Roblox API with Python: "Authorization has been denied for this request."

Agusta0002 · May 12, 2022, 4:09pm

Hello there, Recently i’ve started to work with the roblox API. However i’ve been encountering this error:

<Response [401]>
{'errors': [{'code': 0, 'message': 'Authorization has been denied for this request.'}]}

This is my code:

def getToken(robloxsecurity_token):
    
    url = "https://auth.roblox.com/v2/logout"
    
    headers = {
    
    "Accept": "application/json",
    "Cookie": ".ROBLOSECURITY="+ str(robloxsecurity_token)

    }
    
    r = requests.post(url, headers=headers)
    
    return r

---------------------------------------------------------------------------------

def setRole(robloxsecurity_token:str, group_id:str, user_id:str, role_id):
    
    Authentification = getToken(robloxsecurity_token)
    x_csrf_token = Authentification.headers["x-csrf-token"]
    
    url = "https://groups.roblox.com/v1/groups/" + str(group_id) + "/users/" + str(user_id)
    
    headers = {
    
    "Content-Type": "application/json",
    "X-CSRF-TOKEN": x_csrf_token,
    }

    params = {
    
    "roleId" : role_id
    
    }
    
    r = requests.patch(url, headers=headers, params=params)
    return r

The problem is when submitting the requests to change the role, the x-csrf-token is not the issue, it works.

Thanks in advance

sleitnick · May 12, 2022, 6:40pm

It might be a CSRF challenge. If the response has a CSRF token in the header (even though it came back as Auth Denied), try to resend the request with the received token. Basically echo your same request again but with the new CSRF token received from the failed response.

I don’t know for sure if that will fix it at all. But remodel does this.

Again, not sure.

Agusta0002 · May 13, 2022, 12:17pm

I’m not getting back any x-csrf-token from the lates request i’m sending in setRank()
I was rather thinking that maybe i have to send the .ROBLOXSECURITY cookie aswell, could that possibly be it?