EDIT: I realized that this endpoint is not listed under the Open Cloud v2 category on the docs so perhaps it isn’t supported. I find it strange though since I would assume that endpoints showing the necessary scopes are accessible.
On that note, the documentation for the web endpoints could use serious improvement. It is difficult to find what is and isn’t supported with the new open cloud. And as someone who is attempting to build an app using these APIs, I would appreciate a separate home for updated (/non legacy) endpoints so it is easy to view the reference for all the endpoints without needing to sort everything and double check if I am in the v2 section, legacy section, etc.
I am using the required scope as per docs (creator-store-product:read).
Authentication is being done correctly. Running the exact same request structure with the user.advanced:read scope, calling /users/id returns the idVerified field which is a restricted field that would only show up if proper auth is provided.
I am attempting to use the toolbox service endpoint but it keeps returning a 403 error.
Making GET request to: https://apis.roblox.com/toolbox-service/v2/assets:search?searchCategoryType=Plugin&query=Interface&userId=1175129163
Final headers being sent:
{
"Content-Type": "application/json",
"Authorization": "Bearer eyJ..."
}
Response status: 403
Response headers:
{
"content-length": "73",
"content-type": "application/json",
"date": "Wed, 25 Jun 2025 05:53:38 GMT",
"nel": "{\"report_to\":\"network-errors\",\"max_age\":604800,\"success_fraction\":0.001,\"failure_fraction\":1}",
"report-to": "{\"group\":\"network-errors\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://ncs.roblox.com/upload\"}]}",
"server": "public-gateway",
"strict-transport-security": "max-age=3600",
"vary": "Origin",
"x-envoy-upstream-service-time": "19",
"x-ingress-proxy": "true",
"x-roblox-edge": "lga2",
"x-terms-message": "Terms apply https://rblx.co/TOU."
}
response body:
{"errors":[{"message":"Invalid authentication data provided","code":0}]}
.