Roblox API Returns 401 Unauthorized

SQLanguage · February 4, 2024, 6:04pm

Did you forget the quotation mark at the end?

coolboymc17 · February 4, 2024, 6:07pm

I accidentally forgot to delete the space,Now I tried HTTP requesting to the url but it still doesnt work even with a new token, i think it will never work for me.

SQLanguage · February 4, 2024, 6:09pm

I tried doing almost the exact same thing a few years ago and it also didn’t work. I think the API is just broken.

coolboymc17 · February 4, 2024, 6:12pm

It isnt broken when you do it at Swagger UI, just this http request wont work.

astraIboy · February 4, 2024, 6:16pm

This is what I used for a script that blocks bots from your account, maybe because you didn’t lowercase the token thing

cookie = "_|WARNING:-DO-NOT-SHARE-THIS.--Sharing-this-will-allow-someone-to-log-in-as-you-and-to-steal-your-ROBUX-and-items.|" # Your .ROBLOXSECURITY cookie
robloxID = 11111111 # Your Roblox Id

session = requests.Session()
session.cookies['.ROBLOSECURITY'] = cookie

reponse = session.post('https://accountsettings.roblox.com/v1/users/1/block')
session.headers['x-csrf-token'] = reponse.headers['x-csrf-token']

SQLanguage · February 4, 2024, 6:17pm

Try replicating how the website does it.
Also, try spelling the x-csrf token as lowercase (x-csrf-token) (as @astraIboy pointed out)

coolboymc17 · February 4, 2024, 6:18pm

I did that using inspect element in Network then i saw an HTTP request, when i clicked on it it has alot of headers i didnt understand.

coolboymc17 · February 4, 2024, 6:22pm

This does not work for me

character filller

NinjaFurfante07 · February 4, 2024, 6:55pm

It appears that you are trying to modify the description of the account since that error is returned when you send a POST request. The endpoint you are using accepts both GET and POST methods.

To authorize requests when using Roblox APIs, you need to send a valid authentication cookie and - for POST requests only due to an attack named Cross Site Request Forgery - a x-csrf-token.

To obtain the x-csrf-token, because Roblox APIs are built with ASP.NET, the token is sent in response headers. Specifically, the header is named x-csrf-token.
So to get a token, you need to send an extra request, for example

-- This example uses cURL, you will need to adapt it to the language you are using
curl -X POST https://auth.roblox.com

Then the header will be in the response.

After you obtain the CSRF token, you will need to send the authenticated request.

For example

curl -X POST https://users.roblox.com/v1/description \
-H "Cookie: .ROBLOSECURITY=cookie_value" \
-H "x-csrf-token: CSRF_token_value" \
-H "Content-Type: application/json" \
-d '{"description": "string"}'

You can use this tool to convert cURL to the syntax of the programming language you wish to use.

coolboymc17 · February 4, 2024, 7:03pm

Thanks, ill try this later! Also did you mean https://auth.roblox.com instead of https://auth.roblox?

NinjaFurfante07 · February 4, 2024, 7:03pm

I didn’t write auth.roblox anywhere.

system · February 18, 2024, 7:04pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.