Sunsetting api.roblox.com on May 22, 2023

Hi Developers,

As previously announced, the api.roblox.com web API is being deprecated and starting on May 22, 2023, api.roblox.com will no longer be reachable. All new traffic must switch to newer endpoints on the apis.roblox.com, or individual APIs (e.g. avatar.roblox.com, games.roblox.com, etc).

If you own tools that depend on the old web API and haven’t already switched your traffic to the new endpoints, please consider this a final notice as we will start throttling incoming traffic after this date.

For more information, please visit the original post.

Thank you.

99 Likes

This topic was automatically opened after 10 minutes.

I may be misunderstanding something, but you list apis.roblox.com (not api.roblox.com) as having the newer endpoints. Attempting to go to that url returns a 404. Is that url meant to have content or is there a misunderstanding?

17 Likes

apis.roblox.com is home to all open-cloud endpoints, as a result, there is no documentation on the page but rather you must refer to the documentation for open-cloud on the documentation site.

8 Likes

I appreciate the notice, but I’m wondering if there will be any website or documentation to be implemented listing these individual API sites. Currently, we have to rely on a dev forum member who posts a list within community resources, which is not what we should be relying on. Otherwise, seems like a logical change.

3 Likes

It’s worth noting that many “replacements” are still not up to par, for example, the only alternative I could find to /users/get-by-username is a POST endpoint on https://users.roblox.com however, the CORS policy of the Roblox domain blocks all requests from a client to that endpoint requiring an external proxy simply to just get a user’s user id from their username!

3 Likes

Theoretically you shouldn’t be using Roblox APIs from within Roblox itself that’s what the services are for, such as GroupService.
However sometimes you need to

1 Like

I’m not using Roblox endpoints from with-in a Roblox experience but rather via my own JavaScript-app, the CORS policy of Roblox prohibits any request other than a GET or HEAD request iirc if the request is not coming from a web-server, this is detrimental to web-apps.

No, not all endpoints on that are Open Cloud.

Some undocumented endpoints I’m aware of that could serve value for public use:

  • /universes (place publishing is documented on Creator Docs, everything else is not such as creating new universes, getting universe for a place, etc.)
  • /cloud-authentication (not super useful for public use, but I have my personal use cases)
  • /developer-analytics-aggregations (external dashboards, such as Grafana)
  • /game-passes

I’m not entirely sure why these are undocumented while most other Roblox APIs are usually well documented nowadays. It feels like a step backward.

5 Likes

Using external software written in Python I’ve sent POST requests to many of the endpoints, sorry but I don’t understand the issue.

I’ve made it very clear that I am making a JavaScript app (a web browser cannot run Python), the CORS policy of Roblox blocks those requests because it’s a POST request, while previously it would not as it was a GET request. I cannot simply solve my issue by changing languages since the internet only widely supports JavaScript, as a result, these endpoints are worse compared to the functionality I was able to achieve with the old-endpoints in my case.

All these functionalities seem to be achievable via other apis from other api pages (and cloud authentication appears to be similar to oath2), is that possibly why they weren’t documented?

1 Like

Sorry to slide in, but they are referring to in-browser web apps which are separate from server-sided tools such as Python or NodeJS. Web browsers have security policies in place to prevent websites from sending any kind of requests to wherever.

Because of one of these security policies (CORS), you are unable to make certain types of requests to Roblox as a security measure (e.g. you can’t go to a scam site and it sends a request to Roblox to purchase an item without your consent or knowledge)

Roblox can choose to allow certain endpoints to bypass this security measure by providing certain headers, but may have not noticed the use-case or have reasons to keep it enabled.


Not entirely. Roblox seems to be migrating some of these from the older endpoints, such as developer analytics which is used on the new Creator page. Cloud Authentication may provide other stuff for OAuth2 but I’ve been using it to update OpenCloud keys via external tooling.

I assume Roblox has internal documentation for these endpoints, and not all require authentication or an Open Cloud API key. I assume they haven’t been documented because they don’t perfectly align with Open Cloud but it would be still valuable (even if there are alternatives) to have these documented.


Additionally, would it be possible to have the new universes/v1/universes/create endpoint support creating sub-places? I’ve been having to use www.roblox.com/ide/places/createV2 to accomplish this. I can’t seem to get the other to work for this.

My use case is that I have a GitHub Action that creates a new universe and necessary sub-places for every pull request (and keeps them in sync) so others on the team can easily join and test changes. This is useful since we have a moderately big team and multiple things being worked on at once.

This is also why I update Open Cloud API keys through external tooling, to allow the place publishing endpoint to access these newly created universes.

5 Likes

On the original announcement of the Sunset of api.roblox.com, there is a list of replacements:

Hacky workaround, but you could try to use this instead:
https://www.roblox.com/users/profile?username=builderman

It redirects to the user’s profile page, or the 404 page if they don’t exist. Just send a HEAD request, and extract their userid from the redirect page url

1 Like

I wish that https//apis.roblox.com/ or https//apis.roblox.com/docs would show all sub api links as a minimum. Since all devforum posts get lost over time. And it’s already hard enough to find the “sunset” post every time we want the sub apis.

rip everyone that still uses noblox.js

RIP I guess? Idk why yall even host every api individually

1 Like

I’m no web designer, but perhaps it’s to spread out the traffic of everybody trying to use the APIs?

1 Like

noblox is still actively maintained. It got updated fairly recently in fact, which most likely replaced the old endpoints with the new ones

2 Likes

apis.roblox.com is documented on the Creator Hub’s documentation section.

All other apis, e.g. users.roblox.com have service-specific documentation (Swagger API) avaliable at /docs.

Roblox uses microservices to distribute their APIs, they also deploy a similar process on the frontend (roblox.com) similar to how in the Luau API MarketplaceService is not the same as UserInputService. api.roblox.com has functioned as a pseudo API gateway, taking data from each of these services and returning it to the end user. This is not ideal for various reasons, such as creating a single point of failure on the application end and requiring an internal call from the gateway to the other service (rather than making a HTTP request to the service directly).

1 Like