Roblox API Returns 401 Unauthorized

Help and Feedback Scripting Support
#21

I think no,

Mine is only showing Settings/Query Params/Content Body/Header Params.

#22

Can you check in the other tabs for something about cookies?

#23

What tabs?

Character filllllllllllllller.

#24

824Γ—126 68.1 KB

#25

Since there was no way to set cookie parameters or whatever, I just remade the script in Python but it still returns Error 401.

import requests

url = 'https://users.roblox.com/v1/description'
cookie_value = 'your_cookie_value_here'  # Replace with your actual cookie value

headers = {
    'Cookie': f'.ROBLOSECURITY={cookie_value}',
    'Content-Type': 'application/json',
    'Accept': 'application/json'
}

payload = {
    'description': 'Hi'
}

response = requests.post(url, headers=headers, json=payload)

if response.status_code == 200:
    print(response.json())
else:
    print(f"Error: {response.status_code}")
#26

I tried renaming the .ROBLOSECURITY Header to Cookie and cookie (Lowercase and uppercase) but it still didn’t work.

#27

You need to use requests.Session() to store cookies.

For example:

import requests

client = requests.Session()
client.cookies.set(".ROBLOSECURITY", "_|WARNING...")

print(client.get("https://users.roblox.com/v1/description").content)
#28

So i just have to add an β€˜X-CSRF-Token’ Header after?

#29

Here is what my code looks like now, Still gives me an 401

import requests

url = 'https://users.roblox.com/v1/description'
csrf_token = 'HG7jrV3stRh1'  # Replace with your actual CSRF token value

# Create a session
session = requests.Session()
session.cookies.set(".ROBLOSECURITY", "_|WARNING:-DO-NOT-SHARE-THIS.--Sharing-this-will-allow-someone-to-log-in-as-you-and-to-steal-your-ROBUX-and-items.|_")
session.headers.update({
    'X-CSRF-Token': csrf_token,
    'Content-Type': 'application/json',
    'accept': 'application/json'
})

# Payload for the POST request
payload = {
    'description': 'Hi'
}

# Make a POST request using the session
response = session.post(url, json=payload)

if response.status_code == 200:
    print(response.json())
else:
    print(f"Error: {response.status_code}")

Also i wrote this using ChatGPT since i didnt know any of python.

1 Like
#30
  1. Do you have the latest X-CSRF token? They tend to change alot.
  2. Did you check if the error message changed? Add , response.content to the error print to check if anything changed
#31

1: How do i get my CSRF Token again? when i try to visit https://auth.roblox.com/v2/logout it just says {β€œerrors”:[{β€œcode”:0,β€œmessage”:β€œMethodNotAllowed”}]}
2: It is still same, Error: 401 b’{β€œerrors”:[{β€œcode”:0,β€œmessage”:β€œUnauthorized”}]}’

#32

Can you try doing POST for https://auth.roblox.com/v2/logout instead of GET?

#33

I did, and when i went to my roblox home page it just signed me out.

#34

Did you get the X-CSRF token though?

#35

No, the response body was just "{}’
Also i made the request on Swagger UI

#36

You could google β€˜how to get x-csrf token roblox’ and try some of the endpoints.

#37

I actually got my token but i couldnt get it now.
NEVERMIND I got it again.

#38

My token has the plus symbol, I cant escape it with a backslash, how can i escape the string?

#39

You don’t need to escape plus in python…

#40

It gives me this error. SyntaxError: unterminated string literal (detected at line 4)