How to use the Roblox web apI?


So I would like to start to use the Roblox api more (endpoints) but not that sure how to use it. I know how to use the Get requests and have already done this but I am now looking into the post. I am mainly confused about how to authenticate/log into an account so that it then can have permission to do some get requests (e.g rank).

I have looked around a ton to see if I can get any assistance on it which I kind of have with where you need a cookie and a X-CSRF-Token but I am confused about how you use them and then how you implmet them into a get request like the post on group wall api.

(I am using JS by the way)


I’m not experienced with using the Web API. The only thing I’ve ever created with it was a music player that could get music Id’s from the library in-game, and that was back when I was still new to developing. I didn’t even know about disconnecting events when I created it, so it eventually caused a lot of lag.

That was the only time I messed with it though, so as to further cement my point about my lack of knowledge towards the subject. However, a quick google search and a search in the #resources:community-tutorials category have yielded two results that I believe you may find useful.


If you’re using Javascript, I wouldn’t use raw requests for ranking unless you know what you’re doing. The process of obtaining an X-CSRF-Token, for example, is a complex concept that may be confusing for anyone just beginning the process of learning REST APIs.

A great library for the Roblox API in JS is probably noblox.js, and if you’d like support/any more questions with implementation, there’s a Roblox API Discord Server that could answer your questions in the #api or #nodejs_noblox channel. I’ve found that the server is a great resource myself.

Hope this was helpful.

You just make a request to an API that requires an XCSRF token and it will error and return one in the headers? I don’t see how it is complex.

OP said that they are only experienced with GET requests, so the process of POSTing to a ranking endpoint with a X-CSRF-Token in the headers may be confusing.

Also never stated said they were obligated to use my solution either, (like everything here) it was just a suggestion.

Thanks to anyone above! Just an update after speaking to some people I have learnt and understand now how you can use it (adding the cookie and then the X-CSRF-Token in the headder and stuff.

I do understand post requests I was just getting a little confused with using the Roblox api but is seems quite simple now.

1 Like