Roblox group APIs

The cookie is pretty long so make sure you copy all of it as you may just be copying a part which is the one displayed

Don’t worry I copy whole thing. When I inspect cookie I copy whole code.

this is one of the posts i made about the same issue about the roblosecurity key

1 Like

We don’t actually know if this is the case as we don’t know if the op is running it locally or hosting it

I would assume this is being run on his local machine while testing, meaning this probably wouldn’t be the issue. Although confirmation would be good.

Are you being logged out of your account when you send the request by chance?

It could be invalid as a recent update means your ROBLOSECURITY cookie will reset / invalidate when you login (or at least attempt to not sure) from a different IP address.

Maybe take a read of this post? IP Changes Invalidate Cookie - #154 by Dq2rk

1 Like

This sounds like some free-robux website you are making, are you sure this is for good use?

Under the assumption that his IP is invalidating his cookie, the Autorization has been denied for this request would make sense, although that isn’t expected behavior assuming he is doing so on his local machine. If you don’t get logged out when you do it that isn’t the issue. Looking over the code you’ve provided once more, I see no reason why you’re getting that error. I’ve replaced your values with my own ROBLOSECURITY token and X-CSRF and it works fine, which means that this has to be something to do with your specific machine, whether that be your cookies invalidating or you’re using an invalid cookie to begin with.

With that being said, try this one more time, get your cookie and send a request with a blank X-CSRF, and let us know if you get logged out. If you’re getting logged out, try to run this on your local machine rather than using the autocode website. The expected outcome when you do this should be a 403 error notifying you about the lack of the X-CSRF token (which you can get from the response), assuming your cookie isn’t being invalidated.

Also, there are many practical use cases for this besides a free-robux website. One possible use case would be just not wanting to log into your holder account every single time you want to pay someone out with your group funds. I also just enjoy playing with the Roblox website and seeing what’s possible from time to time.

its been running on repl.it which has a different ip address to mine

K, I will try from my own IP now.

Yes, I have my discord bot and I am not owner of group (I use owners .ROBLOSECURITY) but I don’t want to wait owner to respond. That is why I want this to make.

I run it on my local but throw AutoCode, I am not sure if he run from my local IP or not.

you need your cookie and your XSRF token, the XSRF does expire after a bit so you need to send a request to the logout api to get a new one when ti expires

From this page?
Authentication Api

Yes and in the response headers the XSRF will be there here is an example in python

def GetXSRF():
	Req = requests.post("https://auth.roblox.com/v2/logout", 
	cookies= { 
		"Your Cookie",
	})
	return Req.headers["x-csrf-token"];

Are you getting logged out when doing so or not? To confirm this is a method of getting the token above, but this won’t solve your main problem as you’re getting a 401 error with a valid cookie and no token, the expected with a valid cookie and no token would be a 403 with the token sent with the response

1 Like

Is there a way to do this inside a Roblox server script?!

Kind of with a proxy link but you would have to set this up yourself using some web server hosting. Sadly you can’t send requests to links with the Roblox domain, so not with the basic API links.

What does the script have to look like, I already tried this out in a Lua script but I can’t send a cookie via HttpService

You can using HttpService:RequestAsync. You can specify the cookie in the headers.