Need help with

*this is my first post, so sorry if something is wrong

for some time I’ve been trying to use to “get past the captcha” (not literally) and use the api but it just doesn’t seem to work

the main issue I’m facing is that I keep getting this response {“statusCode”:403,“statusText”:“Forbidden”,“errors”:[{“code”:1,“message”:“an internal error occurred”}]}
even though everything should theoretically work.

this is how I currently do it:

  • get the xcsrf token from the login api
  • get the captcha metadata from the second login api request
  • get the token from the captcha after solving it
  • Next I try to use the continue api
  • lastly, (this isn’t fully made yet due to the continue api issue I’ve ran into) use the login api and log into my account (if I try using it right now without continuing it says something about the captcha).

snippet of the continue api code

# this is just a snippet so the headers were set before this
payload = {
    # req is another request which holds the captcha metadata with the ids for everything
    "challengeId": req.headers.get("Rblx-Challenge-Id"),
    # data is from the other request as well which holds the unifiedCaptchaId value
    "challengeMetadata": f"{{\"unifiedCaptchaId\":\"{data["unifiedCaptchaId"]}\",\"captchaToken\":\"{Token}\",\"actionType\":\"Login\"}}",
    "challengeType": "captcha"
req =
    url="", json=payload

print(req.status_code, req.text)
# 403 {"statusCode":403,"statusText":"Forbidden","errors":[{"code":1,"message":"an internal error occurred"}]}

I’m trying to do it this way because of what I got while sniffing http requests from /login

any help / support at all would be really appreciated, thanks in advance
also sorry if I am wrong about how this works and it is intended to be used in another way

The entire point of a capture is to stop people from doing this otherwise you could mass create accounts which could then be used to bot. They probably generate a unique string whenever they request a captcha and then it also sends a load of info about your devices and stuff

this isn’t bypassing captcha, it is me solving a captcha and then using the solved captcha token to use an api once (but I can’t figure out how to with roblox)

I’m not sure what this is about, but you don’t need to use the login API to access your account.

Read the Open Cloud documentation.