RoZod - TypeScript Roblox API Client (750+ Endpoints)

Resources Community Resources
,
1

RoZod Logo
RoZod Logo1650×389 27.4 KB

:package: npm:books: docs:wrench: github

RoZod is the most complete and production-ready Roblox API client for TypeScript/JavaScript. It powers RoGold, a browser extension serving 800,000+ active users with millions of daily API requests.

:rocket: Why Choose RoZod?

  • :white_check_mark: 800+ Endpoints - Complete coverage (690+ Classic + 117 OpenCloud APIs)
  • :white_check_mark: Production Proven - Battle-tested at massive scale (800k+ users)
  • :white_check_mark: Enterprise Security - Automatic CSRF, Hardware-Backed Auth, Challenge handling, Cookie Rotation
  • :white_check_mark: Full Type Safety - Native Zod validation catches errors at compile time
  • :white_check_mark: Universal Runtime - Works seamlessly in NodeJS, Bun, Deno, and browsers
  • :white_check_mark: Zero Configuration - Automatic authentication in browsers, simple configureServer() for servers

:bar_chart: API Coverage Comparison

Library Classic APIs OpenCloud APIs Total Production Scale
RoZod 690+ 117 807+ :white_check_mark: 800k+ users
noblox.js ~200 :cross_mark: None ~200 Limited
openblox ~200 ~90 ~290 Unknown

All endpoints are code-generated from official Roblox documentation for guaranteed accuracy and completeness.

:shield: Enterprise-Grade Security

RoZod automatically handles Roblox’s complex security requirements:

  • XCSRF Token Management - Automatic retrieval and caching per user
  • Hardware-Backed Authentication - Full HBA signature support via roblox-bat
  • Cookie Rotation Support - Automatic detection and callback for Roblox’s new cookie rotation
  • Challenge Handling - Captchas, 2FA, and authentication challenges
  • Cookie Security - Secure parsing and validation
  • Cookie Pools - Multiple accounts with round-robin or random rotation

:bullseye: Developer Experience

Full TypeScript Support with complete type safety and autocomplete!

💻 Code Examples & Usage 
import { fetchApi, isAnyErrorResponse } from 'rozod';
import { getUsersUserdetails } from 'rozod/lib/endpoints/usersv1';

// Full type safety - errors caught at compile time!
const userInfo = await fetchApi(getUsersUserdetails, { userIds: [1, 123456] });
if (isAnyErrorResponse(userInfo)) {
  console.error(userInfo.message);
  return;
}
console.log(userInfo.data[0].displayName); // Fully typed autocomplete

Automatic Authentication (Browsers):

// No setup needed - cookies sent automatically!
const response = await fetchApi(getGamesIcons, { universeIds: [1534453623] });

Server Configuration (Node.js/Bun/Deno):

import { configureServer } from 'rozod';

// Configure once at startup - all requests automatically authenticated
configureServer({ cookies: 'your_roblosecurity_cookie_here' });

// Multiple accounts with automatic rotation
configureServer({
  cookies: ['account1_cookie', 'account2_cookie', 'account3_cookie'],
  cookieRotation: 'round-robin', // or 'random'
});

// OpenCloud API key
configureServer({ cloudKey: 'your_opencloud_api_key_here' });

OpenCloud Support:

import { fetchApi } from 'rozod';
import { v2 } from 'rozod/lib/opencloud';

const universeInfo = await fetchApi(v2.getCloudV2UniversesUniverseId, {
  universe_id: '123456789',
});
console.log(universeInfo.displayName);
🔄 Advanced Features

Automatic Pagination:

import { fetchApiPages } from 'rozod';
import { getGroupsGroupidWallPosts } from 'rozod/lib/endpoints/groupsv2';

// Automatically fetches all pages
const allPosts = await fetchApiPages(getGroupsGroupidWallPosts, { groupId: 11479637 });

Generator-Based Pagination (Process pages as they arrive):

import { fetchApiPagesGenerator } from 'rozod';

const pages = fetchApiPagesGenerator(getGroupsGroupidWallPosts, { groupId: 11479637 });
for await (const page of pages) {
  console.log(`Processing page with ${page.data.length} posts`);
}

Batch Processing:

import { fetchApiSplit } from 'rozod';

// Automatically splits large requests to avoid API limits
const data = await fetchApiSplit(
  getGamesIcons,
  { universeIds: [/* hundreds of IDs */] },
  { universeIds: 100 } // Split into batches of 100
);

Throw-on-Error Mode:

try {
  const res = await fetchApi(getGamesIcons, { universeIds: [123] }, { throwOnError: true });
  console.log(res.data); // Guaranteed success - errors throw
} catch (err) {
  console.error((err as Error).message);
}

Cookie Rotation Handling:

import { configureServer, refreshCookie, getCookies } from 'rozod';

// Automatically persist new cookies when Roblox rotates them
configureServer({
  cookies: process.env.ROBLOX_COOKIE,
  onCookieRefresh: async ({ oldCookie, newCookie, poolIndex }) => {
    await db.updateCookie(poolIndex, newCookie);
    console.log('Cookie rotated and saved!');
  }
});

// Proactively refresh cookies before they expire
const result = await refreshCookie(0);
if (result.success) {
  await db.updateCookie(0, result.newCookie);
}

:chart_increasing: Production Success Story

RoGold uses RoZod to serve 800,000+ users daily:

  • :white_check_mark: Handles millions of API requests per day
  • :white_check_mark: Zero authentication issues with automatic CSRF/HBA handling
  • :white_check_mark: Type-safe development prevents runtime errors
  • :white_check_mark: Complete API coverage eliminates the need for multiple libraries
  • :white_check_mark: Automatic pagination and batching for optimal performance
  • :white_check_mark: Respects Roblox captchas and lets the actual users solve them

:rocket: Getting Started

  1. Install RoZod:
npm install rozod
# or
yarn add rozod
# or  
pnpm add rozod
  1. Basic Usage:
import { fetchApi, isAnyErrorResponse } from 'rozod';
import { getUsersUserdetails } from 'rozod/lib/endpoints/usersv1';

const userInfo = await fetchApi(getUsersUserdetails, { userIds: [1, 123456] });
if (!isAnyErrorResponse(userInfo)) {
  console.log(userInfo.data[0].displayName);
}
  1. That’s it! RoZod handles authentication, CSRF tokens, and all the complex stuff automatically.

:counterclockwise_arrows_button: Migrating from noblox.js?

RoZod offers a superior developer experience with minimal migration effort:

noblox.js:

const noblox = require('noblox.js');
await noblox.setCookie('cookie');
const user = await noblox.getPlayerInfo(123456);

RoZod:

import { fetchApi, configureServer } from 'rozod';
import { getUsersUserdetails } from 'rozod/lib/endpoints/usersv1';

// Configure once, use everywhere
configureServer({ cookies: 'your_cookie_here' });

const user = await fetchApi(getUsersUserdetails, { userIds: [123456] });

:books: Documentation & Resources

:speech_balloon: Support & Community

  • GitHub Issues - Bug reports and feature requests
  • Documentation - Comprehensive API reference
  • Discord - You can join our RoGold Discord for anything else

RoZod is maintained by Alrovi ApS, the company behind RoGold. We’re committed to providing a reliable and complete Roblox API client for the developer community.

RoZod is not affiliated with, maintained, authorized, endorsed, or sponsored by Roblox Corporation.

19 Likes
2

v6.2.0 - Cookie Rotation Support

RoZod now automatically handles Roblox’s new .ROBLOSECURITY cookie rotation system (see DevForum Post).

New Features

  • Automatic cookie rotation detection - RoZod detects when Roblox rotates your cookie via Set-Cookie headers and updates the internal pool automatically
  • onCookieRefresh callback - Get notified when cookies rotate so you can persist new values to your database or environment
  • refreshCookie() - Proactively refresh a cookie session before it expires
  • getCookies() / updateCookie() - Utility functions for manual cookie management

Example

configureServer({
  cookies: process.env.ROBLOX_COOKIE,
  onCookieRefresh: async ({ newCookie, poolIndex }) => {
    await db.updateCookie(poolIndex, newCookie);
  }
});

See the README for full documentation.

2 Likes
3

Can you please add support for https://apis.roblox.com/api-keys/v1/introspect?

The documentation for this endpoint

This is my current implementation:

import { z } from 'zod';
import { endpoint } from 'rozod';

const introspectOpenCloudApiKey = endpoint({
	method: 'POST',
	path: '/api-keys/v1/introspect',
	baseUrl: 'https://apis.roblox.com',
	requestFormat: 'json',
	body: z.object({
		apiKey: z.string(),
	}),
	response: z.object({
		name: z.string(),
		authorizedUserId: z.number(),
		scopes: z.array(z.object({
			name: z.string(),
			operations: z.array(z.string()),
			universeDatastores: z.array(z.object({
				universeId: z.string(),
				datastoreName: z.string(),
			})).optional(),
			groupIds: z.array(z.string()).optional(),
			userIds: z.array(z.string()).optional(),
		})),
		enabled: z.boolean(),
		expired: z.boolean(),
		expirationTimeUtc: z.string(),
	}),
});
4

It doesn’t have to be an endpoint, maybe it could be in configureServer as requiredScopes?

5

Nah, bro doesn’t even support the legacy-develop APIs?!?!

image
image645×298 23.9 KB

Screen recording 2026-05-18 10.49.00 AM