RbxProxy - Use Roblox's web API easily in game (group bots, etc)

I do not but I can probably make it tonight. What’s your use for it?

Reading source code and forking



Added an official GitHub page.

1 Like

This works really well and is super underrated. Considering Hyra, the platform that also provided this service and more recently went down, this is a great alternative to it.

1 Like

What happened to Hyra? I’ve heard about it before but did not know it went down until now.

Do you have Discord? I’ll DM you.

Why does this proxy not work when I use game.Players.PlayerAdded:Connect(function()? I used the code below, when I tried just using client.group:rank(UserID, GroupID, 2):andThen(function(), it worked. After I changed it to the code provided below, it wouldn’t work.


	client.group:rank(plr.UserId, GroupID, 2):andThen(function(response)

How’d you set up the proxy itself? PM me?

I created the proxy on Glitch by following the steps provided in this post. Then I copied the live URL and pasted it into the proxy variable.

What are you talking about? The cookie is never even placed in the code on the server?


Nvm, sorry. I was thinking it was in the code.

Glitch and Replit both hide environment variables. Besides, the client token is decided based on the connection made from the Roblox side. That means the only place the token is available is in memory, nowhere else. Not even environment variables.


I have removed this post, Sorry about that.

1 Like

Does onShout grab the current group’s shout? Doesn’t seem to be printing anything

Sorry, I completely didn’t see this! It does not, but I believe you can get that info by the “getGroupInformation” method for groups. The “:onShout” should update in near live time when a group shout is made mid-game.

Seems the bot cookie is constantly invalidating itself seamingly twice a day.

Is there any keep-alive methods in place?

Oh? Are you logging back into the account or logging out or anything? I usually create an account, fetch the cookie, and then close the browser and it doesn’t invalidate.

1 Like

I’ve had to add a persistent keep-alive that somehow resolved the cookie from expiring on Roblox’s end, nearly after 6 hours of a cookie not having activity, trying to use the cookie again resulted in fails.

Could probably have something to do with the adjusted way Roblox is handling cookies? If this could use a cookie jar file, including the numerious other cookies Roblox has like RBXIDCHECK or _vs, both being marked as ‘secure’ samesite=none could have to do with it?

function BotCookieRefresh() {
	console.log(apiRequest("https://users.roblox.com/v1/users/authenticated", request, reply, true));
setInterval(BotCookieRefresh, 120000);

Might need to adjust your own apiRequest function with a fourth variable to add the bot cookies to the request also.

Ever since adding this, the bot never ‘{failed:true}’

I know Promise.fromEvent() resolves during sn event so maybe you could use that. If the module doesn’t automatically parent Promise, then I would manually move Promise somewhere in ReplicatedStorage.

Here is more information on Promise.fromEvent().

thanks for the github page btw