I’d imagine this wasn’t officially announced as its sort of an account security change as this makes cookie logging near impossible which is awesome, but… they just kinda threw web devs, ranking bots, among other devs uner the bus… Ah roblox…
tldr; EPIC DUB for account security against cookie logging, sucks for web devs.
Don’t worry, I won’t get hacked. Anyways that account is an alt / bot account so it doesn’t matter. It has extra security just in case it does get hacked. So don’t worry about the Cookie being exposed.
I think this is in purpose, it’s a method to secure the platform and accounts, making sure none of their changes effect a big and long-standing community.
I agree with this, making this change optional would have the maximum benefit to everyone.
You folks should file feature requests in #feature-requests:website-features to have more endpoints added to Open Cloud.
It’s always been a hack to use cookie for external tooling. Cookies are for user authentication. Treat it as the hack that it is if you choose to continue working this way.
Yep, it also broke my bots. Thanks to Roblox now my services died.
It may be an A/B test because I don’t see an issue but other users do. So maybe it was only rolled out to certain users?
It looks like Roblox is enrolling this feature to more & more users. Whereas we had about 65% successful requests 2 days ago, it’s only 50% today.
I’m afraid there’ll be no other option than using captcha solving services. 
I would if I could. My game’s completely non-functional because I cannot use the Ranking bot.
Sadly most people, such as myself, can’t create feature requests because they’re not regulars which as far as I know is not possible to get anymore hence feature requests like this tend to lose traction.
This isn’t acceptable.
It is trivial to add an option to opt-out of authentication changes like this or the other recent authentication flow change. I can’t post in Feature Requests, but even if I could adding an Open Cloud API could take months, and even if added wouldn’t cover complex use cases like automated testing that would take even longer to develop. Feature velocity is slow on Roblox.
This change—even as an A/B test—is great, but there was a responsible way to make it, and that didn’t happen. Roblox chose not to prioritize work on better developer authentication for years, please don’t suggest that people complaining are being unreasonable.
Not suggesting anything of the sort. It’s understandable people try to find solutions where none exist.
All I’m trying to say is that if people continue to use cookies for authentication for external tooling, you’ll have to be prepared to jump through hoops because this is not an official way to communicate with the API. Cookies are intended for authenticating user devices.
Not sure if this is related, but instead of invalidating my cookie, when I use a VPN, no images load. Not thumbnails, friends, icons, etc. Games work just fine, though.
Could I be in another testing group where it doesn’t invalidate your cookie but blocks your requests?
I don’t have that feature. I live in France and it seems that they removed it just now.
It looks like Roblox has rolled this back, can anyone else confirm?
A lot of developers rely on these APIs to run their groups. If Roblox doesn’t want us to perform actions this way, they should provide a way for us to securely authenticate [like OAuth2] and perform actions.
In case you missed it:
No images load for me when on VPN as well.
Negative, I still seem to have issues.
Currently in the UK.
This is still working for me as of now. It was broken as of the other day, and I can confirm ReAdmins error rates are going down for new-logins.
