Im trying to get a sort token from the sorts web api and when I pass through the variables it expects, it returns me a table with tokens, I take one of the tokens and then try to use it in the list api it returns Incorrect token.
I’ve tried even passing through my ROBLOSECURITY cookie incase it needed that, which also didn’t work.
Hoping that you are using your own proxy to request the API and sending your .ROBLOSECURITY isn’t a good idea.
Anyways you will need to send a PostRequest to “https://auth.roblox.com/v2/login” and within the responses headers the token is stored under “x-csrf-token” (It will be a jumble of letters and numbers)
Once you receive the token add that into your headers for your request the the Games API.
Yeah personally this took me hours to find as like you said there is no information anywhere.
Good luck and if you have any more issues make sure to reply.
Don’t worry about that just send a post request to the URL with the .ROBLOSECURITY cookie in your headers.
Also personally I’ve never worked with using the API within Roblox but I have with JavaScript so if you understand JS you can probably apply this to Roblox
Oh and something that is really inconclusive I’ve found is that does the roblosecurity cookie need the _|Warning| _ at the start, found multiple posts all with different responses
Because when I do add that in I get
However when I remove it it says there was an error.
(From the auth api)
And would this be the correct way to pass through the xcsrf token to the sorts api
For my module , I didn’t add the _|WARNING:-DO-NOT-SHARE-THIS.--Sharing-this-will-allow-someone-to-log-in-as-you-and-to-steal-your-ROBUX-and-items.|_ ,I just added the token after this point and worked fine for me.
This is what I’ve got currently
However I’ve tried changing things around, and I still get an error from the auth api,
I’m basically back to where is started.
I’ve also changed my cookie, hoping that would help, Spoiler it didn’t.
local xcsrfToken = proxy:Request(auth,"/v2/login","POST",{["cookie"] = ".ROBLOSECURITY="..cookie})
print(xcsrfToken)
xcsrfToken = xcsrfToken["Headers"]["x-csrf-token"]
local b = proxy:Request(sorts,"/v1/games/sorts?model.gameSortsContext=GamesPageAbTestSorts1","GET",{["X-CSRF-TOKEN"] = xcsrfToken})
print(b)
I tried passing the cookie with the games api request didn’t change anything, main issue here is getting the xcsrf token when I pass through my cookie it just says that its invalid.