X/Twitter Verification System?

Hey, I want to make a verification system that checks if a person is following me on X/Twitter, I found this code on the dev forum but it doesn’t work, I have tried asking ChatGPT but it just put me trough a 2 hour long journey of the same errors.

I’d appreciate any help since I’m desperate honestly as I have no idea what to do. :joy:

Here is all the information about the Code:

The Code:

local XService = {}

local HttpService = game:GetService("HttpService")
local ReplicatedStorage = game:GetService("ReplicatedStorage")

local Link = "https://api.twitter.com/2/users/%s/following"
local Username = "TheHiddenModule"

local BearerToken = ""
local ApiKey = ""
local ApiKeySecret = ""

local UserId = HttpService:JSONDecode(HttpService:RequestAsync({Url = "https://api.twitter.com/2/users/by/username/" .. Username, Method = "GET", Headers = {["bearer_token"] = BearerToken, ["api_key"] = ApiKey, ["api_key_secret"] = ApiKeySecret}}))["data"]["id"]

function XService:IsFollowing(TargetName)
    local TargetId = HttpService:JSONDecode(HttpService:RequestAsync({Url = "https://api.twitter.com/2/users/by/username/" .. TargetName, Method = "GET", Headers = {["bearer_token"] = BearerToken, ["api_key"] = ApiKey, ["api_key_secret"] = ApiKeySecret}}))["data"]["id"]
    local Response = HttpService:JSONDecode(HttpService:RequestAsync({
        Url = string.format(Link, UserId),
        Method = "POST",
        Headers = HttpService:JSONEncode({
            ["target_user_id"] = TargetId,
            ["bearer_token"] = BearerToken,
            ["api_key"] = ApiKey, 
            ["api_key_secret"] = ApiKeySecret
        })
    }))

    return Response['data']['following']
end

function XService:Init()
    print(self:IsFollowing("Khelidria"))
    ReplicatedStorage.Remotes.IsFollowing.OnServerInvoke = function(Player, Input)
        return self:IsFollowing(Input)
    end
end

return XService

The Error:

  19:50:27.522  Header "bearer_token" has unallowed character "_"  -  Server - XService:13
  19:50:27.522  Stack Begin  -  Studio
  19:50:27.522  Script 'ServerScriptService.Modules.XService', Line 13  -  Studio - XService:13
  19:50:27.522  Stack End  -  Studio
3 Likes

Hi there, how were you expecting to retrieve their twitter username to check against your following list? Asking players for any sort of off-site identification is prohibited.

As for the error you are expereincing, its nothing new. Roblox has for some reason not allowed underscores(_) in header keys. A solution could be to try using a dash(-) instead, just to see if the twitter api will accept those. If not, you might have some luck in creating your own proxy that translates your requests with dashes(-) to requests with underscores( _) and sends that back.

2 Likes

I have tried replacing the underscores with -

And how is this prohibited? Games like Pet Simulator 99 have done this aswell.

This is the error I get:

  20:05:50.656  Header "bearer-token" has unallowed character "%" in value "mybearertokenishere"  -  Server - XService:13
  20:05:50.656  Stack Begin  -  Studio
  20:05:50.656  Script 'ServerScriptService.Modules.XService', Line 13  -  Studio - XService:13
  20:05:50.656  Stack End  -  Studio
2 Likes

bro made a x service
also u need to convert the string into binary

2 Likes

Yes I did, which string? There is many strings.

1 Like

Can you try printing the output of each request? For instance, instead of the one line of code you have for:

local UserId =

Split it up like this

local FirstRequest = HttpService:RequestAsync({
	Url = "https://api.twitter.com/2/users/by/username/" .. Username,
	Method = "GET",
	Headers = {["bearer-token"] = BearerToken,
		["api-key"] = ApiKey,
		["api-key-secret"] = ApiKeySecret
	}
})
print(FirstRequest)
local UserId = HttpService:JSONDecode(FirstRequest["data"]["id"])

And provide us with the print so that we can see whats going wrong in that line… Of course, if theres any sensitive data in the response, censor it for us.

2 Likes

Hey, sorry for the late reply,

it won’t even go past the print, this is the error(its the same)

 02:18:10.339  Header "bearer-token" has unallowed character "%" in value "censoredbearertoken"  -  Server - XService:13
  02:18:10.339  Stack Begin  -  Studio
  02:18:10.339  Script 'ServerScriptService.Modules.XService', Line 13  -  Studio - XService:13
  02:18:10.339  Stack End  -  Studio
1 Like

Source? Pet Simulator X and 99 both have a verify with X system:

image

They ask for your X username to verify you. Some other games may even ask for your discord username to verify you.

1 Like

Pet Simulator breaks some TOS, it just makes money which is why it wasn’t taken down

3 Likes

It still is against the terms of use on roblox, I suggest you report the game(s) you see asking for offsite PII.

1 Like

Roblox disallowed many special characters inside of http request headers, such as underscores (_), percent signs (%), and the vertical bar (|)
Header has unallowed character % in value - #10 by V_ChampionSSR.

I suggest looking up, just on google, solutions to your problem. In this case, both in the original post and in this reply, simply copy and pasting the error text, without your specific variable names, into google results in a few working answers.

2 Likes

It’s not personal information, though. It’s your X username. By that logic, telling somebody your roblox username on X is PII.


You can just connect your twitter to roblox so why should this be against the ToS and if so you can easily bypass it by just getting the connections from a roblox user and check if he follows on twitter the result would be the same

PII is information that can be used to link users across accounts either on or off roblox. Ex. User562 tells you their twitter username is “StaryNight456”, and then they join the game again, under a new account, “User95” and tells you their twitter username is once again StaryNight456, that just created a link between two different accounts and also identified them off of roblox. Now, in most cases this is strictly not allowed but after quickly reading the TOS I noticed this bulletpoint.

The notable part is that it says “not linked to Roblox” now, this could mean accounts like twitter, youtube, etc, that are allowed in the socials sections of profiles and games are linked to roblox and are allowed to be requested, or it means that only official roblox links can be requested. Which is it, we don’t know.

So there is a conflict here and I suggest that you navigate it carefully, don’t store players usernames, and definently make sure you wrap this whole thing in the PolicyService to make sure only users who are over 13 can see the twitter prompt.

Tried out the function, this is what I have now.

  22:24:29.682   ▼  {
                    ["Body"] = "{
  "title": "Unauthorized",
  "type": "about:blank",
  "status": 401,
  "detail": "Unauthorized"
}",
                    ["Headers"] =  ▶ {...},
                    ["StatusCode"] = 401,
                    ["StatusMessage"] = "Unauthorized",
                    ["Success"] = false
                 }  -  Server - XService:29
  22:24:29.682  ServerScriptService.Modules.XService:30: attempt to index nil with 'id'  -  Server - XService:30
  22:24:29.683  Stack Begin  -  Studio
  22:24:29.683  Script 'ServerScriptService.Modules.XService', Line 30  -  Studio - XService:30
  22:24:29.683  Stack End  -  Studio

Ok so this means that either your variables, BearerToken, ApiKey, or ApiKeySecret, are incorrect, or the function provided did not work.

Try placing a backslash() before any percentage signs in your heade value.

Alternatively, there is this possible solution from somebody who has already implemented something similar to what you are attempting to do: