Users Api (get by username) being rate limited 100% times

Hello!

Since today, around 21:25 UTC, Roblox api (specifically users one - https://users.roblox.com/ > get by username method ) started throwing rate limits.

Tested endpoint:
https://users.roblox.com/v1/usernames/users

Docs
https://users.roblox.com/docs#!/Users/post_v1_usernames_users

Gif:
https://gyazo.com/b98d82f053ef5fe58db54b462d4ecff3

Seems it returns the rate limit 100% times, can’t get it to work at any way.

13 Likes

I can confirm, while ranking people for my MBTA training, Roblox has went down on this.

It appears to work for under endpoints under the same subdomain (such as https://users.roblox.com/docs#!/Users/post_v1_users), so it’s probably specific to that endpoint.

4 Likes

I still cannot rank or do anything with the search tool.

Encountering the same issue using the website, HTTP get requests from node, and while on a VPN. Other users are reporting the same issues with the Group Admin.

1 Like

Appears it’s now fixed when executing from Roblox’s website, but not when using the curl command or outside in general.

To reproduce:

  • copy the curl command from docs and run on linux.

After some research I’ve figured out that in reality some ip blocks / ASN’s were blacklisted resulting in 429 errors 100% times.

Tested using

curl -X POST -H "Content-Type: application/json" -H "Accept: application/json" "https://users.roblox.com/v1/usernames/users" -d "{ \"usernames\": [ \"string\" ], \"excludeBannedUsers\": true }" --resolve users.roblox.com:443:128.116.124.3

On both my local PC and fresh remote server instance.

I suppose Roblox locked whole ASN’s / ip blocks with that - tested eg. OVH and DigitalOcean.

This doesn’t seem to be fair practice, especially if users (like me) implemented rate limit handling after eg the group endpoint incident (Groups Api being randomly rate limited?).
Could error code like 403 (Forbidden) or 503 (Service Unavailable) be used in future incidents like that? :pray:

CC: @WebGL3D

2 Likes

ASN blocks may have been from the people who run Roblox bots on the networks eg. trade spam bots and people that scrape unowned groups for forgotten robux.

This is unrelated to the topic. The ASN block is only implemented in the function from the thread (get by username api) so it has no relation to “trade spam bots” or “bots which scrape unowned groups” (literally, different sort of api where the issue doesn’t happen).

And what I am talking about is actually using appropriate response code for that instead of 429 which indicates rate limit (sending too many requests).

Thanks for the report! We’ve filed this internally and we’ll follow up here when we have an update for you.

1 Like

This issue should now be resolved! If this issue is still occurring, please create a new topic for us to look into.

3 Likes

The issue still occurs. Doesn’t seem to be fixed.

1 Like

I can confirm this is still happening on DigitalOcean. @Hippie_ofDoom