • https://assetdelivery.roblox.com/v[1,2]/assetId/{assetId}/version/{versionNumber}

    • https://assetdelivery.roblox.com/v[1,2]/alias/{alias}

    • https://assetdelivery.roblox.com/v1/assets/batch

  • This will impact creators making calls without authentication to asset delivery

  • Impacted creators need to add authentication to all requests to asset delivery by April 2, 2025

  • If you do not update, calls will start being rejected with a 403

  • This tight timeline is necessary to ensure the security of creator content on Roblox

We appreciate your understanding and help with this change – please find more detailed information below.

Transition Details

These endpoints currently allow unauthenticated access to many assets. We’re making this change to enhance security and prevent abuse of creators’ content, including unauthorized content scraping. This update will allow us to protect your content better and provide a more secure platform.

If you are using these endpoints without authentication, you must begin sending authentication with your requests. We recommend switching to the new authenticated endpoints for your asset fetching needs:

  • https://apis.roblox.com/asset-delivery-api/v1/assetId/{assetId}

  • https://apis.roblox.com/asset-delivery-api/v1/assetId/{assetId}/version/{versionNumber}

These new endpoints support scoped API key and OAuth 2.0 authentication with the legacy-asset:manage scope.

Impact & Feedback

We expect this release to impact browser plugins, but we do not expect it to change behavior in experiences or in Studio. Please comment below to let us know the details of any use cases you have which cannot be satisfied by the new endpoints.

Please comment and let us know if you have any concerns.

We appreciate your help with this change and thank you for your support,
Roblox Core Services Team

65 Likes
Official List of Deprecated Web Endpoints
API Endpoint refusing access to some users in group
MeshVox V1.1 - A powerful 3D mesh-terrain converter
Weekly Recap: March 24 - 28, 2025
Help with http 401 out of nowhere and roproxy
Provide a stable Open Cloud API to get an image ID from a decal ID
Others can see inventory when it's private
#2

This topic was automatically opened after 10 minutes.

#3

Finding assets that use assetdelivery is pretty painful, authentification too, and April 2nd isn’t a very large deadline.

Do you plan anything to make the transition simpler with a tool like the one with audios? I’d like to do it in my games incase they do risk, but I don’t really know how to proceed efficiently.

A smooth transition is also safer to ensure every games will work correctly. I understand your worries about security, but I don’t want to see my games non-working or buggy due to such a move…

11 Likes
#4

Is the asset privacy update of limiting mesh and image availability to whitelisted places only coming soon?

6 Likes
#5

Good change. Horrible communication, too many unanswered questions.

Are public assets such as decals, accessories and the like going to need authentication?

Is there a way to even test this?

And one week is way too short. It should’ve been 2 weeks.

22 Likes
#6

Can we have assetdelivery integrated into open cloud so that we can use open cloud api keys instead of auth cookies?

4 Likes
#7

What does “authentication” mean here? Does that mean I just need to be logged in, or do I need to be logged in as the creator of the asset, or something else? I frequently use assetdelivery for quickly downloading assets through my browser and I’m not familiar with open-cloud stuff, so this is a little confusing to me.

9 Likes
#8

I wonder what this is… Oh yeah they just did that.

3 Likes
#9

EDIT: I should have read the announcement closer. Will try using the authenticated endpoints with an open cloud key

What’s our alternative for getting an image from a decal now (public or not)? I know about InsertService being modified to allow public Decals but this isn’t a complete replacement.

In Heroes Battlegrounds, we allow people to put decal IDs on their cape as a VIP perk. Since there’s a lot of people who don’t know the difference between an image ID and a decal ID, we have a fallback set up where decal IDs are turned into image IDs using assetdelivery.

image
image997×1225 91.3 KB

I don’t think we could add authentication to this without the account we authenticated it to being at risk for spamming requests.

5 Likes
#10

You have been un-ensuring it for the past years so it was really not necessary to announce this update straight away

7 Likes
#11

If it’s through the browser you’re most likely authenticated automatically if logged-in. My guess is you’ll still be able to go to library to download the preview image of your assets.
We’ll have to see though…

Very glad this change is coming.

2 Likes
#12

Classic Roblox rolling out big updates like this with little to no time for us to prepare.

7 Likes
#13

Roblox audio update 2: the asset undelivery

if i am wrong, can yall tell me whether it’s gonna screw up like every roblox game in existance or not?

6 Likes
#14

Good update, could use more communication but otherwise good update. Security and protection of assets is a W

nanachicinema

6 Likes
#15

They mentioned assets in general, so that will apply to every asset in existence, no matter the type. Roblox is very careful with their words

3 Likes
#16

2nd April, but at what time? :thinking:

2 Likes
#17

1 weeks notice is not realistic; which, really if you live anywhere east of the US and work weekdays only because you set yourself healthy boundaries between work and personal life, it’s actually 5 days since everybody is signed off.

But there isn’t a specific time given on April 2nd, so I would also have to assume it’s an automated switch at 12am, meaning that for all we know there’s 4 days left.

The way this platform pushes changes is why I feel like I need to take my laptop on vacation with me so that I have the ability to fix anything immediate, announced or unannounced, intentional or unintentional.

10 Likes
#18

you know you have screwed up as a platform when a very famous dev calls yall out for giving no notice for one of those “creator action required” updates(which is understandable)

i still need some explanation whether or not this update will end up breaking everything in existance or not tho

3 Likes
#19

You did not spend much time writing this change, or you forgot to peer review it with another intern just to double check whether or not you’re getting your message across properly.

These changes will break my games, but I think we all know that’s not priority over there, given the short deadline you’ve handed to us.

You are doing this to impose future restrictions on developers. This is obvious. There is no use case for such a bizarre change.

1 Like
#20

A smooth transition is also safer to ensure every games will work correctly. I understand your worries about security, but I don’t want to see my games non-working or buggy due to such a move…

This won’t break any experiences. All gameplay and studio usage is done while authenticated. This would mainly affect any creators making calls to asset delivery outside of experiences (like from a browser extension, or script)

A smooth transition is also safer to ensure every games will work correctly.

Definitely - in this case your experiences are safe - this feedback is being shared with the team. We appreciate your understanding.

7 Likes