Auth v2

Reference for the Auth v2 endpoints on Roblox.

Base URL: https://auth.roblox.com

Endpoints

Method	Path	Name
`GET`	`/v2/auth/metadata`	`getAuthMetadata`
`POST`	`/v2/identity-verification/login`	`postIdentityVerificationLogin`
`POST`	`/v2/login`	`postLogin`
`POST`	`/v2/login/linked`	`postLoginLinked`
`POST`	`/v2/logout`	`postLogout`
`POST`	`/v2/logoutfromallsessionsandreauthenticate`	`postLogoutfromallsessionsandreauthenticate`
`GET`	`/v2/metadata`	`getMetadata`
`GET`	`/v2/passwords/current-status`	`getPasswordsCurrentStatus`
`GET`	`/v2/passwords/reset`	`getPasswordsReset`
`POST`	`/v2/passwords/reset`	`postPasswordsReset`
`POST`	`/v2/passwords/reset/send`	`postPasswordsResetSend`
`POST`	`/v2/passwords/reset/verify`	`postPasswordsResetVerify`
`GET`	`/v2/passwords/validate`	`getPasswordsValidate`
`POST`	`/v2/passwords/validate`	`postPasswordsValidate`
`GET`	`/v2/recovery/metadata`	`getRecoveryMetadata`
`GET`	`/v2/revert/account`	`getRevertAccount`
`POST`	`/v2/revert/account`	`postRevertAccount`
`POST`	`/v2/revert/invalidate-tickets`	`postRevertInvalidateTickets`
`POST`	`/v2/session/refresh`	`postSessionRefresh`
`POST`	`/v2/signup`	`postSignup`
`POST`	`/v2/signup/linked`	`postSignupLinked`
`POST`	`/v2/user/passwords/change`	`postUserPasswordsChange`
`POST`	`/v2/username`	`postUsername`
`GET`	`/v2/usernames`	`getUsernames`
`POST`	`/v2/usernames/recover`	`postUsernamesRecover`
`GET`	`/v2/usernames/validate`	`getUsernamesValidate`
`POST`	`/v2/usernames/validate`	`postUsernamesValidate`

`getAuthMetadata`

GET /v2/auth/metadata

Gets Auth meta data

Usage

import { fetchApi } from 'rozod';
import { getAuthMetadata } from 'rozod/lib/endpoints/authv2';

const data = await fetchApi(getAuthMetadata, undefined);

Response

Field	Type	Description
`cookieLawNoticeTimeout`	`number`

`postIdentityVerificationLogin`

POST /v2/identity-verification/login

Endpoint for login with identity verification

Usage

import { fetchApi } from 'rozod';
import { postIdentityVerificationLogin } from 'rozod/lib/endpoints/authv2';

const data = await fetchApi(postIdentityVerificationLogin, {
  body: { /* ... */ }
});

Request Body

Field	Type	Description
`loginTicket`	`string`
`resultToken`	`string`

Response

Type: unknown

Errors

Status	Description
403	0: Token Validation Failed 1: Invalid login ticket. 2: Invalid result token. 3: Invalid user. 4: Authentication failure.

`postLogin`

POST /v2/login

Authenticates a user.

Usage

import { fetchApi } from 'rozod';
import { postLogin } from 'rozod/lib/endpoints/authv2';

const data = await fetchApi(postLogin, {
  body: { /* ... */ }
});

Request Body

Field	Type	Description
`ctype`	`“Email"	"Username"
`cvalue`	`string`
`password`	`string`
`userId`	`number`
`securityQuestionSessionId`	`string`
`securityQuestionRedemptionToken`	`string`
`secureAuthenticationIntent`	`object`	See below
`accountBlob`	`string`
`accountLinkParameters`	`object`	See below
`captchaId`	`string`
`captchaToken`	`string`
`captchaProvider`	`string`
`challengeId`	`string`

secureAuthenticationIntent fields:

Field	Type	Description
`clientPublicKey`	`string`
`clientEpochTimestamp`	`number`
`saiSignature`	`string`
`serverNonce`	`string`

accountLinkParameters fields:

Field	Type	Description
`LinkingPlatform`	`“Invalid"	"Xbox"

Response

Field	Type	Description
`user`	`object`	See below
`twoStepVerificationData`	`object`	See below
`identityVerificationLoginTicket`	`string`
`isBanned`	`boolean`
`accountBlob`	`string`
`shouldUpdateEmail`	`boolean`
`recoveryEmail`	`string`
`passkeyRegistrationSucceeded`	`boolean`
`shouldAutoLoginFromRecovery`	`boolean`
`shouldPrompt2svRemoval`	`boolean`
`shouldPromptPasskeyAddition`	`boolean`

user fields:

Field	Type	Description
`id`	`number`
`name`	`string`
`displayName`	`string`

twoStepVerificationData fields:

Field	Type	Description
`mediaType`	`“Email"	"SMS"
`ticket`	`string`

Errors

Status	Description
400	0: An unexpected error occurred. 3: Username and Password are required. Please try again. 8: Login with received credential type is not supported.
403	0: Token Validation Failed 1: Incorrect username or password. Please try again. 2: You must pass the robot test before logging in. 4: Account has been locked. Please request a password reset. 5: Unable to login. Please use Social Network sign on. 6: Account issue. Please contact Support. 9: Unable to login with provided credentials. Default login is required. 10: Received credentials are unverified. 12: Existing login session found. Please log out first. 14: The account is unable to log in. Please log in to the LuoBu app. 15: Too many attempts. Please wait a bit. 27: The account is unable to login. Please log in with the VNG app.
429	7: Too many attempts. Please wait a bit.
503	11: Service unavailable. Please try again.

`postLoginLinked`

POST /v2/login/linked

Endpoint for logging in a user, specifically for linked

Usage

import { fetchApi } from 'rozod';
import { postLoginLinked } from 'rozod/lib/endpoints/authv2';

const data = await fetchApi(postLoginLinked, {
  body: { /* ... */ }
});

Request Body

Field	Type	Description
`ctype`	`“Email"	"Username"
`cvalue`	`string`
`password`	`string`
`userId`	`number`
`securityQuestionSessionId`	`string`
`securityQuestionRedemptionToken`	`string`
`secureAuthenticationIntent`	`object`	See below
`accountBlob`	`string`
`accountLinkParameters`	`object`	See below
`captchaId`	`string`
`captchaToken`	`string`
`captchaProvider`	`string`
`challengeId`	`string`

secureAuthenticationIntent fields:

Field	Type	Description
`clientPublicKey`	`string`
`clientEpochTimestamp`	`number`
`saiSignature`	`string`
`serverNonce`	`string`

accountLinkParameters fields:

Field	Type	Description
`LinkingPlatform`	`“Invalid"	"Xbox"

Response

Field	Type	Description
`user`	`object`	See below
`twoStepVerificationData`	`object`	See below
`identityVerificationLoginTicket`	`string`
`isBanned`	`boolean`
`accountBlob`	`string`
`shouldUpdateEmail`	`boolean`
`recoveryEmail`	`string`
`passkeyRegistrationSucceeded`	`boolean`
`shouldAutoLoginFromRecovery`	`boolean`
`shouldPrompt2svRemoval`	`boolean`
`shouldPromptPasskeyAddition`	`boolean`

user fields:

Field	Type	Description
`id`	`number`
`name`	`string`
`displayName`	`string`

twoStepVerificationData fields:

Field	Type	Description
`mediaType`	`“Email"	"SMS"
`ticket`	`string`

Errors

Status	Description
400	0: An unexpected error occurred. 3: Username and Password are required. Please try again. 8: Login with received credential type is not supported.
403	0: Token Validation Failed 1: Incorrect username or password. Please try again. 2: You must pass the robot test before logging in. 4: Account has been locked. Please request a password reset. 5: Unable to login. Please use Social Network sign on. 6: Account issue. Please contact Support. 9: Unable to login with provided credentials. Default login is required. 10: Received credentials are unverified. 12: Existing login session found. Please log out first. 14: The account is unable to log in. Please log in to the LuoBu app. 15: Too many attempts. Please wait a bit. 27: The account is unable to login. Please log in with the VNG app.
429	7: Too many attempts. Please wait a bit.
503	11: Service unavailable. Please try again.

`postLogout`

POST /v2/logout

Destroys the current authentication session.

Usage

import { fetchApi } from 'rozod';
import { postLogout } from 'rozod/lib/endpoints/authv2';

const data = await fetchApi(postLogout, undefined);

Response

Type: unknown

Errors

Status	Description
401	0: Authorization has been denied for this request.
403	0: Token Validation Failed

`postLogoutfromallsessionsandreauthenticate`

POST /v2/logoutfromallsessionsandreauthenticate

Logs out user from all other sessions.

Usage

import { fetchApi } from 'rozod';
import { postLogoutfromallsessionsandreauthenticate } from 'rozod/lib/endpoints/authv2';

const data = await fetchApi(postLogoutfromallsessionsandreauthenticate, {
  body: { /* ... */ }
});

Request Body

Field	Type	Description
`SecureAuthenticationIntent`	`object`	See below

SecureAuthenticationIntent fields:

Field	Type	Description
`clientPublicKey`	`string`
`clientEpochTimestamp`	`number`
`saiSignature`	`string`
`serverNonce`	`string`

Response

Type: unknown

Errors

Status	Description
401	0: Authorization has been denied for this request.
403	0: Token Validation Failed

`getMetadata`

GET /v2/metadata

Get the metadata

Usage

import { fetchApi } from 'rozod';
import { getMetadata } from 'rozod/lib/endpoints/authv2';

const data = await fetchApi(getMetadata, undefined);

Response

Field	Type	Description
`isUpdateUsernameEnabled`	`boolean`
`ftuxAvatarAssetMap`	`string`
`IsEmailUpsellAtLogoutEnabled`	`boolean`
`ShouldFetchEmailUpsellIXPValuesAtLogout`	`boolean`
`IsAccountRecoveryPromptEnabled`	`boolean`
`IsContactMethodRequiredAtSignup`	`boolean`
`IsUserAgreementsSignupIntegrationEnabled`	`boolean`
`IsPasswordRequiredForUsernameChange`	`boolean`
`IsPasskeyFeatureEnabled`	`boolean`
`IsAltBrowserTracker`	`boolean`
`IsLoginRedirectPageEnabled`	`boolean`

`getPasswordsCurrentStatus`

GET /v2/passwords/current-status

Returns password status for current user, asynchronously.

Usage

import { fetchApi } from 'rozod';
import { getPasswordsCurrentStatus } from 'rozod/lib/endpoints/authv2';

const data = await fetchApi(getPasswordsCurrentStatus, undefined);

Response

Field	Type	Description
`valid`	`boolean`

Errors

Status	Description
401	0: Authorization has been denied for this request.

`getPasswordsReset`

GET /v2/passwords/reset

Gets metadata needed for the password reset view.

Usage

import { fetchApi } from 'rozod';
import { getPasswordsReset } from 'rozod/lib/endpoints/authv2';

const data = await fetchApi(getPasswordsReset, {
  TargetType: /* unknown */,
  Ticket: /* string */
});

Parameters

Name	Type	Required	Description
`TargetType`	`unknown`	Yes
`Ticket`	`string`	Yes

Response

Field	Type	Description
`users`	`object[]`	See below

users[] item fields:

Field	Type	Description
`userId`	`number`
`username`	`string`
`displayName`	`string`

Errors

Status	Description
400	3: Request was empty. 9: The target type is invalid. 11: The password reset ticket is invalid. 14: The nonce is invalid.
403	11: The password reset ticket is invalid. 16: The ticket is expired.
500	0: Unknown error occured.
503	1: Feature temporarily disabled. Please try again later.

`postPasswordsReset`

POST /v2/passwords/reset

Resets a password for a user that belongs to the password reset ticket.

Usage

import { fetchApi } from 'rozod';
import { postPasswordsReset } from 'rozod/lib/endpoints/authv2';

const data = await fetchApi(postPasswordsReset, {
  body: { /* ... */ }
});

Request Body

Field	Type	Description
`targetType`	`“Email"	"PhoneNumber"
`ticket`	`string`
`userId`	`number`
`password`	`string`
`passwordRepeated`	`string`
`twoStepVerificationChallengeId`	`string`
`twoStepVerificationToken`	`string`
`accountBlob`	`string`
`secureAuthenticationIntent`	`object`	See below
`newEmail`	`string`
`passkeySessionId`	`string`
`passkeyRegistrationResponse`	`string`

secureAuthenticationIntent fields:

Field	Type	Description
`clientPublicKey`	`string`
`clientEpochTimestamp`	`number`
`saiSignature`	`string`
`serverNonce`	`string`

Response

Field	Type	Description
`user`	`object`	See below
`twoStepVerificationData`	`object`	See below
`identityVerificationLoginTicket`	`string`
`isBanned`	`boolean`
`accountBlob`	`string`
`shouldUpdateEmail`	`boolean`
`recoveryEmail`	`string`
`passkeyRegistrationSucceeded`	`boolean`
`shouldAutoLoginFromRecovery`	`boolean`
`shouldPrompt2svRemoval`	`boolean`
`shouldPromptPasskeyAddition`	`boolean`

user fields:

Field	Type	Description
`id`	`number`
`name`	`string`
`displayName`	`string`

twoStepVerificationData fields:

Field	Type	Description
`mediaType`	`“Email"	"SMS"
`ticket`	`string`

Errors

Status	Description
400	3: Request was empty. 11: The password reset ticket is invalid. 12: The user is invalid. 20: The password is invalid. 21: Passwords do not match.
403	0: Token Validation Failed 16: The ticket is expired. 17: The nonce is expired.
500	0: Unknown error occured.
503	1: Feature temporarily disabled. Please try again later.

`postPasswordsResetSend`

POST /v2/passwords/reset/send

Sends a password reset email or challenge to the specified target.

Usage

import { fetchApi } from 'rozod';
import { postPasswordsResetSend } from 'rozod/lib/endpoints/authv2';

const data = await fetchApi(postPasswordsResetSend, {
  body: { /* ... */ }
});

Request Body

Field	Type	Description
`targetType`	`“Email"	"PhoneNumber"
`target`	`string`
`captchaId`	`string`
`captchaToken`	`string`
`captchaProvider`	`string`
`challengeId`	`string`

Response

Field	Type	Description
`nonce`	`string`
`transmissionType`	`“Sms"	"Email”`

Errors

Status	Description
400	3: Request was empty. 9: The target type is invalid. 10: The target is invalid. 12: The user is invalid.
403	0: Token Validation Failed 18: Captcha is required. 23: Authenticate with Luobu instead.
429	2: Too many attempts. Please try again later.
500	0: Unknown error occured. 19: Message could not be sent.
503	1: Feature temporarily disabled. Please try again later.

`postPasswordsResetVerify`

POST /v2/passwords/reset/verify

Verifies a password reset challenge solution.

Usage

import { fetchApi } from 'rozod';
import { postPasswordsResetVerify } from 'rozod/lib/endpoints/authv2';

const data = await fetchApi(postPasswordsResetVerify, {
  body: { /* ... */ }
});

Request Body

Field	Type	Description
`targetType`	`“Email"	"PhoneNumber"
`nonce`	`string`
`code`	`string`

Response

Field	Type	Description
`userTickets`	`object[]`	See below

userTickets[] item fields:

Field	Type	Description
`user`	`object`	See below
`ticket`	`string`

user fields:

Field	Type	Description
`userId`	`number`
`username`	`string`
`displayName`	`string`

Errors

Status	Description
400	3: Request was empty. 9: The target type is invalid. 14: The nonce is invalid.
403	0: Token Validation Failed 13: The code is invalid.
500	0: Unknown error occured.
503	1: Feature temporarily disabled. Please try again later.

`getPasswordsValidate`

GET /v2/passwords/validate

Endpoint for checking if a password is valid.

Usage

import { fetchApi } from 'rozod';
import { getPasswordsValidate } from 'rozod/lib/endpoints/authv2';

const data = await fetchApi(getPasswordsValidate, {
  Username: /* string */,
  Password: /* string */
});

Parameters

Name	Type	Required	Description
`Username`	`string`	Yes
`Password`	`string`	Yes

Response

Field	Type	Description
`code`	`“ValidPassword"	"WeakPasswordError"
`message`	`string`

Errors

Status	Description
400	1: Valid Username and Password are required. Please try again.

`postPasswordsValidate`

POST /v2/passwords/validate

Endpoint for checking if a password is valid.

Usage

import { fetchApi } from 'rozod';
import { postPasswordsValidate } from 'rozod/lib/endpoints/authv2';

const data = await fetchApi(postPasswordsValidate, {
  body: { /* ... */ }
});

Request Body

Field	Type	Description
`username`	`string`
`password`	`string`

Response

Field	Type	Description
`code`	`“ValidPassword"	"WeakPasswordError"
`message`	`string`

Errors

Status	Description
400	1: Valid Username and Password are required. Please try again.
403	0: Token Validation Failed

`getRecoveryMetadata`

GET /v2/recovery/metadata

Get metadata for forgot endpoints

Usage

import { fetchApi } from 'rozod';
import { getRecoveryMetadata } from 'rozod/lib/endpoints/authv2';

const data = await fetchApi(getRecoveryMetadata, undefined);

Response

Field	Type	Description
`isOnPhone`	`boolean`
`codeLength`	`number`
`isPhoneFeatureEnabledForUsername`	`boolean`
`isPhoneFeatureEnabledForPassword`	`boolean`
`isBedev2CaptchaEnabledForPasswordReset`	`boolean`
`isUsernameRecoveryDeprecated`	`boolean`

Errors

Status	Description
503	7: The Roblox WeChat API is currently unavailable.

`getRevertAccount`

GET /v2/revert/account

Get Revert Account ticket info

Usage

import { fetchApi } from 'rozod';
import { getRevertAccount } from 'rozod/lib/endpoints/authv2';

const data = await fetchApi(getRevertAccount, {
  ticket: /* string */
});

Parameters

Name	Type	Required	Description
`ticket`	`string`	Yes	Ticket Guid to revert account.

Response

Field	Type	Description
`isTwoStepVerificationEnabled`	`boolean`
`isEmailVerified`	`boolean`
`isEmailChanged`	`boolean`
`isPhoneVerified`	`boolean`
`userId`	`number`
`username`	`string`
`ticket`	`string`

Errors

Status	Description
400	2: The account revert ticket is not valid
403	13: Revert links are disabled for users in the Enhanced Protection Program.
503	1: This feature is disabled

`postRevertAccount`

POST /v2/revert/account

Submit Revert Account Request

Usage

import { fetchApi } from 'rozod';
import { postRevertAccount } from 'rozod/lib/endpoints/authv2';

const data = await fetchApi(postRevertAccount, {
  body: { /* ... */ }
});

Request Body

Field	Type	Description
`UserId`	`number`
`NewPassword`	`string`
`NewPasswordRepeated`	`string`
`Ticket`	`string`
`TwoStepVerificationChallengeId`	`string`
`TwoStepVerificationToken`	`string`

Response

Field	Type	Description
`user`	`object`	See below
`twoStepVerificationData`	`object`	See below
`identityVerificationLoginTicket`	`string`
`isBanned`	`boolean`
`accountBlob`	`string`
`shouldUpdateEmail`	`boolean`
`recoveryEmail`	`string`
`passkeyRegistrationSucceeded`	`boolean`
`shouldAutoLoginFromRecovery`	`boolean`
`shouldPrompt2svRemoval`	`boolean`
`shouldPromptPasskeyAddition`	`boolean`

user fields:

Field	Type	Description
`id`	`number`
`name`	`string`
`displayName`	`string`

twoStepVerificationData fields:

Field	Type	Description
`mediaType`	`“Email"	"SMS"
`ticket`	`string`

Errors

Status	Description
400	2: The account revert ticket is not valid 3: Password is not valid 4: Passwords do not match 5: Password cannot be used 8: The account security ticket is expired.
403	0: Token Validation Failed
503	0: Unknown 1: This feature is disabled

`postRevertInvalidateTickets`

POST /v2/revert/invalidate-tickets

Invalidates all account security tickets for the authenticated user.

Usage

import { fetchApi } from 'rozod';
import { postRevertInvalidateTickets } from 'rozod/lib/endpoints/authv2';

const data = await fetchApi(postRevertInvalidateTickets, undefined);

Response

Type: unknown

Errors

Status	Description
401	0: Authorization has been denied for this request.
403	0: Token Validation Failed
503	1: This feature is disabled

`postSessionRefresh`

POST /v2/session/refresh

Logs out user from the current session and create a new one.

Usage

import { fetchApi } from 'rozod';
import { postSessionRefresh } from 'rozod/lib/endpoints/authv2';

const data = await fetchApi(postSessionRefresh, undefined);

Response

Type: unknown

Errors

Status	Description
401	0: Authorization has been denied for this request.
403	0: Token Validation Failed

`postSignup`

POST /v2/signup

Endpoint for signing up a new user

Usage

import { fetchApi } from 'rozod';
import { postSignup } from 'rozod/lib/endpoints/authv2';

const data = await fetchApi(postSignup, {
  body: { /* ... */ }
});

Request Body

Field	Type	Description
`username`	`string`
`password`	`string`
`gender`	`“Unknown"	"Male"
`birthday`	`string`
`displayName`	`string`
`isTosAgreementBoxChecked`	`boolean`
`email`	`string`
`locale`	`string`
`assetIds`	`number[]`
`bodyColorId`	`number`
`bodyTypeScale`	`number`
`headScale`	`number`
`heightScale`	`number`
`widthScale`	`number`
`proportionScale`	`number`
`referralData`	`object`	See below
`agreementIds`	`string[]`
`identityVerificationResultToken`	`string`
`secureAuthenticationIntent`	`object`	See below
`otpSession`	`object`	See below
`dataToken`	`string`
`accountBlob`	`string`
`passkeySessionId`	`string`
`passkeyRegistrationResponse`	`string`
`accountLinkParameters`	`object`	See below
`auditSystemContent`	`object`	See below
`captchaId`	`string`
`captchaToken`	`string`
`captchaProvider`	`string`
`challengeId`	`string`

referralData fields:

Field	Type	Description
`acquisitionTime`	`string`
`acquisitionReferrer`	`string`
`medium`	`string`
`source`	`string`
`campaign`	`string`
`adGroup`	`string`
`keyword`	`string`
`matchType`	`string`
`sendInfo`	`boolean`
`requestSessionId`	`string`
`offerId`	`string`

secureAuthenticationIntent fields:

Field	Type	Description
`clientPublicKey`	`string`
`clientEpochTimestamp`	`number`
`saiSignature`	`string`
`serverNonce`	`string`

otpSession fields:

Field	Type	Description
`otpSessionToken`	`string`
`otpContactType`	`“Unset"	"Email"

accountLinkParameters fields:

Field	Type	Description
`LinkingPlatform`	`“Invalid"	"Xbox"

auditSystemContent fields:

Field	Type	Description
`capturedAuditContent`	`object`	See below
`additionalAuditContent`	`string`

capturedAuditContent fields:

Field	Type	Description
`translationKey`	`string`
`translationNamespace`	`string`
`translatedSourceString`	`string`
`parameters`	`string`

Response

Field	Type	Description
`userId`	`number`
`starterPlaceId`	`number`
`returnUrl`	`string`
`accountBlob`	`string`

Errors

Status	Description
400	Bad request 16: User agreement ids are null. 21: Empty account switch blob required
403	0: Token Validation Failed 2: Captcha Failed. 4: Invalid Birthday. 5: Invalid Username. 6: Username already taken. 7: Invalid Password. 8: Password and Username are same. 9: Password is too simple. 10: Email is invalid. 11: Asset is invalid. 12: Too many attempts. Please wait a bit. 17: One time Passcode session was not valid 22: Maximum logged in accounts limit reached.
429	3: Too many attempts. Please wait a bit.
500	Internal server error 15: Insert acceptances failed. 27: Pre-auth passkey registration failed
503	Service unavailable

`postSignupLinked`

POST /v2/signup/linked

Endpoint for signing up a new user, specifically for linked

Usage

import { fetchApi } from 'rozod';
import { postSignupLinked } from 'rozod/lib/endpoints/authv2';

const data = await fetchApi(postSignupLinked, {
  body: { /* ... */ }
});

Request Body

Field	Type	Description
`username`	`string`
`password`	`string`
`gender`	`“Unknown"	"Male"
`birthday`	`string`
`displayName`	`string`
`isTosAgreementBoxChecked`	`boolean`
`email`	`string`
`locale`	`string`
`assetIds`	`number[]`
`bodyColorId`	`number`
`bodyTypeScale`	`number`
`headScale`	`number`
`heightScale`	`number`
`widthScale`	`number`
`proportionScale`	`number`
`referralData`	`object`	See below
`agreementIds`	`string[]`
`identityVerificationResultToken`	`string`
`secureAuthenticationIntent`	`object`	See below
`otpSession`	`object`	See below
`dataToken`	`string`
`accountBlob`	`string`
`passkeySessionId`	`string`
`passkeyRegistrationResponse`	`string`
`accountLinkParameters`	`object`	See below
`auditSystemContent`	`object`	See below
`captchaId`	`string`
`captchaToken`	`string`
`captchaProvider`	`string`
`challengeId`	`string`

referralData fields:

Field	Type	Description
`acquisitionTime`	`string`
`acquisitionReferrer`	`string`
`medium`	`string`
`source`	`string`
`campaign`	`string`
`adGroup`	`string`
`keyword`	`string`
`matchType`	`string`
`sendInfo`	`boolean`
`requestSessionId`	`string`
`offerId`	`string`

secureAuthenticationIntent fields:

Field	Type	Description
`clientPublicKey`	`string`
`clientEpochTimestamp`	`number`
`saiSignature`	`string`
`serverNonce`	`string`

otpSession fields:

Field	Type	Description
`otpSessionToken`	`string`
`otpContactType`	`“Unset"	"Email"

accountLinkParameters fields:

Field	Type	Description
`LinkingPlatform`	`“Invalid"	"Xbox"

auditSystemContent fields:

Field	Type	Description
`capturedAuditContent`	`object`	See below
`additionalAuditContent`	`string`

capturedAuditContent fields:

Field	Type	Description
`translationKey`	`string`
`translationNamespace`	`string`
`translatedSourceString`	`string`
`parameters`	`string`

Response

Field	Type	Description
`userId`	`number`
`starterPlaceId`	`number`
`returnUrl`	`string`
`accountBlob`	`string`

Errors

Status	Description
400	Bad request 16: User agreement ids are null. 21: Empty account switch blob required
403	0: Token Validation Failed 2: Captcha Failed. 4: Invalid Birthday. 5: Invalid Username. 6: Username already taken. 7: Invalid Password. 8: Password and Username are same. 9: Password is too simple. 10: Email is invalid. 11: Asset is invalid. 12: Too many attempts. Please wait a bit. 17: One time Passcode session was not valid 22: Maximum logged in accounts limit reached.
429	3: Too many attempts. Please wait a bit.
500	Internal server error 15: Insert acceptances failed. 27: Pre-auth passkey registration failed

`postUserPasswordsChange`

POST /v2/user/passwords/change

Changes the password for the authenticated user.

Usage

import { fetchApi } from 'rozod';
import { postUserPasswordsChange } from 'rozod/lib/endpoints/authv2';

const data = await fetchApi(postUserPasswordsChange, {
  body: { /* ... */ }
});

Request Body

Field	Type	Description
`currentPassword`	`string`
`newPassword`	`string`
`secureAuthenticationIntent`	`object`	See below

secureAuthenticationIntent fields:

Field	Type	Description
`clientPublicKey`	`string`
`clientEpochTimestamp`	`number`
`saiSignature`	`string`
`serverNonce`	`string`

Response

Type: unknown

Errors

Status	Description
400	Roblox.Web.Authentication.Passwords.PasswordResponseCodes.InvalidCurrentPassword OR Roblox.Web.Authentication.Passwords.PasswordResponseCodes.InvalidPassword
401	0: Authorization has been denied for this request.
403	Roblox.Web.Authentication.Passwords.PasswordResponseCodes.PinLocked 0: Token Validation Failed
429	Roblox.Web.Authentication.Passwords.PasswordResponseCodes.Flooded

`postUsername`

POST /v2/username

Change the user’s username

Usage

import { fetchApi } from 'rozod';
import { postUsername } from 'rozod/lib/endpoints/authv2';

const data = await fetchApi(postUsername, {
  body: { /* ... */ }
});

Request Body

Field	Type	Description
`username`	`string`
`password`	`string`

Response

Type: unknown

Errors

Status	Description
400	5: You don’t have enough Robux to change your username. 10: This username is already in use 11: Username not appropriate for Roblox 12: Usernames can be 3 to 20 characters long 13: Usernames can’t start or end with _ and can have at most one _ 14: Only a-z, A-Z, 0-9, and _ are allowed 15: Username is null 16: Username might contain private information 17: This username is not available 18: Username is same as current
401	0: Authorization has been denied for this request.
403	0: Token Validation Failed 1: PIN is locked. 2: A verified email is missing 3: Your password is incorrect. 100: Unknown birthday
500	0: An unknown error occured. 5: You don’t have enough Robux to change your username.
503	4: The feature is currently not available. Please try again later.

`getUsernames`

GET /v2/usernames

Gets a list of existing usernames on Roblox based on the query parameters

Usage

import { fetchApi } from 'rozod';
import { getUsernames } from 'rozod/lib/endpoints/authv2';

const data = await fetchApi(getUsernames, {
  username: /* string? */
});

Parameters

Name	Type	Required	Description
`username`	`string?`	No	The username

Response

Field	Type	Description
`usernames`	`string[]`

`postUsernamesRecover`

POST /v2/usernames/recover

Sends an email of all accounts belonging to an email

Usage

import { fetchApi } from 'rozod';
import { postUsernamesRecover } from 'rozod/lib/endpoints/authv2';

const data = await fetchApi(postUsernamesRecover, {
  body: { /* ... */ }
});

Request Body

Field	Type	Description
`targetType`	`“Email"	"PhoneNumber"
`target`	`string`

Response

Field	Type	Description
`transmissionType`	`0	1`

Errors

Status	Description
400	20: Invalid Email 21: Invalid Phone 23: No Account Found
403	0: Token Validation Failed 11: Too many attempts. Please wait a bit.
500	0: An unexpected error occurred.

`getUsernamesValidate`

GET /v2/usernames/validate

Checks if a username is valid.

Usage

import { fetchApi } from 'rozod';
import { getUsernamesValidate } from 'rozod/lib/endpoints/authv2';

const data = await fetchApi(getUsernamesValidate, {
  Username: /* string */,
  Birthday: /* string */
});

Parameters

Name	Type	Required	Description
`Username`	`string`	Yes
`Birthday`	`string`	Yes

Response

Field	Type	Description
`code`	`“ValidUsername"	"AlreadyInUseError"
`message`	`string`

Errors

Status	Description
400	1: A valid username is required. 2: A valid birthday or authenticated user is required.

`postUsernamesValidate`

POST /v2/usernames/validate

Checks if a username is valid.

Usage

import { fetchApi } from 'rozod';
import { postUsernamesValidate } from 'rozod/lib/endpoints/authv2';

const data = await fetchApi(postUsernamesValidate, {
  body: { /* ... */ }
});

Request Body

Field	Type	Description
`username`	`string`
`birthday`	`string`
`context`	`0	1

Response

Field	Type	Description
`code`	`“ValidUsername"	"AlreadyInUseError"
`message`	`string`

Errors

Status	Description
400	1: A valid username is required. 2: A valid birthday or authenticated user is required.
403	0: Token Validation Failed