Long post since I’m trying to put in as much detail as possible.
I’m trying to create a discord bot to handle group functions like assigning ranks, exile members, payouts, etc but I cannot get the payouts group API working to save my life. I’m using this post as a guide as the user seemed to have success with it.
I’m listing all the steps I took to construct the command:
Fetch X-CSRF Token
csrf_response = requests.post("https://auth.roblox.com/v2/logout", headers={"Cookie": f".ROBLOSECURITY={USER_COOKIE}"})
x_csrf_token = csrf_response.headers.get("x-csrf-token")
Initial Payout Request
payout_headers = {
"Content-Type": "application/json",
"Cookie": f".ROBLOSECURITY={USER_COOKIE}",
"X-CSRF-TOKEN": x_csrf_token
}
payout_data = {
"PayoutType": "FixedAmount",
"Recipients": [
{
"recipientId": requested_user_id,
"recipientType": "User",
"amount": amount
}
]
}
payout_response = requests.post("https://groups.roblox.com/v1/groups/32612661/payouts", json=payout_data, headers=payout_headers)
Extracting required header information
challenge_id = payout_response.headers.get('rblx-challenge-id', '')
challenge_metadata_encoded = payout_response.headers.get('rblx-challenge-metadata', '')
challenge_metadata = json.loads(base64.b64decode(challenge_metadata_encoded).decode('utf-8'))
Generate 2FA Code using pyotp
totp = pyotp.TOTP(YOUR_2FA_SECRET_KEY)
two_fa_code = totp.now()
two_fa_data = {
"challengeId": challenge_metadata["challengeId"],
"actionType": "Generic",
"code": two_fa_code
}
two_fa_response = requests.post("https://twostepverification.roblox.com/v1/users/2586630270/challenges/authenticator/verify",
json=two_fa_data, headers=payout_headers)
if two_fa_response.status_code != 200:
await ctx.send(f"Two-step verification failed: {two_fa_response.text}")
return
verification_token = two_fa_response.json().get("verificationToken")
Final Payout Request
payout_headers["rblx-challenge-id"] = challenge_id
payout_headers["rblx-challenge-type"] = "twostepverification"
payout_headers["rblx-challenge-metadata"] = json.dumps({
"verificationToken": verification_token,
"rememberDevice": False,
"challengeId": challenge_metadata["challengeId"],
"actionType": "Generic"
})
final_payout_response = requests.post("https://groups.roblox.com/v1/groups/GROUPIDPLACEHOLDER/payouts", json=payout_data, headers=payout_headers)
if final_payout_response.status_code == 200:
await ctx.send("Transaction Completed")
else:
await ctx.send(f"Transaction Failed: {final_payout_response.text} Verify Token: {verification_token} 2FA Code: {two_fa_code}") #printing out 2fa code and verification token to make sure verification steps worked
The API response is always:
Transaction Failed: {“errors”:[{“code”:0,“message”:“InternalServerError”}]} Verify Token: PLACEHOLDER 2FA Code: PLACEHOLDER
Throughout all my test attempts, the program fetched the required info from the headers and completed the 2fa verification without issue, but always failing at the final step (sending completed request with auth to the roblox groups payout api). I know its only failing at the final step because
I made the program print the verificationtoken which cannot be obtained if the 2fa code is wrong or
the challengeID doesn’t match the one obtained from the decoded base64 json string ‘rblx-challenge-metadata’.
This is my last resort if anyone got any ideas please reply to this thread