Roblox group APIs

Not sure what is NoBlox but if it’s like webpage I go and then there enter data then no. I need someone that I can use POST request.

Noblox is a node.js wrapper for Roblox. It provides sample code etc for basically everything you need to do. Of course if you don’t want to use this that’s fair, it’s just what I used whenever I did Roblox stuff and didn’t feel like doing stuff to send requests myself.

Either way I’ll check out the stuff you’ve provided in a bit with autocode and see if I can make it work if you don’t want to go this route! :slight_smile:

1 Like

Alright, I was busy most of today but I took a little look at the library you’re using. Here is what your code should look like sending the request. Tested it out myself with the website you provided and worked fine. Replace my groupId with yours obviously and place the cookie as well as X-CSRF where it says to.

const lib = require('lib')({token: null /* link an account to create an auth token */});

// make API request
let result = await lib.http.request['@1.1.6'].post({
  url: `https://groups.roblox.com/v1/groups/5206588/payouts`,
  headers: {
    'Cookie': `.ROBLOSECURITY=cookiegoeshere`,
    'Content-Type': `application/json`,
    'X-CSRF-TOKEN': `tokengoeshere`
  },
  params: {
    'PayoutType': `FixedAmount`,
    'Recipients': [
      {
        'recipientId': 1201454998,
        'recipientType': `User`,
        'amount': 1
      }
    ]
  }
});

Response paired with the audit log to show that this actually went through.


statusCode

Thx. You so much :hugs:. I will try it and see what I get.

1 Like

OK, I am on PC but not sure what is X-CSRF-TOKEN. Can you help me with it?

Alright, lets use an example of the website you provided. Send a request with a blank X-CSRF-TOKEN. If you did so correctly with a working cookie, you should receive a 403 back. If you look closer in the response, you should be able to see the X-CSRF-TOKEN. Copy and paste that.

This is my code. I put cookie like this?

headers: {
    'Cookie': `.ROBLOSECURITY=_DUAJRAN`, // Like this?
    'Content-Type': `application/json`,
    'X-CSRF-TOKEN': ``
  },

Yes, that should work as long as you replace _DUAJRAN with an actual valid cookie. :slight_smile:

1 Like

Nope still got the error.

{
  errors: [
    {
      code: 0,
      message: 'Authorization has been denied for this request.'
    }
  ]
}
// authenticates you with the API standard library
const lib = require('lib')({token: process.env.STDLIB_SECRET_TOKEN});

// make API request
let result = await lib.http.request['@1.1.6'].post({
  url: `https://groups.roblox.com/v1/groups/12851676/payouts`,
  headers: {
    'Cookie': `.ROBLOSECURITY=_42ADD27D**D60D141D6C3169B630CA32DE2E611F5B64E2EA05BECEE80CB6E3D**FF7600C04CCCEC5BC9D57932F66AAC0141688028**F5383E7D`,
    'Content-Type': `application/json`,
    'X-CSRF-TOKEN': ``
  },
  params: {
    'PayoutType': `FixedAmount`,
    'Recipients': [
      {
        'recipientId': 2201237236,
        'recipientType': `User`,
        'amount': 1
      }
    ]
  }
});

console.log(result.data);
1 Like

Ah, make sure to keep the _|WARNING:-DO-NOT-SHARE-THIS.--Sharing-this-will-allow-someone-to-log-in-as-you-and-to-steal-your-ROBUX-and-items. part in your cookie, then send the request.

I see it in Edge but not in google

Oh, or just remove the excess _ in your cookie at the start. That in theory should also work.

{
  statusCode: 401,
  headers: {
    'cache-control': 'no-cache',
    pragma: 'no-cache',
    'content-length': '83',
    'content-type': 'application/json',
    expires: '-1',
    'x-frame-options': 'SAMEORIGIN',
    'roblox-machine-id': 'CHI1-WEB8833',
    p3p: 'CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"',
    date: 'Mon, 21 Mar 2022 09:35:40 GMT',
    'report-to': '{"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://ncs.roblox.com/upload"}]}',
    nel: '{"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1}',
    connection: 'close'
  },
  data: { errors: [ [Object] ] }
}

Are you 100% sure this is a valid cookie you’re using?

I am. I inspect page (Edge for Warning) and copy whole key

The cookie is pretty long so make sure you copy all of it as you may just be copying a part which is the one displayed

Don’t worry I copy whole thing. When I inspect cookie I copy whole code.

this is one of the posts i made about the same issue about the roblosecurity key

1 Like

We don’t actually know if this is the case as we don’t know if the op is running it locally or hosting it