Unban anyone that's banned?

Hey I recently had some players banned on my game due to an intruder, and I’m unsure who all was banned. Is there a way to see, or even unban everyone we irh BanAsync? Thank you for your time

you can use UnBanASync()

here is where you can learn unban async

You can’t check all the players that have been banned, or for the least unban all of them, this is a feature Roblox is missing.

Theoretically, although, in the dashboard you can manage bans, this is something i can’t find in my experiences though: Introducing the Ban API and Alt Account Detection - #855 by Roblox

you could actually

thats why private reasons are a feature for BanAsync()

Explain how, you just told this guy how to unban people, not how to get a list of every banned player

Like Polo said, UnBanASync(). Scrolling through the document, I saw GetBanHistoryAsync, which you can get a history of banned players.

GetBanHistory doesn’t return a history of banned players, it returns the ban history of a single player

I was saying that this guy probably wants a list of ALL of his banned players to check all of them, I’m not asking you to make UnbanAsync execute safely, I don’t know why you even interpreted my message that way.

Supposedly, as of August 2024, it should be possible to see a list of every player who was banned in your game via the Roblox Creator Hub, allowing you to unban them from there without needing to do anything in Roblox Studio.

However, when I tried following the instructions outlined by Roblox in the Ban API Announcement thread, I still don’t see the “Moderation” section for any of my games.

• Edit #1: Recent posts on the announcement thread seem to indicate that the “Moderation” tab was silently removed sometime within the past 24 hours, so the steps below won’t work yet until it is (hopefully) readded.

Just in case it works for you, here’s the post from Roblox that details the step-by-step instructions:

Yeah, Roblox decided to remote the panel on creator dashboard:




and the only way I can think of to do this would be via OpenCloud.

1. Make an OpenCloud API Key with the necessary permissions

• Permissions:
  universe.user-restrictions:read
universe.user-restrictions:write

Get that token and keep it safe! It can be used to interact with bans in your game.

2. We can now get the bans. For this example, I’ll use JavaScript, because I think it’ll be the easiest to work with here.

const apiKey = "that API key token you got earlier.";
const universeId = 1394; //change this to your universe ID

//the url for getting bans
const retrieveUrl = `https://apis.roblox.com/cloud/v2/universes/${universeId}/user-restrictions?maxPageSize=100&filter=game_join_restriction.active=="true"`;

/*
to retrieve banned players, we can send a request with our api key for the banned users.
the easiest way to do this is through fetch.
we'll use an async function so we don't need to deal with the promises. */

async function getBannedUsers() {
    //send the GET request
    let response = await fetch(retrieveUrl, {
        method: "GET",
        headers: {
            "x-api-key": apiKey //we need this to get the response
        }
    });

    //if the request failed. If this branch is run, please let me know.
    if (!response.ok) {
        console.warn("Failed to retrieve ban data. Error code:", response.status);
    };

    //get the JavaScript Object Notation (JSON) data from the request
    let bans = await response.json();

    //iterate over all the bans to get who is banned
    for (const index in bans.userRestrictions) {
        let field = bans.userRestrictions[index]; //get the associated ban data
        
        //here, we get a whole lot of data about the player's ban.
        //the gameJoinRestriction field will hold data about the actual restriction itself, like the reason.

        //it might help to know when the ban started. We can get the date which it started from this field.
        let banStartTime = new Date(field.gameJoinRestriction.startTime);

        //we can also get the UserId by splitting the field "users/xxxxxx"
        let userId = Number(field.user.split("/")[1]);

        //knowing the duration and reason might also help you to determine who was falsely banned. This gets it in seconds.
        let duration = Number(field.gameJoinRestriction.duration.split("s")[0]);

        let privateReason = field.gameJoinRestriction.privateReason;
        let displayReason = field.gameJoinRestriction.displayReason;

        //do whatever you will with these values.
    };
};

3. Unbanning a user - how?
   We can send a HTTP PATCH request to their gameJoinRestriction and set the “active” field to false.

//unbanning a banned user
async function unbanUser(userId) {
    //getting the url we need
    const url = `https://apis.roblox.com/cloud/v2/universes/${universeId}/user-restrictions/${userId}`;

    //sending the HTTP request to get the player unbanned
    let response = await fetch(url, {
        method: "PATCH",
        headers: {
            "x-api-key": apiKey,
            "Content-Type": "application/json" //indicate JSON content
        },

        //set the gameJoinRestriction field to false, this will unban them
        body: JSON.stringify({
            gameJoinRestriction: {
                active: false
            }
        })
    });

    if (!response.ok) {
        console.warn("Failed to ban user. Status code:", response.status);
    };
};

Other things

• The page size for banned players has a maximum of 100, but you can go to the next page by sending another request with the pageToken parameter returned from your other request.
• If you need more user information, you could take a look at this documentation page which has useful apis for getting user information.

I hope this helps!

Dashboard was removed apparently.

That’s why it is probably better to do an additional Datastore for banned users until the Roblox’s one is fully working. This way you only have to load, update and save a table in which you’re storing all banned UserId, then you’re able to view and manage it at any time from studio.

I’m bumping this because I just banned myself and I did not appear on the Ban Management Dashboard even after constant refreshes, so naturally I added myself manually and removed myself after, still did not work. And Roblox being thick decided to not allow Unbans in Studio.

Help…

You could add an alternate account and give it edit access to your place, go into your place on that alternate account, open up the server side of the Developer Console and manually unban yourself through the command line there. Remember to remove the account’s edit access afterwards.

Or, you could use my OpenCloud solution which I suggested before, except you’d only need the second half.

The endpoint for viewing banned users is the following:

https://apis.roblox.com/user/cloud/v2/universes/{universeId}/user-restrictions?maxPageSize=10&pageToken=

It only returns results if you have permission to view the banned users of that experience(for example if you’re the owner of it).

What you can do so you can tackle this in a secure manner, is write a javascript script that iteratively calls this API within your own browser(so it uses your Roblox cookie), tell that javascript script to return you a list of ids of all the banned users, then in studio copy paste them and call UnbanAsync for all of them in a pcall with repeat logic(in case it fails). This strategy is effective if you plan to use it once in a while for disaster management(like the one you mention in your post) and also avoids exposing your cookie to third parties, since the initial fetch script runs locally in your browser inspect element console.

BanAsync and UnbanAsync don’t work in Studio. While you could copy and paste them into the server-sided developer console and go from there, would it not be easier to just keep it all in the same script and use HTTP requests to unban them? Also, would an API key not be better?

Attempting to do it through the console results in this error:
“Refused to connect to URL because it violates the following Content Policy Security directive: ‘default-src: none’.”

I attempted all possible combinations of code I know to get it to work, but was always met with this error. I did include valid authentication, but even with my Roblox cookie on my PC I still got a 403 Unauthorized error.

Could you please explain your method more?

This is weird, for me the following javascript console code gives the desired result:

const universeId = "0"; // universe id you have access to
fetch(`https://apis.roblox.com/user/cloud/v2/universes/${universeId}/user-restrictions?maxPageSize=10&pageToken=`).then(response => {return response.json();}).then(data => {console.log(data);});

This is simplified without any iterations or cursors used(so it returns max 10 results).

Are you sure you are running the code inside the inspect element of the roblox website and with the required cookies? Also are you sure you can view the banned users of that experience? Lastly are you sure you aren’t mistaking the place id for the universe id?

yes, yes and yes. But now, I have a different error. It’s a standard 403 Forbidden.

I tried through the console to access the user restrictions of my own game, and got 403 Forbidden.

I tried with this API just to make sure:

fetch("https://users.roblox.com/v1/usernames/users", {method: "POST", headers: {"Content-Type": "application/json"}, body: JSON.stringify({usernames: ["12345koip"]})}).catch(err => console.log(err));

and I also got a 403 Forbidden, from an API that doesn’t even require authentication.

I guess I’ll stick to Node.js for JavaScript…