Roblox Web Endpoints: How to authenticate?

frostmario2 · January 29, 2020, 8:29pm

Hello, I am trying to write a Roblox bot in node.js, I am trying to use the following web endpoint to see if a Roblox user has premium or not:
https://premiumfeatures.roblox.com/v1/users/1/validate-membership

Whenever I run it in my code, I am getting an unauthorized error:
Error: Unauthorized

From what I can tell I need to be authorized (logged in) to use it, however I’m not sure how to authenticate myself when using this endpoint.

try{
                const { body } = await superagent
                .get("https://premiumfeatures.roblox.com/v1/users/1/validate-membership");
                console.log("Response: " + body.data)
            }catch(err){
        console.log("An error has occured: " + err)
    }

How would I be able to authenticate myself, I assume I would use ROBLOSECURITY, but what code would I write in order to give it?

WeaponFrameworks · January 29, 2020, 9:40pm

Hey Frost!

Have you tried looking into Noblox.js?

cornprices · January 29, 2020, 10:39pm

I don’t actually have superagent installed but according to the documentation, setting the “Cookie” header should work.

const { body } = await superagent
            .get("https://premiumfeatures.roblox.com/v1/users/1/validate-membership")
            .set("Cookie", ".ROBLOSECURITY=roblo security here")
            console.log("Response: " + body.body)

frostmario2 · January 29, 2020, 11:26pm

Hi there, yes!

I actually use Noblox for other purposes in the program, I just assume and couldn’t find anyway to detect if a user has premium with it.

frostmario2 · January 30, 2020, 12:26am

Thanks, unfortunately I still seem to be getting the same error:

Error: Unauthorized

Code:

try{
                const { body } = await superagent
                    .get("https://premiumfeatures.roblox.com/v1/users/1/validate-membership")
                    .set("Cookie", ".ROBLOSECURITY=" + cookie)
                    console.log("Response: " + body.body)
            }catch(err){
        console.log("An error has occured: " + err)
    }

(cookie is a variable set to the ROBLOSECURITY value)

If anyone knows a way to authenticate using something other than superagent that would be appreciated as well, I have tried other methods and have gotten data correctly from other websites using those other methods, but I can’t on Roblox because I’m not sure how to authenticate these requests.

cornprices · January 30, 2020, 1:21am

I went ahead and installed superagent and the code you have seems to work for me. I tested it with two different accounts. Is it possible you’re setting cookie to the wrong value?

frostmario2 · January 30, 2020, 1:33am

I am using the ROBLOSECURITY starting with the do not share warning. I’m not using the RBXID cookie which seems similar. I’ll try it in a smaller program and also with another account to see if it fixes the issue.

frostmario2 · January 30, 2020, 2:10am

EDIT: I had to use a different account but I got it to work, only difference compared to your code was “body.body” was only “body”.

Thank you so much!