RobloxSDK - an sdk written in php (WORK IN PROGRESS)

Roblox SDK (WIP)

What is it?
RobloxSDK is written in php and meant for websites or scripts that work with roblox via their api. This project is also meant for some kind of bots that manage groups, interaction with users, games, and even for type websites.

How to Install?
Downlaod the .php file from the repo, put it in secure folder (can be protected by .htaccess or outside of public html folder). Then, in your php script, write require("path_of_file/RobloxSDK.php"). Now you can work with it.

This project is currently work in progress, so. if you have any ideas or found a bug, you can contribute to this repo and make it better for everyone.


As i said, this project is in work in progress. There is no actuall group class, it will be added in the future

//roblox account (you need to get .ROBLOSECURITY cookie value)
class RobloxClient(string cookie, string securepassword (optional))->
getcookie(string securepassword (optional)) //gets cookie value with your securepassword
setpassword(string oldpassword, string newpassword (can be empty string))
gettokenbypass(string securepassword (optional)) //gets X-CSRF-TOKEN with password
getauthticketbypass(string securepassword (optional)) //gets authentication ticket (you can join game with this ticket)
joinplaceid(int placeid) //launches website user to the game
joinjobid(int placeid, string jobid) //the same as previous but accepts jobid
getfriendcount() //return friend count
getfriends() //returns client's friends (RobloxPlayers)
addtofriends(int userid) //adds player to friend list
unfried(int userid) //removes player from friend list
acceptfriendrequest(int userid) //accepts users friend request
declinefriendrequest(int userid) //declines users friend request
isfriendswith(int userid); //don't need to explain
//values : private $cookie
private $cookieheader
public string $userid
public string $username
public string $displayname
private string $accesspassword

//instance of a player
class RobloxPlayer(int userid)->
getfriends() //returns player's friends (RobloxPlayers)
addtofriends(RobloxClient client) //adds player to friends
unfriend(RobloxClient client) //unfriends player
acceptfriendrequest(RobloxClient client) //accepts player's friend request
declinefriendrequest(RobloxClient client) //declines player's friend request
values: public int $userid
public string $username
public string $displayname
public ?string $description
public string $created
public bool $isBanned
//instance of a game
class RobloxGame(int placeid)->
getuniversalid() //gets games universalid
getservers(RobloxClient client (optional), string securepassword (optional)) //gets games servers (RobloxClient needed to view players inside of servers)
getplaces() //gets games child places
setname(RobloxClient client, string securepassword, string newname) //sets games name via robloxclient
setdescription(RobloxClient client, string securepassword, string newdescription) //sets games description via robloxclient
values: public $gameid
public $placeid
public $universeid
public $placename
public $description
public $creator
public $price
public $created
public $updated
public $playing
public $visits
public $maxplayers
RobloxGroup comming soon!

I like the idea and work but PHP shouldn’t be used for modern projects in my opinion.

joinplaceid(int placeid) //launches website user to the game
joinjobid(int placeid, string jobid) //the same as previous but accepts jobid

I don’t think these will work for anyone other than the host. Roblox now restricts authentication tickets from being redeemed to the IP of whoever generated it, which is the reason alt generators that launched games no longer work. This means that you won’t be able to launch a game for someone that has a different IP address than the machine that php is running on.


Roblox is easier than you think, but if it was, it could be easily done via javascript cuz its clientside

No, due to Roblox’s CORS policy, JavaScript running on the client’s browser on a website outside of * will not be able to call the endpoint necessary to generate an authentication ticket. I have much experience with Roblox and I understand that it is easy, PHP is not the right way to do it regardless.

1 Like

there is header called referrer, and you can set it to profit

The Referer header cannot be set on client JavaScript HTTP requests. Any modern browser will not allow you to do this because of obvious security concerns.