Client

The client is the gateway to all of the methods that are provide

Welcome! This page will show you how to set up the client objects so you can get the best experience you can with the API.

Reminder: If you haven't installed the system you should follow the steps in the page linked below:

pageInstallation

You can run a client without providing a .ROBLOSECURITY cookie but it will not be able to run methods that require authorization like modifying games, ranking users, making shouts, etc.

Authorized Clients

Authorized clients are the ones with the ability to make group shouts, rank users, create developer products, and basically all of the cool stuff you can do with an actual account.

Step 1: Creating an account / getting an alt account (You can skip this step if you have an alt account already prepared for this)

Step 2: Getting your cookie

I'm using Chrome for this video, but other browsers should have similar features. If you already know how to get your cookie, just get it and go on to step 3.

1. Hit Ctrl + Shift + I or right click to open inspect element

2. Go all the way to the network tab, hit the arrows next to it and select "Cookies" and open the "www.roblox.com" subsection

3. Find the ".ROBLOSECURITY" cookie and select your cookie. It will start with "_|WARNING:-DO-NOT-SHARE-THIS."

Step 3: Setting up the client

The client is where you'll be able to do all of the fun things. Now that you have your cookie, this will allow it to login and perform actions that you tell it to under the specified cookie.

local client = require(script.Parent:WaitForChild("rbx"))({ --> Set this to the path of the ingame code
    ["proxy"] = "" --> This should be replaced with your proxy URL.
}).client();

This code will start a client object with your proxy URL. If you don't provide a proxy URL, none of the features will work. Now, finally you can authorize it with your cookie. All it needs is one line of code and you're ready to go.

local success = client:login("COOKIE HERE") --> This function will yield and return whether or not authorization was a success.

If you're worried about security, the cookies are not stored anywhere other than the cookie part of your code that you log them in with. This may not be enough transparency for some people which is why I provide the source code of the proxy so you can run it yourself and not worry about leaks. If you're not going to be using anything that requires an account like ranking, shouts, etc. you do not need to use a cookie whatsoever.

If you did it properly, your code should look something like this:

local client = require(script.Parent:WaitForChild("rbx"))({
    ["proxy"] = "somerandomepicproxy.com"
}).client();

local success = client:login("_|WARNING:-DO-NOT-SHARE-THIS.--Sharing-this-will-allow-someone-to-log-in-as-you-and-to-steal-your-ROBUX-and-items.");

That's it! Now if it returned "true" as success you can go onto use the methods it gives you!

When it successfully authorizes you, it adds an array to the client object called "info" and it has the username, display name, and user ID.

Unauthorized Clients

Unauthorized clients are clients that don't use cookies and only make basic API requests like getting user outfits, user profile information, and features you can do without an account.

These are very straightforward to set up. They're very similar to Step 3 above except they don't use cookies. You'll start with the code below which initiates the client and sets up the proxy information.

local client = require(script.Parent:WaitForChild("rbx"))({
    ["proxy"] = "somerandomepicproxy.com"
}).client();

Once you have this, it'll provide a blank client similar to the previous one and now you only need to do one more thing!

client:login() --> Not providing a cookie just makes an unauthorized client

The full code should look something like this:

local client = require(script.Parent:WaitForChild("rbx"))({
    ["proxy"] = "somerandomepicproxy.com"
}).client();

client:login(); --> You don't need to worry about the success part because it's not checking to see if it's a valid cookie