I’m trying to make a system which makes it possible to login using the username & password combination. The current v2 login endpoint requires these parameters (in short)
username
password
captchaToken
Here’s where the tricky part comes. The captchaToken. The captcaToken is generated when you correctly complete a captcha. In other words: if I’m able to show that captcha on my own website to the user and then use it to login to a Roblox account, that should work.
Well, yes and no. Check out this code example (not written by me)
That’s exactly what we need. The way to get it working is to replace the bunch of 1’s with the public token from the captcha you’d like to solve. For example, the public token from signing up on Roblox is A2A14B1D-1AF3-C791-9BBC-EE33CC7A0A6F. Feel free to replace that 11111111-1111-1111-1111-111111111111 in the example to the public key (token) above and press “run” on the top left. Then try to click the button again after it loaded.
As you can see you’ll get a different captcha now. That’s Roblox’s one for signing up. . That also work(ed) for joining groups etc… I tried using the same script for login to generate that captchaToken I need which I reffered to earlier. After doing some research, the public token for logging in is 476068BF-9607-4799-B53D-966BE98E2B81. However, when replacing the bunch of 1’s in the example above with that public key it stops working.
(I’ve also tried it on my own domain and such, same result). I was wondering if anyone has stumbled upon the same issue and somehow found a solution to it?
I’m aware it’s a long shot, but if you don’t shoot, you’ll always miss.
Why can’t you just use the cookie instead? It’s much easier and you don’t need to do a captcha. EDIT: I am pretty sure you can access all Roblox API’s as long as you have the cookie and X-CSRF-TOKEN.
Most people can’t login using cookie because of roblox’s new measures to prevent scams, which when a new location from the account creation isn’t the same, as the account creation location then that means it’ll llogout the person and the bot
let’s just say the bot logs in from america and the person made the account from africa, Roblox will log out the bot and all the logged in people on the account to prevent scams,
I hate this but I guess as long as it’s usefull, I believe it’ll work.
You will need to use some kind of captcha-solving library, if it exists. You will be unable to log in without successful captcha tokens, which are usually valid for around 45 seconds.
I made a Roblox account creator that relied on captcha tokens. It shows one page with a captcha, you solve it, and the server submits the token to Roblox.
You’re probably getting a server error.
The reason for this is that the FunCaptcha api is blocked by Cloudflare, which is the CDN Roblox uses.
I have contacted FunCaptcha to see if they can unblock Roblox IP’s.
The captcaToken is generated when you correctly complete a captcha. In other words: if I’m able to show that captcha on my own website to the user and then use it to login to a Roblox account, that should work.
That’s Roblox’s one for signing up. 
. That also work(ed) for joining groups etc… I tried using the same script for login to generate that 