My question is, is there ANY way to make a group ranking bot? I have to sift through 1000 members to ensure they have an accurate role. It’s impossible for a human.
I get an error 401, meaning it doesn’t have permissions, when I try to change the role of a user in the group using an API Key with group:write and group:read permissions. I believe Roblox doesn’t allow you to rank group members through API Keys no matter what. Since noblox.js doesn’t work with cookies anymore, I can’t think of any other reasonable way to do this.
I see other people acting like noblox.js is still a good option, even though it’s literally impossible to log in with your cookie after Roblox security updates. Following the exact procedure of an incognito window, the login is ALWAYS rejected when used in code- same device, same IP, same everything. noblox.js was nuked by Roblox. If you have a way of making it work oh please let me know.
This is very counterintuitive, but the API key needs to be owned by a user, not a group. Try the open cloud API again with the group:read and group.write scopes but instead on an API key owned by a user. Note that the user itself must have group permissions, so the group owner is a sound decision.
I tried using an API key on an account with ranking permissions, then tried using it on the group owner account. I gave both group read and write permissions and even tried removing IP restrictions and I’m still getting the unauthorized error status 401.
This is what my code looks like.
async function setRank(groupId, userId, rankId, apiKey) {
try {
const response = await axios.patch(
`https://groups.roblox.com/v1/groups/${groupId}/users/${userId}`,
{
roleId: rankId // Assign the correct rank ID
},
{
headers: {
'x-api-key': apiKey,
}
}
);
console.log(`Successfully set rank for user ${userId} to ${rankId}`);
} catch (error) {
console.error(`Error setting rank for user ${userId}:`, error.message);
}
}
Is “x-api-key” correct? I can’t seem to find confirmation for what exactly to put here. I did use AI to help me write this code.
Specifically, the error.message is “Request failed with status code 401”
Update: I updated my code to use groups v2 when setting rank. It’s still erroring with code 401, it says “Invalid API Key” even though it’s a valid API key. I have a window open right now to confirm.
The endpoint itself you use is wrong… You are trying to use the legacy version of the API while you might want to use the Cloud API. The legacy Group API only accepts cookie authentication. Read the documentation about the Cloud API of group member ranking here.
// Function to set a users rank
async function setRank(groupId, userId, rankId, apiKey) {
try {
let targetMembershipId = getUserMembershipId(groupId, userId, apiKey)
const response = await axios.patch(
`https://apis.roblox.com/cloud/v2/groups/${groupId}/memberships/${targetMembershipId}`,
{
role: `groups/${groupId}/roles/${rankId}` // The request body
},
{
headers: {
'Content-Type': 'application/json',
'x-api-key': apiKey
}
}
);
console.log(`Successfully set rank for user ${userId} to ${rankId}`);
} catch (error) {
console.error(`Error setting rank for user ${userId}:`, error.message);
}
}
Okay… Are you trying a group’s API key or a user API key? There is a specific limitation that would return a 401 error as seen below when using an API key generated within a group as seen below:
I’m just getting an error code: ERR_BAD_REQUEST
with the message: Request failed with status code 401
I have triple + triple + triple checked the API key and yes it is a user API key on the group owner’s account.
This error is happening when I try to get the user’s membership ID. I find it really annoying that Roblox invented membership IDs that you have to iterate through the entire role to find the matching player as the only method of setting their role. At this point I just want to pay someone to write the code for me but I don’t know anyone.
Correct me if I’m wrong, but isn’t getUserMembershipId an async function? From the function name, it looks like it requests all the memberships, which would most likely need await syntax for the request, so if you don’t await the response from that function, it will return a promise which you are then interpolating into the string.
I think this could be the issue despite the error code, since your error message is “bad request”, indicating the request itself is malformed. The error codes for bad request and unauthorized (400 and 401 respectively) are very similar, so I’m mainly going off the error message on this guess. Otherwise, make sure that the membership ID is definitely found; maybe log it to the output after that getUserMembershipId function.
//I used fetch here because it supports HTTP requests and I am unfamiliar with axios
async function setRank(groupId, userId, rankId, apiKey) {
try {
let membershipId = await getUserMembershipId(groupId, userId, apiKey);
console.log(membershipId || "Membership ID not found!");
let response = await fetch(`https://apis.roblox.com/cloud/v2/groups/${groupId}/memberships/${membershipId}`, {
method: "PATCH",
headers: {
"Content-Type": "application/json",
"x-api-key": apiKey
},
body: JSON.stringify({role: `groups/${groupId}/roles/${rankId}`})
});
if (!response.ok) {
console.log("Request failed with status code " + String(response.status));
}
} catch {
error => console.log(`Failed to update group role for ${userId}. Error message: ${error}`)
};
}
