Groups WebAPI Returning 429 Too Many Requests

Cuyler · June 25, 2021, 8:03pm

Reproduction Steps
From an external service, perform a GET request to the https://groups.roblox.com/v1/groups/GROUP_ID endpoint. It will return 429 TooManyRequests no matter how many requests were sent. To my knowledge, this started occurring earlier today and has completely broken my group ownership verification bot which I use on Discord.

Expected Behavior
Error 429 should only be thrown when there really are too many requests from any external service. It should not be thrown otherwise.

Actual Behavior
Error 429 is thrown for seemingly any non-Roblox domain which makes a request from that endpoint.

Issue Area: Roblox Website
Page URL: https://groups.roblox.com/v1/groups/
Impact: High
Frequency: Constantly
Date First Experienced: 2021-06-25 10:06:00 (-04:00)
Date Last Experienced: 2021-06-25 16:06:00 (-04:00)

EDIT: This appears to only be affecting some external sites. My bot hosting provider appears to be one, as does rprxy. You can see that using this proxy to request data will return error 429.
https://groups.rprxy.xyz/v1/groups/1

R0bl0x10501050 · June 25, 2021, 9:32pm

I was able to retrieve the group info for group id 1 without a problem using that endpoint.

Cuyler · June 25, 2021, 9:34pm

It does not work with proxies nor does it work with direct requests from the provider which my bot is hosted from.

See:
https://groups.rprxy.xyz/v1/groups/1

Cuyler · June 25, 2021, 10:50pm

I’m not using the proxy, I’m using a hosting service for my bot which is throttled apparently as well. I linked the proxy to show what I’m seeing. All other endpoints are fine, it’s only that one endpoint.

FxllenCode · June 25, 2021, 11:28pm

I’m sending https://groups.roblox.com/ a request every 5 or so minutes with my bot, which does not use a proxy or anything. I am not seeing this issue on my end, could you clarify how many requests you are making to set this off? That might help identify the issue.

(I can also DM you the data for that if you want to look into it, I would have gotten a notification if it returned 429 or anything like that. Unless my system went down and my eyes which quickly went over the data missed something, I am not seeing this issue.

Cuyler · June 26, 2021, 12:06am

It’s usually no more than 10 requests an hour. I think that they’ve rate limited the entire provider I’m using otherwise it doesn’t make sense. All the other group API endpoints don’t return 429, it’s only /group/XXXX.

FxllenCode · June 26, 2021, 12:08am

Ah, that’s likely it in this case. I’m sending a request to https://groups.roblox.com/v1/configuration/metadata. I’ll switch endpoints for a few and see what happens.

popeeyy · June 26, 2021, 12:20am

This actually started happening on Wednesday around 11 AM PST, and it appears that it’s just a very strict rate limit on any hosting IPs. I was experiencing about an hour ban from the endpoint on my server after a short amount of requests that have never been a problem in years and had to cache my data for longer to avoid these long bans and resume normal operations. This isn’t necessarily a bug because it was an intentional change by Roblox, they just don’t document any of this info anywhere or provide info in the response headers.