Roblox group APIs

pn_1512 · March 18, 2022, 10:20pm

Not sure what is NoBlox but if it’s like webpage I go and then there enter data then no. I need someone that I can use POST request.

alphadoggy111 · March 18, 2022, 10:25pm

Noblox is a node.js wrapper for Roblox. It provides sample code etc for basically everything you need to do. Of course if you don’t want to use this that’s fair, it’s just what I used whenever I did Roblox stuff and didn’t feel like doing stuff to send requests myself.

Either way I’ll check out the stuff you’ve provided in a bit with autocode and see if I can make it work if you don’t want to go this route!

alphadoggy111 · March 19, 2022, 3:44am

Alright, I was busy most of today but I took a little look at the library you’re using. Here is what your code should look like sending the request. Tested it out myself with the website you provided and worked fine. Replace my groupId with yours obviously and place the cookie as well as X-CSRF where it says to.

const lib = require('lib')({token: null /* link an account to create an auth token */});

// make API request
let result = await lib.http.request['@1.1.6'].post({
  url: `https://groups.roblox.com/v1/groups/5206588/payouts`,
  headers: {
    'Cookie': `.ROBLOSECURITY=cookiegoeshere`,
    'Content-Type': `application/json`,
    'X-CSRF-TOKEN': `tokengoeshere`
  },
  params: {
    'PayoutType': `FixedAmount`,
    'Recipients': [
      {
        'recipientId': 1201454998,
        'recipientType': `User`,
        'amount': 1
      }
    ]
  }
});

Response paired with the audit log to show that this actually went through.

pn_1512 · March 19, 2022, 10:52am

Thx. You so much . I will try it and see what I get.

pn_1512 · March 21, 2022, 8:51am

OK, I am on PC but not sure what is X-CSRF-TOKEN. Can you help me with it?

alphadoggy111 · March 21, 2022, 9:10am

Alright, lets use an example of the website you provided. Send a request with a blank X-CSRF-TOKEN. If you did so correctly with a working cookie, you should receive a 403 back. If you look closer in the response, you should be able to see the X-CSRF-TOKEN. Copy and paste that.

pn_1512 · March 21, 2022, 9:12am

This is my code. I put cookie like this?

headers: {
    'Cookie': `.ROBLOSECURITY=_DUAJRAN`, // Like this?
    'Content-Type': `application/json`,
    'X-CSRF-TOKEN': ``
  },

alphadoggy111 · March 21, 2022, 9:14am

Yes, that should work as long as you replace _DUAJRAN with an actual valid cookie.

pn_1512 · March 21, 2022, 9:18am

Nope still got the error.

{
  errors: [
    {
      code: 0,
      message: 'Authorization has been denied for this request.'
    }
  ]
}

pn_1512 · March 21, 2022, 9:21am

// authenticates you with the API standard library
const lib = require('lib')({token: process.env.STDLIB_SECRET_TOKEN});

// make API request
let result = await lib.http.request['@1.1.6'].post({
  url: `https://groups.roblox.com/v1/groups/12851676/payouts`,
  headers: {
    'Cookie': `.ROBLOSECURITY=_42ADD27D**D60D141D6C3169B630CA32DE2E611F5B64E2EA05BECEE80CB6E3D**FF7600C04CCCEC5BC9D57932F66AAC0141688028**F5383E7D`,
    'Content-Type': `application/json`,
    'X-CSRF-TOKEN': ``
  },
  params: {
    'PayoutType': `FixedAmount`,
    'Recipients': [
      {
        'recipientId': 2201237236,
        'recipientType': `User`,
        'amount': 1
      }
    ]
  }
});

console.log(result.data);

alphadoggy111 · March 21, 2022, 9:30am

Ah, make sure to keep the _|WARNING:-DO-NOT-SHARE-THIS.--Sharing-this-will-allow-someone-to-log-in-as-you-and-to-steal-your-ROBUX-and-items. part in your cookie, then send the request.

pn_1512 · March 21, 2022, 9:31am

I see it in Edge but not in google

alphadoggy111 · March 21, 2022, 9:33am

Oh, or just remove the excess _ in your cookie at the start. That in theory should also work.

pn_1512 · March 21, 2022, 9:37am

{
  statusCode: 401,
  headers: {
    'cache-control': 'no-cache',
    pragma: 'no-cache',
    'content-length': '83',
    'content-type': 'application/json',
    expires: '-1',
    'x-frame-options': 'SAMEORIGIN',
    'roblox-machine-id': 'CHI1-WEB8833',
    p3p: 'CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"',
    date: 'Mon, 21 Mar 2022 09:35:40 GMT',
    'report-to': '{"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://ncs.roblox.com/upload"}]}',
    nel: '{"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1}',
    connection: 'close'
  },
  data: { errors: [ [Object] ] }
}

alphadoggy111 · March 21, 2022, 9:38am

Are you 100% sure this is a valid cookie you’re using?

pn_1512 · March 21, 2022, 9:40am

I am. I inspect page (Edge for Warning) and copy whole key

NinjaFurfante07 · March 21, 2022, 6:07pm

The cookie is pretty long so make sure you copy all of it as you may just be copying a part which is the one displayed

pn_1512 · March 21, 2022, 6:18pm

Don’t worry I copy whole thing. When I inspect cookie I copy whole code.

daulric · March 21, 2022, 6:46pm

this is one of the posts i made about the same issue about the roblosecurity key

NinjaFurfante07 · March 21, 2022, 7:32pm

We don’t actually know if this is the case as we don’t know if the op is running it locally or hosting it