The transition was relatively straightforward!
My only annoyance is that it seems to be forcing a JSON response for the /v1/* endpoints now, where-as before it would always give you an application/octet-stream response. Even when I set the Accept-Encoding header, it still sends me a JSON response.
I thought that was the main difference between /v1/ and /v2/, but I might be wrong.
Yes, we are excited to be enhancing our asset privacy & permissions features soon. The upcoming beta launch will include workflow improvements and give creators the option to enable privacy for meshes and images! With the change announced today, all requests to Asset Delivery APIs will need to be authenticated. It will not impact permissions for authenticated users to access assets. For some asset types (e.g. audio, video), we already require permissions for the authenticated user or experience to access a particular asset. As we mentioned here, we’ll soon be broadening this access control to more asset types. Stay tuned for the asset privacy & permissions announcement in the next few weeks!
My extension literally uses this API thousands x2 of times for each page so if rate limits even get added I’m going to have so much problems 
No understanding from me, you literally provided no explanation as to why you’re doing this.
Thank you, finally I’ve been waiting for this update for so long.! I’ll have some few additional questions in PMs.
except they did…
These endpoints currently allow unauthenticated access to many assets. We’re making this change to enhance security and prevent abuse of creators’ content, including unauthorized content scraping. This update will allow us to protect your content better and provide a more secure platform.
It seems like that projects using the old roblox client contributed the cost, as outside this platform, there is Roblox Revival that mostly use the V1 endpoint.
We’re monitoring all unauthenticated requests right now. If you have any questions about a specific place or asset we can check if it’s in our list and let you know.
As I noticed, you have been planning to work on this API change for months, because it only started to affect unauthenticated requests back in November 2024 with the rate-limiter. Many users found out that using authenticated cookies would bypass the rate-limit, and so on it improved it.
One question it still remains is that this feature was announced due of the overloaded requests, right?
I don’t really get the point
I don’t see how this is even a problem (very vague on how you can abuse someone public assets), and adding an authorization won’t fix anything.
for example in the case of “scraping”, people can just make roblox accounts, get their cookies/oauth and boom it works…
The recommended replacement endpoint for fetching assets:
Does not support authentication via the x-api-key header for members of a group.
Is this a bug? Is the purpose of these replacement end-points not to support API authentication?
How are members of a group supposed to authenticate themselves?
As of 05:59 UTC, loading public assets works.
USER@DESKTOP-0K06777 ~
$ date --iso-8601=seconds
2025-04-03T05:57:23+00:00
USER@DESKTOP-0K06777 ~
$ curl https://assetdelivery.roblox.com/v1/asset/?id=4794911592 -L
Warning: Binary output can mess up your terminal. Use "--output -" to tell curl to output it to your terminal anyway, or consider "--output <FILE>" to save to
Warning: a file.
USER@DESKTOP-0K06777 ~
$ curl -s https://assetdelivery.roblox.com/v1/asset/?id=4794911592 -L --output - | wc --bytes
8929238
Also as of 07:03 (past midnight Pacific).
USER@DESKTOP-0K06777 ~
$ date --iso-8601=seconds
2025-04-03T07:03:28+00:00
USER@DESKTOP-0K06777 ~
$ curl https://assetdelivery.roblox.com/v1/asset/?id=4794911592 -L
Warning: Binary output can mess up your terminal. Use "--output -" to tell curl to output it to your terminal anyway, or consider "--output <FILE>" to save to
Warning: a file.
USER@DESKTOP-0K06777 ~
$ curl -s https://assetdelivery.roblox.com/v1/asset/?id=4794911592 -L --output - | wc --bytes
8929238
USER@DESKTOP-0K06777 ~
$ date --iso-8601=seconds
2025-04-03T09:04:01+00:00
USER@DESKTOP-0K06777 ~
$ curl -s https://assetdelivery.roblox.com/v1/asset/?id=4794911592 -L --output - | wc --bytes
8929238
USER@DESKTOP-0K06777 ~
$ date --iso-8601=seconds
2025-04-03T09:29:14+00:00
USER@DESKTOP-0K06777 ~
$ curl -s https://assetdelivery.roblox.com/v1/asset/?id=4794911592 -L --output - | wc --bytes
8929238