Table HttpService:RequestAsync(table request)

HttpService has several limitations:

  • The only supported HTTP methods are GET and POST. Many web services require the use of other methods such as PUT, PATCH, or DELETE
  • Response headers are not exposed. Sometimes response headers contain information needed for further requests.
  • Response status code and reason phrase are not exposed. They are useful for determining why requests are rejected by the server.
  • When sending a POST request, content types are restricted to a whitelist of mime types. The user should be allowed to specify arbitrary content types as there is no security risk and no reason to constrain them

I propose the following method be added to HttpService:

YieldFunction table HttpService:RequestAsync(table requestOptions)

The method would take a Lua table as a parameter and return a Lua table to represent the response. Note that this method would not error for 4xx or 5xx error codes, but it would error if it is unable to send the HTTP request or unable to get a response from the server. Here are the formats for the request table and the response table:

HttpRequest
	string Method = "GET" // defaults to GET
	string Url
	dictionary<string, string> Headers
	string Body

HttpResponse
	bool Success // true if StatusCode is 2xx
	int StatusCode
	string ReasonPhrase
	string Body
	dictionary<string, string> Headers

Basic usage:

local requestOptions = {
  Url = "https://www.google.com/robots.txt"
}
local response = HttpService:RequestAsync(request)
if response.Success then
    print(response.Body)
else
    warn(string.format("Request failed with a status code of %d", response.StatusCode))
end

More advanced usage:

local requestOptions = {
  Url = "https://api.example.com/v1/login",
  Body = string.format("username=Shedletsky&password=hunter2",
  Headers = {
    "Content-Type": "application/x-www-form-urlencoded"
  }
}
local response = game:GetService("HttpService"):RequestAsync(requestOptions)
if response.Success and response.StatusCode == 200 then
  console.log(response.Headers["Set-Cookie"])
end

Any unknown fields in the requestOptions table will cause an error to be thrown, making it easy to find typos. A field being invalid (e.g. requestOptions.Url is not a string) will also cause an error to be thrown.

Headers will follow the same blacklist restrictions as HttpService:GetAsync and HttpService:PostAsync do.

The method must be valid according to RFC 2616, meaning it cannot contain spaces, control characters, etc. An error will be thrown if the method isn’t valid.

token          = 1*<any CHAR except CTLs or separators>
CTL            = <any US-ASCII control character
                        (octets 0 - 31) and DEL (127)>
separators     = "(" | ")" | "<" | ">" | "@"
                      | "," | ";" | ":" | "\" | <">
                      | "/" | "[" | "]" | "?" | "="
                      | "{" | "}" | SP | HT
SP             = <US-ASCII SP, space (32)>
HT             = <US-ASCII HT, horizontal-tab (9)>
43 Likes

This is absolutely necessary. The reason for 5xx and 4xx responses are really useful in debugging.

Implementing these features will allow developers to properly interface with services like AWS.

All of my yes goes to this. It would make debugging web requests so much easier!

My support level is over 9000.

But seriously, I support this.

I would love this because there’s some really cool stuff that could be done with this. :smile:

While this topic is somewhat old, I’m quite in need of the requested feature currently.

For REST APIs like Discord’s, we need the ability to send PUT, PATCH and DELETE requests, which HttpService on Roblox currently doesn’t support - without it, I can’t automatically award users a certain role in our community for in-game achivements.

Furthermore, Twitter’s REST API uses some endpoints which uses DELETE (in case people show tweets in-game - I’ve seen that in some games). Google’s Drive API uses PUT for updating existing files. The https://wit.ai/ API uses both PUT and DELETE endpoints, and there’s much more we can use these methods for.

5 Likes

Rebumping this as I’m getting to the point in my project where I’m using Httpservice a lot, and am having to dedicate resources to building a proxy which can relay these type of requests for me when it should be built into HttpService already. Seriously tho, why hasn’t this happened?

3 Likes

This is an issue I’ve dealt with and have waited for a solution for since nearly the beginning of HttpService! I hope this is actively being worked on and will be a part of HttpService in the near future. If I could change anything in ROBLOX this would be it… well this and the ability to validate requests are actually from a ROBLOX web server without having to build a fancy over-complex key exchange system to protect my API endpoints. (My systems will be used by multiple users and I’m trying to streamline the installation as much as possible so I don’t require any script changes or keys to be pasted anywhere, instead I use a series of key exchanges to validate access but the danger is if someone gets my module’s source and server-side access to a user’s game they could theoretically spoof API requests and affect the services being provided to the game in a harmful manner. Though having a way to validate the web requests are coming from a ROBLOX web server wouldn’t completely solve this it would make it significantly more difficult to use the APIs maliciously.)

(Also whoops, didn’t realize how old this post was… sorry for bumping a year old post x.x)

2 Likes

We are actively working on this and will let you know when it is released.

8 Likes

If it does release do you know if it will be accompanied with letting discord know we can now properly respect their rate limits?

Yes, we will be letting Discord know that our HTTP client now supports some of the things it was missing in order to properly respect throttling limits.

2 Likes

I doubt Discord would allow Roblox webhooks again, at least not without a “but”. If they lifted the block, all old games that didn’t update to a proxy will all of a sudden have working, non throttle respecting webhooks again. I can see Discord lifting the ban on newer webhooks perhaps, or if Roblox takes action on webhooks that don’t respect the throttle limits.

I think the Discord ban has less to do with HttpService’s capabilities anyways and more with the incompetency of many Roblox developers. A lot of requests that don’t follow rate limits or error codes at all while also being spammed way too often all have a Roblox user agent attached. It’s much easier for Discord to put a blanket ban on all of Roblox to block the majority of incompetent developers than it is to deal with them individually.

4 Likes
7 Likes

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.