Authentication

Authentication is required for accessing the majority of resources on Roblox. Authentication can usually be granted with a cookie such as the  cookie.

Authenticating will allow us to send API requests as a logged-in user, which will allow you to write bots that can modify content on the Roblox platform (for example, ranking a user in a group). To do this, we need to get our  cookie.

.ROBLOSECURITY
The .ROBLOSECURITY token is placed in the client's cookies and identifies the user's active session. The cookie must be named  and contains a value similar to this: _|WARNING:-DO-NOT-SHARE-THIS.--Sharing-this-will-allow-someone-to-log-in-as-you-and-to-steal-your-ROBUX-and-items.|_TOKEN The  is a capitalized hexadecimal string, roughly around 600 characters in length.

Obtaining a cookie
The  cookie can be obtained by using a browser's web development tools or getting the cookie from Roblox Studio's files.

The warning message
The warning message is not required, however, the bounding characters  and   are required for adding a message to the cookie's value and acts similarly to a comment in Computer Programming.

Tokens that would work: _|Example text|_TOKEN _||_TOKEN TOKEN Tokens that wouldn't work: Example text_TOKEN _TOKEN Example textTOKEN

Authenticating in practice
Python=It may be preferable to utilize the "session" object provided by the requests library. This example demonstrates making requests with and without the use of a session object. Ruby = JavaScript (with Deno) = JavaScript (with Node.js) = Rust = F# = FireX =