I am new to APIs on Roblox, and, just for fun, wanted to use the Groups Api to make the text of a surface gui change to the text in the group wall post when the post is sent. Can someone please walk me through this? Do I need to use something like glitch.me to get it to work? I’m not very familiar with how Api’s work.
If you have any questions, please don’t hesitate to put it in the comments section!
Thanks!
-ForegoingTyler12943
You will need to send a HTTP request to that api with some info(such as cookies, and some other stuff), and then stuff will happen. Though for the wall post API, you do need a captcha token, so I don’t think that is possible.
And for your other question, you don’t necessarily need glitch.me for it to work. You can make a python or a javascript code to get it to work, glitch.me is used for hosting, so if you want it to make requests while you don’t have the app/code piece open, you will use glitch.
1 Like
Okay, but what would I use the cookie of? Would I get a cookie of a Roblox bot account, or something else?
You will need a cookie(more specifically a .ROBLOSECURITY) of the bot account.
1 Like
Okay, I got it. What do I do next?
Now, you will need to send a http request. I recommend using Python & the requests module for sending a http request. For example, the python snippet below sends an http request to a group ally web api.
(I haven’t tested this and made it pretty quick so it might not work lol)
import requests
cookie = ''
xsrf = ''
url = 'https://groups.roblox.com/v1/groups/%s/relationships/allies/%s'
authurl = 'https://auth.roblox.com/v2/logout'
groupId = 1337
toAlly = 666
userAgent = 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.111 Safari/537.36'
def getXsrf():
xsrfRequest = requests.post(authurl, headers={
'User-Agent': userAgent
}, cookies={
'.ROBLOSECURITY': cookie
})
if xsrfRequest.headers['x-csrf-token']:
return xsrfRequest.headers['x-csrf-token']
else:
return ''
xsrf = getXsrf()
mainRequest = requests.post(url % (groupId, toAlly), headers={
'User-Agent': userAgent,
'x-csrf-token': xsrf
}, cookies={
'.ROBLOSECURITY': cookie
})
print(mainRequest, mainRequest.json(), mainRequest.reason)
3 Likes
Wait so… what is an xsrf? Is it something I’d get from the hosting website?
Edit: Also it gives a red underline under def in def getXsrf() I don’t know what that’s about
Using this API doesn’t need a roblox account to be authenticated on the device – if you send a HTTP GET request to the API endpoint, you can get the posts regardless of whether or not a user is authenticated on the device, but with this API endpoint specifically, if you aren’t logged in, you’ll be considered as a “guest” in the group and if the group has opted for guests not to see the group wall, then the endpoint will return an error.
Of course, with sending HTTP requests to roblox domain (anything with roblox.com in the URL), you’ll be given a “Trust check failed” error because you can’t send requests to their domain from studio nor the roblox client; however, there is a proxy server made to communicate with roblox API: https://rprxy.xyz. Basically, you just replace “roblox.com” with “rprxyx.xyz” for any API, so if you were to get the posts, you’d do:
local groupId = -- id here
local url = "https://groups.rprxy.xyz/v2/groups/%d/wall/posts?sortOrder=Asc&limit=10"
local result = HTTPService:RequestAsync(
{
Url = url:format(groupId),
Method = "GET"
}
)
result = HTTPService:JSONDecode(result.Body)
local post = result.data[1]
local content = post.poster.user.username .. ":" .. post.body -- gets the poster and content of the first message in the group wall
However, some APIs need you to be logged in, where you get the bot account’s .ROBLOSECURITY cookie. There are some libraries for different programming languages that you can use to login in with a cookie and access API, or @IronRobotStudios proposal can be used if you want to go about it your own way
2 Likes
A XSRF token is basically a token you need to give, and AFAIK, is used to protect from xsrf/csrf attacks. You get it from the log out request made, which doesn’t actually log you out since there was no csrf/xsrf token.
Also, that is a python script, not a lua script. You can’t make http requests to roblox in the roblox client, but you can use a proxy, which is what @Rare_tendo suggested,
1 Like
Okay, I’ll try this script that you sent!
Wait…
Can you please tell me what this line of code does? Do I make the value “content” the textlabel?
I’m sorry I’m new to this sort of stuff
As I’ve said in a comment, this code attempts to get the first message posted in the group wall. Sending a request to this endpoint will return JSON code like this:
Decoding this from JSON to a Lua table, you’ll have (only a portion of the response):
local Table = {
data = {
{
id = 2183301077,
poster = {
user = {
buildersClubMembershipType = "None",
userId = 1503601679,
username = "ShadowLord71298",
displayName = "ShadowLord71298"
}
};
body = "It was my favorite game";
}
};
}
It’s quite similar, yeah?
The content variable just contains the poster’s username and the post’s body separated by a colon. You can set a TextLabel’s Text to content for it to appear
2 Likes
Okay, thanks! I think I’ve got it from here! Thanks for the help, @Rare_tendo and @IronRobotStudios!