How to use the Roblox web apI?


So I would like to start to use the Roblox api more (endpoints) but not that sure how to use it. I know how to use the Get requests and have already done this but I am now looking into the post. I am mainly confused about how to authenticate/log into an account so that it then can have permission to do some get requests (e.g rank).

I have looked around a ton to see if I can get any assistance on it which I kind of have with where you need a cookie and a X-CSRF-Token but I am confused about how you use them and then how you implmet them into a get request like the post on group wall api.

(I am using JS by the way)

1 Like

I’m not experienced with using the Web API. The only thing I’ve ever created with it was a music player that could get music Id’s from the library in-game, and that was back when I was still new to developing. I didn’t even know about disconnecting events when I created it, so it eventually caused a lot of lag.

That was the only time I messed with it though, so as to further cement my point about my lack of knowledge towards the subject. However, a quick google search and a search in the #resources:community-tutorials category have yielded two results that I believe you may find useful.


If you’re using Javascript, I wouldn’t use raw requests for ranking unless you know what you’re doing. The process of obtaining an X-CSRF-Token, for example, is a complex concept that may be confusing for anyone just beginning the process of learning REST APIs.

A great library for the Roblox API in JS is probably noblox.js, and if you’d like support/any more questions with implementation, there’s a Roblox API Discord Server that could answer your questions in the #api or #nodejs_noblox channel. I’ve found that the server is a great resource myself.

Hope this was helpful.

You just make a request to an API that requires an XCSRF token and it will error and return one in the headers? I don’t see how it is complex.

OP said that they are only experienced with GET requests, so the process of POSTing to a ranking endpoint with a X-CSRF-Token in the headers may be confusing.

Also never stated said they were obligated to use my solution either, (like everything here) it was just a suggestion.

Thanks to anyone above! Just an update after speaking to some people I have learnt and understand now how you can use it (adding the cookie and then the X-CSRF-Token in the headder and stuff.

I do understand post requests I was just getting a little confused with using the Roblox api but is seems quite simple now.

1 Like