Introducing the Ban API and Alt Account Detection

oh my god this is HUGE!
i’ve been looking into workarounds for alt detection systems, better banning, etc. but this facilitates the process so much.
thank you for finally adding this much-needed api

I wonder how that would fare against data and privacy regulations.

Update is great to see, but I’m beyond disappointed with the botched OpenCloud implementation & documentation.

To start with my complaints for the documentation:

• startTime & inherited are shown as “Output Only”, despite that in the “Update User Restriction” call example it is shown that they are included in the request. So, are they included, or are they not?
• The idempotencyKey is shown in the “Update User Restriction” call, but no example is actually provided to explain where/how to generate these values. It shouldn’t require additional research on Google to attempt to guess what these values are.
• Zero real explanation of the path field, calling it a “resource path” does not mean anything, nor explain why you’re allegedly able to update it in the “Update User Restriction” call given it’s marked as Output Only – I suppose that it can be used to change a ban from universe to place or vice versa, but why not explain this?
• What actually is the user-restriction field? Is it a user ID? The comment states it’s a “user-restriction ID”, doesn’t tell you much does it…
• Are the query parameters for the “Update User Restriction” optional? If they are, this should be marked as such, and if they’re not optional, that should be changed!

For my complaints with the implementation:

• Apparently somehow missing a create user restriction call…
• How did anybody think it reasonable that you cannot actually create a ban via the API, or is it instead the case that PATCH is somehow capable of this?
• The server consistently returns 500 internal server error on that patch call instead of actually providing you a human readable explanation for how your input is malformed. If you’ve got a public facing API, it needs to validate the inputs & inform the user of the API where they are going wrong, not just leave them guessing
• Why is the user referred to as “users/156” rather than just returning their user ID?

OpenCloud ought not to be treated as an afterthought that is fine to have missing features. Frustrating.

This functionality is really useful, but I have a question, is there a way to clear the history of player bans? In some cases, this may be necessary, for example, if you have tested a ban system when your game is private and want to clear your ban history or perhaps the tester’s bans history

Also I’ve noticed that this link gives an error 404, but it is used on official documentation: “This API uses the User Restrictions Open Cloud API. You will be able to utilize these APIs to manage your bans in third party applications.”

Can you fix it, please?

This seems like a really good update but I have some questions:

1. How are we supposed to manage ban appeals? Does this mean we can have a link off site to our own appeals system like on Discord?

2. Can banned accounts and alt banned accounts still engage with the experience? Such as downvoting it, purchasing from the store, etc.?

3. “Suspected alt accounts” leaves the idea that there is room for error. Will we know these accounts and why they were banned in case there is an issue with a false ban?

I mean it leaves some questions but overall I’m pretty happy about it.

Let us send alt accounts another ban reason!

How to use :GetBanHistoryAsync()? In studio it sends a HTTP 403 error and if you use it in a game in dev console it doesn’t tell you anything about the ban

roblox finally makes a W update??

Found out some interesting things about the new Ban API for those who care… I haven’t looked over the entire thread, so I might repeat information that’s already stated.

1. BanAsync and UnbanAsync cannot be used at all while in studios. Attempting to do so will throw errors/messages. First one is when trying to run it through command bar and second is when running it via a script.
   
   
2. When a player is banned from the game and attempts to join. Roblox flat-out rejects the player from making contact with the game itself. This prevents PlayerAdded() from being fired, and the game will not make a new server at all! It leads me to believe the order Roblox does this is Player attempts to join game → Checks for ban → Allows to join/create a server if no ban is present.
3. When you use BanAsync, it will attempt to kick a player from every server before implementing the ban. This is nice so you don’t have to be in the same server as the target for this to work. This was only tested using public and reserve servers, but I have no doubts it also works for private servers.
4. You can unsoftlock yourself if you ban yourself by making an unban script, publishing it to the place, and then having an (unbanned) friend join the server. This is more so for those who don’t want to use OpenCloud.
5. Ban History cannot be cleared or manipulated since there is no way for developers to write/save to the Ban History besides banning someone.

It isn’t.
I just love to post notes in my scripts

I’m assuming you also didn’t read the documentation.
It’s Players:BanAsync.

This alt detection is so easy to bypass, you just need to change your pc MAC address. And it barely even works, I don’t even get alt banned anymore. I’ve made a testing game btw Testing Alt Ban Api - Roblox

YOOO LETS GO! This API is out! Can not wait to use it and will definitely be very helpful to use in certain conditions. W Roblox.

W update. I expect abusers to calm down once they see their alts are no longer viable.

Ok so hear me out.
I’m not 100% sure if anyone else has issues with dislikebotting but if I ban somebody’s main account from my experience will they also be prevented from rating the experience?
I’m out of options because Roblox support tells me they can’t remove dislikes.

This is nice and should’ve been added about 14 years ago but why is it that Roblox is getting so involved in the ban reason?

Having a sibling misbehaving while playing one of your favorite Roblox Experiences isn’t going to end well, right? I don’t believe Roblox will be able to tell the difference between an alt and another family member’s account.

I feel that developers shouldn’t be allowed to permanently ban people and their “alts” from their experiences, due to false positives on which are alts and which are just another family member’s account. I know the FAQ says that the system is currently set up to minimize false positives. “Minimize” still means false positives, and it’s understandable that there will be false positives since it’s all guesswork.

I know it’s possible to contact the developers of that Experience if your account has been falsely accused of being an alt and then getting banned, but the developers can’t feasibly check if that person is a liar or if their account really has been falsely accused of being an alt. Maybe I’m just missing something obvious?

But, even if there was a cap on the length of time that a player and their alts can get banned for (which is the situation I’d want, if it wasn’t for a major workaround), then the programmers could still get around this by setting up code to temporarily ban that player and their alts again. It would work like this: Once the ban is over, the alts would be able to play again, but if the originally banned player shows up again, the code could automatically ban that player and their alts again. The code will be able to do this if it is set up to save information to a Datastore that signifies that the player got banned in the first place (or just check their ban history), and when that player joins again, the code will check that Datastore and automatically reinstate the temporary ban again, resulting in the original player and the assumed alts being temporarily banned again.

TLDR: I’m not really sure how to feel about the combination of permanent bans and alt banning due to the false positives that are going to happen. I definitely understand the use case for people who just make an alt account to avoid a ban they’ve gotten, but I’m scared of the bans that the “alts” that are actually just a sibling’s account will get, and how hard it’s going to be for the developers to tell these two situations apart when they appeal their ban.

I have waited sooo long for this

Accha hua, Roblox

We are so back!!

Ik we won’t get any response to this but how exactly does this work? can’t someone just spoof or use a VPN?

How will this work? Will there be a way for use to add a link to a google forum or smth? I feel like there aren’t a lot of good ways to do this

(Just want to add that I love that Roblox took our privacy into consideration)

Good.

Will there be a way to disable this feature for an experience? This could allow abuse from backdoors or team create developers abusing the API to ban other developers/owner.