Users Api (get by username) being rate limited 100% times

Etheroit · August 16, 2020, 9:30pm

Hello!

Since today, around 21:25 UTC, Roblox api (specifically users one - https://users.roblox.com/ > get by username method ) started throwing rate limits.

Tested endpoint:
https://users.roblox.com/v1/usernames/users

Docs
https://users.roblox.com/docs#!/Users/post_v1_usernames_users

Gif:
https://gyazo.com/b98d82f053ef5fe58db54b462d4ecff3

Seems it returns the rate limit 100% times, can’t get it to work at any way.

JoaoIsHuman · August 16, 2020, 9:58pm

I can confirm, while ranking people for my MBTA training, Roblox has went down on this.

rogchamp · August 16, 2020, 10:05pm

It appears to work for under endpoints under the same subdomain (such as https://users.roblox.com/docs#!/Users/post_v1_users), so it’s probably specific to that endpoint.

JoaoIsHuman · August 16, 2020, 10:12pm

I still cannot rank or do anything with the search tool.

chexburger · August 16, 2020, 10:37pm

Encountering the same issue using the website, HTTP get requests from node, and while on a VPN. Other users are reporting the same issues with the Group Admin.

Etheroit · August 20, 2020, 1:16am

Appears it’s now fixed when executing from Roblox’s website, but not when using the curl command or outside in general.

To reproduce:

copy the curl command from docs and run on linux.

Etheroit · August 20, 2020, 2:11pm

After some research I’ve figured out that in reality some ip blocks / ASN’s were blacklisted resulting in 429 errors 100% times.

Tested using

curl -X POST -H "Content-Type: application/json" -H "Accept: application/json" "https://users.roblox.com/v1/usernames/users" -d "{ \"usernames\": [ \"string\" ], \"excludeBannedUsers\": true }" --resolve users.roblox.com:443:128.116.124.3

On both my local PC and fresh remote server instance.

I suppose Roblox locked whole ASN’s / ip blocks with that - tested eg. OVH and DigitalOcean.

This doesn’t seem to be fair practice, especially if users (like me) implemented rate limit handling after eg the group endpoint incident (Groups Api being randomly rate limited?).
Could error code like 403 (Forbidden) or 503 (Service Unavailable) be used in future incidents like that?

CC: @WebGL3D

ScriptingIsForSkids · August 21, 2020, 5:02pm

ASN blocks may have been from the people who run Roblox bots on the networks eg. trade spam bots and people that scrape unowned groups for forgotten robux.

Etheroit · August 21, 2020, 6:50pm

This is unrelated to the topic. The ASN block is only implemented in the function from the thread (get by username api) so it has no relation to “trade spam bots” or “bots which scrape unowned groups” (literally, different sort of api where the issue doesn’t happen).

And what I am talking about is actually using appropriate response code for that instead of 429 which indicates rate limit (sending too many requests).

Hippie_ofDoom · September 8, 2020, 10:18pm

Thanks for the report! We’ve filed this internally and we’ll follow up here when we have an update for you.

Hippie_ofDoom · September 30, 2020, 6:46pm

This issue should now be resolved! If this issue is still occurring, please create a new topic for us to look into.

Etheroit · September 30, 2020, 6:49pm

The issue still occurs. Doesn’t seem to be fixed.

sloss2003 · October 4, 2020, 3:28am

I can confirm this is still happening on DigitalOcean. @Hippie_ofDoom

xBugraSins · February 17, 2021, 6:59am

just use proxy aka vpn

am using proxy in my code to prevent this “TooManyRequest” error