"HTTP Status 429" to POST requests -- Roblox Audio IDs

Overview

We make an audio search tool that allows devs to search Roblox audio assets and compile asset lists/playlists for their experiences. See our Dev Forum post. This tool plays back Roblox audio files via POST requests.

Our tool displays Roblox audio in a waveform and allows devs to preview audio directly in the tool, so they can quickly search through results and compile their asset lists.

DevForumImage851×598 74.6 KB

As of Oct 10, 2024 around 6pm Pacific, something changed in the Roblox infrastructure which now blocks these requests – we are unable to display audio waveforms or preview audio any more. Our POST requests are now returning “HTTP Status 429”

Details

Previously, we were able to make POST requests to https://assetdelivery.roblox.com/v1/assets/batch from our AWS backend and it would return a list of objects with the asset location

As of current times, requests made to this endpoint are now returning HTTP Status 429 even when we make a single request, with this error:

{
    "errors": [
        {
            "code": 0,
            "message": "Too many requests"
        }
    ]
}

Why does a single request now qualify as Too many requests?

Expected behavior

Ideally, Roblox would go back to how it worked before and serve the POST request without error.

If that’s not possible, we would love guidance on how to re-work our code to re-enable the functionality in our site.

A private message is associated with this bug report

if youre hosting this on some sort of VPS on AWS, any other requests coming through the same ip address would count towards the ratelimit

normally you would be using a whole bunch of IPs for this, but with a VPS, you dont really got a choice

try running the code on your own network where theres less requests and see if that works

Thanks @Exozorcus – we tried that.

Unfortunately it looks like this has been blocked at the source regardless of the request origin. We tried not only a different source IP / machine, but also asked other developers to test it in alternate locations and it seems to be global.

Apologies on this. Due to some abusive traffic on this API, we had to restrict access to all unauthenticated requests. We’ve re-enabled unauthenticated traffic now (though it is rate limited, so you may still get some 429s if you send a lot of requests).

Another option is to send authenticated requests. Please note that you will need to be extra careful with the credentials you use to authenticate. If they leak your account could be compromised. In the future we are looking into requiring authentication for these endpoints.

Thanks,
ComplexLint

Thank you so much for re-enabling access @complexlint!

We are mindful of API abuse and only allow playing one track at a time, and we also throttle the search to avoid too many requests.

In terms of supporting authenticated requests in the future

1. Our app can only be accessed by the official Roblox OAuth 2.0 login
2. We would love if the asset delivery endpoint supported a way to authenticate the requests that way — or through an API Key — so that we could do things properly.

Please keep us informed if things change and we are more than happy to explore early access to this with you!

Your tool violates Roblox’s Terms of Use (Music on Roblox point a.v).

https://en.help.roblox.com/hc/en-us/articles/115004647846-Roblox-Terms-of-Use

Use on the Services. Creator may only use Licensed Music on the Services. Creator agrees that it will not export, extract, download, or provide a way for anyone else to export, extract, or download the Licensed Music for use anywhere outside of the Services.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.