Reproduction Steps
From an external service, perform a GET request to the https://groups.roblox.com/v1/groups/GROUP_ID endpoint. It will return 429 TooManyRequests no matter how many requests were sent. To my knowledge, this started occurring earlier today and has completely broken my group ownership verification bot which I use on Discord.
Expected Behavior
Error 429 should only be thrown when there really are too many requests from any external service. It should not be thrown otherwise.
Actual Behavior
Error 429 is thrown for seemingly any non-Roblox domain which makes a request from that endpoint.
Issue Area: Roblox Website Page URL:https://groups.roblox.com/v1/groups/ Impact: High Frequency: Constantly Date First Experienced: 2021-06-25 10:06:00 (-04:00) Date Last Experienced: 2021-06-25 16:06:00 (-04:00)
EDIT: This appears to only be affecting some external sites. My bot hosting provider appears to be one, as does rprxy. You can see that using this proxy to request data will return error 429. https://groups.rprxy.xyz/v1/groups/1
I’m not using the proxy, I’m using a hosting service for my bot which is throttled apparently as well. I linked the proxy to show what I’m seeing. All other endpoints are fine, it’s only that one endpoint.
I’m sending https://groups.roblox.com/ a request every 5 or so minutes with my bot, which does not use a proxy or anything. I am not seeing this issue on my end, could you clarify how many requests you are making to set this off? That might help identify the issue.
(I can also DM you the data for that if you want to look into it, I would have gotten a notification if it returned 429 or anything like that. Unless my system went down and my eyes which quickly went over the data missed something, I am not seeing this issue.
It’s usually no more than 10 requests an hour. I think that they’ve rate limited the entire provider I’m using otherwise it doesn’t make sense. All the other group API endpoints don’t return 429, it’s only /group/XXXX.
This actually started happening on Wednesday around 11 AM PST, and it appears that it’s just a very strict rate limit on any hosting IPs. I was experiencing about an hour ban from the endpoint on my server after a short amount of requests that have never been a problem in years and had to cache my data for longer to avoid these long bans and resume normal operations. This isn’t necessarily a bug because it was an intentional change by Roblox, they just don’t document any of this info anywhere or provide info in the response headers.