Sunsetting api.roblox.com on May 22, 2023

I’m not using Roblox endpoints from with-in a Roblox experience but rather via my own JavaScript-app, the CORS policy of Roblox prohibits any request other than a GET or HEAD request iirc if the request is not coming from a web-server, this is detrimental to web-apps.

No, not all endpoints on that are Open Cloud.

Some undocumented endpoints I’m aware of that could serve value for public use:

  • /universes (place publishing is documented on Creator Docs, everything else is not such as creating new universes, getting universe for a place, etc.)
  • /cloud-authentication (not super useful for public use, but I have my personal use cases)
  • /developer-analytics-aggregations (external dashboards, such as Grafana)
  • /game-passes

I’m not entirely sure why these are undocumented while most other Roblox APIs are usually well documented nowadays. It feels like a step backward.

5 Likes

Using external software written in Python I’ve sent POST requests to many of the endpoints, sorry but I don’t understand the issue.

I’ve made it very clear that I am making a JavaScript app (a web browser cannot run Python), the CORS policy of Roblox blocks those requests because it’s a POST request, while previously it would not as it was a GET request. I cannot simply solve my issue by changing languages since the internet only widely supports JavaScript, as a result, these endpoints are worse compared to the functionality I was able to achieve with the old-endpoints in my case.

All these functionalities seem to be achievable via other apis from other api pages (and cloud authentication appears to be similar to oath2), is that possibly why they weren’t documented?

1 Like

Sorry to slide in, but they are referring to in-browser web apps which are separate from server-sided tools such as Python or NodeJS. Web browsers have security policies in place to prevent websites from sending any kind of requests to wherever.

Because of one of these security policies (CORS), you are unable to make certain types of requests to Roblox as a security measure (e.g. you can’t go to a scam site and it sends a request to Roblox to purchase an item without your consent or knowledge)

Roblox can choose to allow certain endpoints to bypass this security measure by providing certain headers, but may have not noticed the use-case or have reasons to keep it enabled.


Not entirely. Roblox seems to be migrating some of these from the older endpoints, such as developer analytics which is used on the new Creator page. Cloud Authentication may provide other stuff for OAuth2 but I’ve been using it to update OpenCloud keys via external tooling.

I assume Roblox has internal documentation for these endpoints, and not all require authentication or an Open Cloud API key. I assume they haven’t been documented because they don’t perfectly align with Open Cloud but it would be still valuable (even if there are alternatives) to have these documented.


Additionally, would it be possible to have the new universes/v1/universes/create endpoint support creating sub-places? I’ve been having to use www.roblox.com/ide/places/createV2 to accomplish this. I can’t seem to get the other to work for this.

My use case is that I have a GitHub Action that creates a new universe and necessary sub-places for every pull request (and keeps them in sync) so others on the team can easily join and test changes. This is useful since we have a moderately big team and multiple things being worked on at once.

This is also why I update Open Cloud API keys through external tooling, to allow the place publishing endpoint to access these newly created universes.

5 Likes

On the original announcement of the Sunset of api.roblox.com, there is a list of replacements:

Hacky workaround, but you could try to use this instead:
https://www.roblox.com/users/profile?username=builderman

It redirects to the user’s profile page, or the 404 page if they don’t exist. Just send a HEAD request, and extract their userid from the redirect page url

1 Like

I wish that https//apis.roblox.com/ or https//apis.roblox.com/docs would show all sub api links as a minimum. Since all devforum posts get lost over time. And it’s already hard enough to find the “sunset” post every time we want the sub apis.

rip everyone that still uses noblox.js

RIP I guess? Idk why yall even host every api individually

1 Like

I’m no web designer, but perhaps it’s to spread out the traffic of everybody trying to use the APIs?

1 Like

noblox is still actively maintained. It got updated fairly recently in fact, which most likely replaced the old endpoints with the new ones

2 Likes

apis.roblox.com is documented on the Creator Hub’s documentation section.

All other apis, e.g. users.roblox.com have service-specific documentation (Swagger API) avaliable at /docs.

Roblox uses microservices to distribute their APIs, they also deploy a similar process on the frontend (roblox.com) similar to how in the Luau API MarketplaceService is not the same as UserInputService. api.roblox.com has functioned as a pseudo API gateway, taking data from each of these services and returning it to the end user. This is not ideal for various reasons, such as creating a single point of failure on the application end and requiring an internal call from the gateway to the other service (rather than making a HTTP request to the service directly).

1 Like

If I’ll be honest I kinda liked the older API more because of its ease of access. The new one feels a little cluttered and the search bar too, but I guess this is just change itself.

1 Like

My mistake(I often think of people mentioning JavaScript as in Node), however if your website has a backend couldn’t you use that to make the requests?

Even if each API has a section cluttered on the creator’s hub, I refuse to use a lot of time to find them all scattered around in sub-pages.
swagger is much easier to use, even if there was only links to each subdomain.
Swagger should be used on apis.roblox.com in order to list all the different subdomains.

2 Likes

oh damn lol, thought it was discontinued quite a while ago

The documentation for apis.roblox.com, which is limited to Open Cloud, confined to one section – Cloud | Roblox Creator Documentation – with each service (top-level route) having its own page.

As for the main API services, these are not documented on the Creator Hub as they are intended primarily for internal use, but there are still numerous community resources that document them all in one place; almost all service subdomains have Swagger documentation, only a few highly-restricted ones do not.

Not all endpoints available from apis.roblox.com are Open Cloud. Some are used on the Creator Dashboard for universe analytics and other stuff. All of these are undocumented APIs being used in newer work by Roblox.

Not all endpoints require any authentication (example), or only use the traditional cookie authentication and not Open Cloud API keys (universes/v1/universes/create)

It’s a weird mix of things, and I’m not sure why Roblox has done this and continued to build on top of it. Either way these endpoints are being recommended as alternatives for APIs being removed that were previously documented, and are only documented on the original thread which as previously mentioned is easy to lose and not clear.

For any of you who depend on the endpoints on api.roblox.com, here’s a list of associated endpoints that are housed in supported microservices:

GET /incoming-items/counts → Split into two endpoints.

GET https://friends.roblox.com/v1/user/friend-requests/count

GET https://privatemessages.roblox.com/v1/messages/unread/count

GET /users/{userId} → GET https://users.roblox.com/v1/users/{userId}

GET /users/get-by-username → POST https://users.roblox.com/v1/usernames/users

Rest are on the OP’s previous announcement. These are just the most common ones / remain listed on the URL’s docs.

2 Likes