This is a powerful, security-focused, and stealthy Roblox Group Management API written entirely in Python. It runs a local web server that wraps complex Roblox group operations into simple, secure RESTful API endpoints, allowing for easy automation of your group's administration.
The core design philosophy of this project is the "Paranoid Masquerade Mode," which aims to minimize the risk of detection by Roblox's anti-bot systems by deeply emulating the behavior of a real human user browsing the site.
| Feature | This Project | Traditional / Simple Scripts |
|---|---|---|
| Browser Simulation | ✅ High-Fidelity Mimicry: Rotates browser identities & sends matching sec-ch-ua headers. |
❌ Basic or None: Static User-Agent, easy to fingerprint. |
| Session Management | ✅ Smart Keep-Alive: Refreshes CSRF and session by simulating harmless activity. | ❌ Passive: Cookies & tokens expire quickly. |
| Request Protocol | ✅ Modern HTTP/2: Uses httpx to match modern browser behavior. |
❌ Outdated HTTP/1.1. |
| Behavioral Pattern | ✅ Human-like Pacing: Randomized delays to mimic human reaction times. | ❌ Instantaneous requests at machine speed. |
| Risk Profile | ||
| 📋 Features List (API Endpoints) |
Information
GET /groups/{group_id} – Get public information about a group.
GET /groups/{group_id}/users/{user_identifier}/role – Get a user's role & rank in the group.
GET /groups/{group_id}/roles – Get all roles (ID, name, rank).
Ranking
POST /groups/{group_id}/users/{user_identifier}/promote – Promote user.
POST /groups/{group_id}/users/{user_identifier}/demote – Demote user.
PATCH /groups/{group_id}/users/{user_identifier}/rank – Set user rank (1-255).
POST /groups/{group_id}/mass-rank – Rank multiple users with reporting.
Membership
DELETE /groups/{group_id}/users/{user_identifier} – Kick user.
POST /groups/{group_id}/kick-all – Kick all kickable members.
GET /groups/{group_id}/join-requests – View join requests.
POST /groups/{group_id}/join-requests/accept – Accept join request.
POST /groups/{group_id}/join-requests/decline – Decline join request.
GET /groups/{group_id}/members – List all members (paginated).
GET /groups/{group_id}/roles/{role_id}/users – List users in a specific role.
Finance
GET /groups/{group_id}/revenue/summary/{time_period} – Revenue summary.
POST /groups/{group_id}/payouts – Make payouts.
Auditing
GET /groups/{group_id}/audit-log – Group audit log.
🧰 Installation and Setup
1️⃣ Prerequisites
Python 3.7+
2️⃣ Install Dependencies
pip install -r requirements.txt
3️⃣ Get Your .ROBLOSECURITY Cookie
Steps in Chrome/Edge:
Log in to Roblox.
Press F12 → Application tab → Cookies > https://www.roblox.com
Find .ROBLOSECURITY and copy its full value.
4️⃣ Configure the Script
Create a file named .env and add:
ROBLOSECURITY=PASTE_YOUR_COOKIE_VALUE_HERE
5️⃣ Run the Server
bash restart.sh
The server will display the address and your unique API Key.
🔗 How to Use the API
Get Your API Key
The first run will print your API key and save it in api_key.txt.
Authorize Requests
✅ Add your API key via:
Header: x-api-key: YOUR_API_KEY
Or Query Param: ?api_key=YOUR_API_KEY
Interactive Docs
Open http://127.0.0.1:8000/docs for a full Swagger UI to test endpoints.
Example: Get Group Info
curl -X GET "http://127.0.0.1:8000/groups/1234567"
-H "x-api-key: your_api_key_here"
🔒 Security Considerations
✅ API Key Protection: All endpoints require the key.
✅ Local Execution: Credentials stay on your machine.
📜 Disclaimer
This tool is intended for educational and research purposes only. Using automation may violate Roblox's Terms of Service. You assume all risks including account bans. The developer assumes no liability.