Proper, official API to log in
Proper, official API to get group wall posts
Proper, official API to delete a group wall post
Proper, official API to delete all group wall posts by a specific user
General usage procedures
To make any request, you need a valid X-CSRF-TOKEN header. If you lack it or yours is invalid then your request will fail. When it fails, roblox will give you a valid X-CSRF-TOKEN in the response header, which you can use for your next request to make it succeed. I think X-CSRF-TOKENs are authenticated separately for each subdomain.
To make requests that require authentication, you need .ROBLOSECURITY=... in your Cookie header. Roblox will return this as part of the Set-Cookie response header when you use the login API.
So general procedure for a group wall scam post delete bot:
- Make blank login request to get CSRF token
- Make new login request with valid CSRF token to get authentication cookie
- Make blank group wall get request to get CSRF token
- Make valid group wall get request while providing your auth cookie and CSRF token to get group wall posts.
4.1. Save returned CSRF token
4.2. Search through group wall posts and add any user ids that make scams to an array - Make a valid group wall user posts delete request while providing your auth cookie and CSRF token to delete all posts by a user.
5.1 Save returned CSRF token
5.2 Repeat for all users in delete-posts-by array. - Jump to step 4 and repeat every 15 seconds or so.
The methods of impersonating a regular user behind a regular browser that roblox-js, noblox-js, and 0q0-roblox and their forks use is mostly not necessary any more. Here is a list of new web endpoints (ignore the thread title, or read through the thread to understand its relevance).