however I dont truly see any other way of it being used
IPs are too sloppy, a lot of time they’re shared which could lead to other people being wrongfully banned, and HWID’s are spoofable, and could also be bypassed by just… using a different device, I wish they revealed some documentation on this because its an interesting implementation if it actually works reliably
1 Like
I just hopped in game, opened the server console and used this (dont forget to replace userid):
game:GetService("Players"):BanAsync({UserIds = {248428063}, Duration = 300, DisplayReason = "Im testing lol", PrivateReason = "Testing2"})
2 Likes
Best thing Roblox has done all year hands down this will help so many experiences with exploiter issues.
1 Like
How did you get it to work? Just logged into your alt?
Yeah, I’m logged into a different account on Windows App version of roblox so I just opened that and then played the game and it detected me.
1 Like
That obviously won’t be how it works, surely it’ll be at least partly based on IP and hardware.
Anyway, amazing update. This has been much needed for a long time.
1 Like
You are probably right in your assumption that they probably use cookies. They have a BrowserID cookie (if I remember correctly), and people that use VPNs or public connections would be screwed over if they used IP addresses.
It’s easy to clear cookies, but I’d rather bad actors who are too unwise to clear their cookies stay banned than having to deal with appeals from innocent players who happened to share the same IP address as a bad actor.
I actually believe that might be how it works in some form, I got banned recently for a day on an alt (dont ask) and I closed roblox before logging out, then when i tried to boot up with my main I ran into an error message, it was only until I cleared my cache i was able to play again.
Bug or leaked new feature, call it.
1 Like
No, they especially use cookies to detect it. If a cookie that belongs to another account has been used before on the same browser, they mark it using PlayerHydrationService.
I concur, its probably best to take out the 50-70% of people who don’t know what the hell a cookie is outside of a chocolate chip one than to fire blindly at offending IP’s and take out random non-offenders because IP’s are usually shared
however, we won’t know until someone reverse engineers it, which I hope is soon because I yearn to find out how in the hell this system works
1 Like
I was wondering when I will see something of my interest… And finally, I saw it today. Thank you! 
Let’s just hope exploiters don’t find a way to ruin the game by using this feature to their advantage too soon.
Been wishing for a API like this for years now! Glad it’s finally added, this was a long time coming.
For future updates, it would be super cool to see it expand where developers can make custom functions on what happens to the banned players instead of just not letting them join. For example, teleporting them to a completely different place or making it so they can only spectate.
i could imagine policyservice being used to determine if the user can see external links or not
but as for people under 13, theyre just going to have to cry 
(unless you have other means of doing so)
This is ABSOLUTELY amazing, just wondering if someone on my internet gets banned lets say my brother, would that ban my account if its a different email but same network?
It’s a very specific cookie that you have to clean, otherwise, it will automatically get marked as an alt. I don’t think it’s the BrowserID cookie though.
I tried logging into a different account on my browser and didn’t get banned so not sure if that’s how they’re doing it
is the opencloud api broken or not working?
i get this very, helpful and informative error when doing any request to PATCH /cloud/v2/universes/{universe}/user-restrictions/{user-restriction}
{ errors: [ { message: '', code: 0 } ] }
and trying to do GET /user-restrictions:listLogs, it returns
{
code: 'INVALID_ARGUMENT',
message: 'Failed to parse resource path and its identifiers - universes/4570608156/user-restrictions/user-restrictions:listLogs.'
}
const url = `https://apis.roblox.com/cloud/v2/universes/4570608156/user-restrictions/user-restrictions:listLogs?maxPageSize=10?filter="user == 'user/355661302'"`
try {
const response = await axios.get(url, {
headers: {
"Content-Type": "application/json",
"x-api-key": process.env.BAN_API_KEY
}
})
console.log(response.data)
const user_id = parseInt(key.split("_")[1])
const url = `https://apis.roblox.com/cloud/v2/universes/4570608156/user-restrictions/${user_id}/`
const body = {
gameJoinRestriction: {
active: true,
duration: true_duration,
privateReason: "Internal ban reasons are managed by Irity",
displayReason: reason,
excludeAltAccounts: false,
}
}
try {
const response = await axios.patch(url, body, {
headers: {
"Content-Type": "application/json",
"x-api-key": process.env.BAN_API_KEY
}
})
if (response.status === 200) {
return true
} else {
return false
}
} catch (error) {
console.error(error.response.data)
return false
}
2 Likes
It’s still not too late to rename BanConfigType to BanConfiguration or BanConfig.
3 Likes
Does anyone know if the alt account detection would apply to a household with like 4 family members playing roblox, and one of them gets banned, but the other 3 are innocent, would the rest of the accounts get banned, or does the alt account detection know they are regular accounts?
2 Likes