HttpService Custom Headers Are Now Live


This update consists of adding a Variant argument to the end of HttpService’s GetAsync and PostAsync methods. Users can now specify specific header keys and values when making Http get and post requests.

The format for headers is expected to be something like this:
local headers = {
[“Authorization”] = “MyAuthorizationCode”,
[“My-Custom-Http-Header”] = “sdoisfdlksdjkfd”,

One thing to note, if you’re using the Authorization header you should probably wrap it in a pcall just in case we need to suddenly turn this feature off. Http service will return an “Unauthorized” error in the case of authorization failure, which will definitely be the case if this feature is disabled.


Discord Integration: A guide on using Discord through Roblox [UPDATED]

Mayday mayday. We have achieved freedom.

This will allow some nice new stuff like uploading to pastebin (without using a proxy)

EDIT: I’ve mentioned one of the few things that don’t require headers… gg



I’m fairly sure you can already upload to pastebin from ROBLOX without needing custom headers.

1 Like


I don’t use HttpService often just because everything generally requires proxies, but this update sounds interesting. Would anyone mind posting lists of cool things I can do with this (that don’t require a proxy)?

1 Like


Time to make a Discord bot \o/



Discord uses websockets though, so not sure that will be possible entirely, at least not receiving chat events.



You’re right. All I’m looking to do is send messages, which I think is possible?



Should be able to, yep.



Yeah, most API stuff is just posting to some url with the right Authorization header and JSON body.
Although, some methods use PATCH/DELETE instead of POST/GET, so that’s a bit… annoying…
(although those are probably not the things you wanna do, except when deleting a previous message)



My use case is pretty neat though. (I currently do this with Slack which does not require headers)

Basically I send all errors for server & clients to myself so I can fix bugs in my game without even being in-game.



So a more direct google analytics?



If you do please let me know how, if you are willing.



Investigating now. Woo.



The test I ran to make sure it works was actually communicating with It used default values, because I didn’t want to write whatever SHA hash something conversion for authentication in Lua. If you ever get that working you should let me know. :wink:



Can anyone explain what this actually means? I’ve used httpservice with my database, but beyond what I had to learn with that, I don’t know about interacting with websites. What can headers do?



I’m interested in getting this working too, so I put together some stuff I found on the internet to get authentication working. Here is a model.

I got the test string working, so this should be able to get authentication in general working. This uses lockbox for HMAC and SHA2-256, and bit numberlua for the bit library.

Also, @Ozzypig since you’re probably interested as well.



Basically for website logins and apis, they use the Authorization header, so basically for an example, you could use some of Discord’s APIs using that header. so you could send messages or something to discord.

Another good example of what could be possible, is integration with twitch.



Thanks for the explanation, though Im not too sure what it means yet. Is this basically a way of sending data to specific parts of a page that you couldnt before, like filling in a username/password?

1 Like


Its similar to sending post data but not through a form. Think of them like parameters to a HTTP request where you can define any of them and not in any particular order.
For instance, some web requests use Authorization header with an authentication token to verify the sender and some use the Accept header to tell it the format to respond with, so sending “application/json” as the Accept header would request that data is sent back as JSON, even if the default is XML. But allowing for these headers to be used is purely up to the person hosting the server you request from.

If you want to know the current headers:

1 Like


Does the headers table allow for any header, or is there a restriction? If there isn’t a restriction, we should (in theory) be able to use X-HTTP-Method-Override to simulate requests which aren’t GET or POST.