Points Auto Rank | How-to


Hey there! My name’s Patrick and this tutorial will be about setting up Points Auto Rank.
While following this tutorial, you will learn how to setup the API and the in-game script for ranking up!

In this guide, I will be using some text & images from CAP7A1N’s tutorial on How to Create a Rank Management System using Glitch since he did a great job explaining how to setup the API.

Part 1: Setting up a Glitch Project.

In this tutorial, we will be using Glitch to setup an API to host the points auto-rank. You are free to use any other service you feel comfortable using, for anyone looking to self host, you can just fork the project.

First off, create a glitch account!

You should head here: http://glitch.com/ and signup.


Image from: How to Create a Rank Management System using Glitch

Once signed in, go to: Glitch.com/edit/#!/remix/rank-api-code
This will clone a template set up with noblox.js for you. (Alternatively, you can create a ‘hello-express’ site and add each file in yourself.)
Once loading is complete, your page should look like the following:

Text & Images from: How to Create a Rank Management System using Glitch

Your site name is in the top left of the screen. In the picture above, the site name is ‘this-is-your-site-name’. The link for your site will be the name followed by ‘.glitch.me’. This site would be ‘this-is-your-site-name.glitch.me ’ (:arrow_left: No idea where that goes… probably best not to click it.)

Click on the site name, and a drop down will appear. Click on the box just left of the lock to make your project private.

The only file you will need to ever edit is config.json’, so open that file by clicking on it.
The inside of the file should look like this:

The three components to this file are as follows:

  1. Cookie - This is the account identifier for your bot account, and the API uses this to log in and rank.
  2. Key - This is the sites security. I suggest using a trusted random character generator (or spamming on your keyboard) but do not make this something easy to guess!
  3. Max Rank - This is the maximum rank that your site can rank. Meaning if the maximumRank = 50 and someone tries to rank to 100 it will return an error.

Some of this is briefly explained in ‘README.md’.

Before we continue, you should create a key. As said before, this should be random characters and not a basic string. For the purpose of this tutorial, I will use ‘THISWOULDBEYOURRANDOMKEYTHATYOUCREATEDEARLIERINTHETUTORIAL’, although for a real system this would fall right into the category of being a basic string. I suggest using a trusted random character generator.

Insert your key inside the quotations on the right of “auth_key”, like the example below.

Next we are going to set up the code inside ROBLOX Studio, and will come back to this later.

Part 2: Setting up the Lua project.

First, grab this model:

Rank On Points Model

Then place the script named “Script” into ServerScriptService

It should look something like this.


Next off, open the Configs script, it should ask for the URL and auth key and look something like this:

Please leave the “/” there as it’s VITAL for this to work.

Input your URL, mine is: https://befitting-heavenly-iguanodon.glitch.me and your’s may be different.

Then, input your auth key you setup before on Glitch:

Paste that here:


Now onto configuring ranks + the target point values

Open the main script named "Script"
Everything here should be somewhat self explanatory.

local CURRENCY = Whatever you are using as “points” or maybe “worker points”, “cash”, etc. Whatever you want to use, you put it in here.

local GROUPID = Your group’s ID

local MINIMUMRANK = The minimum rank you would want to have it listen for. For example, if trainees can earn points, put that rank id here.

Every number underlined with red is the target points value. Once they reach that amount, they are ranked to the number that’s underlined with the blue pen.

After that, turn on HTTP requests and head back to Glitch.

Image provided by rogchamp’s answer to a question.

Text under here is from CAP7A1N’s guide on How to Create a Rank Management System using Glitch

Part 3: The Cookie

Almost there!

ROBLOX currently uses a Security Cookie to log in (via API or non-human). This cookie allows the rank API to log in, and change a users rank.

Since you can log in with this, please use a bot account , or an account with NOTHING of value.

Create a bot account and join the group that this system will be used in. Make sure that the bot account
has ranking permissions.


As I said before, the cookie can be used to log in to an account on ROBLOX.
Just how this system uses the ranking API, someone can use the cookie for any other API there is on ROBLOX. Anything on this page can be used with a cookie.

By using a bot account, you won’t be affected if your site is somehow hacked. (Except for the extremely minor inconvenience that you will need to create a new account.

With this being said, the cookie expires every so often, and ROBLOX generators a new one. You will either need to set up an automated cookie retrieval system, or update the cookie manually.

How do you know if your cookie has expired?

Please note that this will only work after you have set up your site completely.

Visit your glitch site, and check if the following appears:
{“error”:“Server configuration error: You are not logged in.”}
If this error appears, then your cookie has expired. To update your cookie, repeat Part 3 and paste your cookie in the correct place in your site.

To get the cookie, first log into ROBLOX with your bot account.

For the next step, you will need to be on a browser that supports Inspect Element. (Most do, although in some you will need to enable it in settings.) Default browsers like Chrome, Safari, and Edge all have this feature.

Open Inspect Element by using CTRL + SHIFT + I (CTRL is CMD on Mac) or by right clicking in a blank area and clicking ‘Inspect’ or ‘Inspect Element’ (each browser is different).

A section of your page should now be taken up by this new window:

Locate the top bar, which consists of ‘Elements’, ‘Console’, ‘Sources’, etc., and find the ‘Application’ tab.
(I have a large screen so it is visible but you may need to click the 2 arrows on the right of the right most tab for a drop down to appear with ‘Application’ in it.

Your application screen look something like this:

As long as you see the word ‘Cookies’ under ‘Cache’, you are on the right page.

Click on the ‘https://www.roblox.com ’ tab (you may need to click the drop down arrow left of ‘Cookies’) and your next screen should have something roughly like this on it:

If it is not already, open your Glitch site to ‘settings.json’.

The cookie is the Value of ‘.ROBLOSECUTIRY’, located 3rd on my screen although it may be different for you. Copy this value.

In your site, clear anything in the quotations after cookie and paste the copied cookie.

Your site should look like this, but with your own values:

Once that is set up, visit your site in your browser. (your site name + .glitch.me)

Your site should look like the following:

Good job! You’ve successfully setup everything and you should be ready to go!

If you have any issues or need help, DM me here: Twitter