npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

rozod

v6.3.0

Published

A TypeScript wrapper for the Roblox API

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

alexopalexop

Keywords

robloxbotapiroblox-apizodtypescript

Readme

About

RoZod makes working with Roblox APIs simple and type-safe in TypeScript. With 650+ classic Roblox web API endpoints and 95+ OpenCloud endpoints (all code-generated from official Roblox documentation), you get comprehensive coverage of virtually every available Roblox API with full type safety.

Perfect for everything from small one-time NodeJS/Bun/Deno scripts to large-scale production applications. RoZod powers RoGold, a browser extension with 800,000+ active users, handling millions of API requests daily across both frontend extensions and backend workflows.

Features

  • Simple Interface - Easy to understand API with minimal boilerplate
  • 🔒 Type Safety - Complete TypeScript type safety for requests and responses
  • 📚 750+ Total Endpoints - 650+ classic web APIs + 95+ OpenCloud APIs, all code-generated from official docs
  • 🚀 Production Ready - Battle-tested in applications serving 800,000+ users
  • 🔄 Pagination Helpers - Easy tools for handling paginated responses
  • 🔁 Batch Processing - Split large requests automatically to avoid API limits
  • 🌐 Universal Runtime Support - Works seamlessly in NodeJS, Bun, Deno, and browsers
  • 🔍 Custom Endpoints - Define your own endpoints with full type safety
  • 🧩 Smart Error Handling - Choose between safe unions or throw-on-error

Installation

npm install rozod
# or
yarn add rozod
# or
pnpm add rozod

Quick Start

import { fetchApi } from 'rozod';
import { getUsersUserdetails } from 'rozod/lib/endpoints/usersv1';

// Fetch user details with full type safety
const userInfo = await fetchApi(getUsersUserdetails, { userIds: [1, 123456] });
if (isAnyErrorResponse(userInfo)) {
  return;
}
console.log(userInfo.data[0].displayName); // Properly typed!

Usage

Fetch a Single Request

import { fetchApi } from 'rozod';
import { getGamesIcons } from 'rozod/lib/endpoints/gamesv1';

const response = await fetchApi(getGamesIcons, { universeIds: [1534453623, 65241] });
console.log(response.data);

Handle Paginated Responses

import { fetchApiPages } from 'rozod';
import { getGroupsGroupidWallPosts } from 'rozod/lib/endpoints/groupsv2';

// Automatically fetches all pages
const allPosts = await fetchApiPages(getGroupsGroupidWallPosts, { groupId: 11479637 });
console.log(`Found ${allPosts.length} wall posts`);

Process Pages One at a Time

import { fetchApiPagesGenerator } from 'rozod';
import { getGroupsGroupidWallPosts } from 'rozod/lib/endpoints/groupsv2';

// Process pages as they arrive
const pages = fetchApiPagesGenerator(getGroupsGroupidWallPosts, { groupId: 11479637 });
for await (const page of pages) {
  console.log(`Processing page with ${page.data.length} posts`);
  // Do something with this page
}

Batch Processing Large Requests

import { fetchApiSplit } from 'rozod';
import { getGamesIcons } from 'rozod/lib/endpoints/gamesv1';

// Will automatically split into smaller batches of 100 universeIds per request
const data = await fetchApiSplit(
  getGamesIcons,
  { universeIds: [1, 2, 3, 4, 5 /* many more IDs */] },
  { universeIds: 100 },
);
console.log(data);

Handling Errors

By default, requests return either the success type or a simple AnyError. Use the tiny helper to check:

import { fetchApi, isAnyErrorResponse } from 'rozod';
import { getGamesIcons } from 'rozod/lib/endpoints/gamesv1';

const res = await fetchApi(getGamesIcons, { universeIds: [1534453623] });
if (isAnyErrorResponse(res)) {
  console.error(res.message);
} else {
  console.log(res.data);
}

Prefer a straight try/catch? Enable throwing:

try {
  const res = await fetchApi(getGamesIcons, { universeIds: [1534453623] }, { throwOnError: true });
  console.log(res.data);
} catch (err) {
  console.error((err as Error).message);
}

Need the raw Response? Use returnRaw: true:

const resp = await fetchApi(getGamesIcons, { universeIds: [1534453623] }, { returnRaw: true });
const json = await resp.json();

OpenCloud

RoZod supports Roblox's newer OpenCloud APIs with the same easy interface:

import { fetchApi } from 'rozod';
import { v2 } from 'rozod/lib/opencloud';

// Get universe details through OpenCloud
const universeInfo = await fetchApi(v2.getCloudV2UniversesUniverseId, {
  universe_id: '123456789',
});

// Access typed properties
console.log(universeInfo.displayName);
console.log(universeInfo.description);

Access DataStores via OpenCloud

import { fetchApi } from 'rozod';
import { getCloudV2UniversesUniverseIdDataStoresDataStoreIdEntries } from 'rozod/lib/opencloud/v2/cloud';

// Get DataStore entries with type safety
const dataStoreEntries = await fetchApi(getCloudV2UniversesUniverseIdDataStoresDataStoreIdEntries, {
  universe_id: '123456789',
  data_store_id: 'MyStore',
});

Authentication

RoZod handles Roblox authentication automatically with comprehensive security features:

Browser Environments

In browsers, authentication works automatically when users are logged into Roblox:

import { fetchApi } from 'rozod';
import { getUsersUserdetails } from 'rozod/lib/endpoints/usersv1';

// Cookies are sent automatically - no setup required!
const userInfo = await fetchApi(getUsersUserdetails, { userIds: [123456] });

Server Environments (Node.js/Bun/Deno)

For server environments, use configureServer() to set up authentication once:

import { configureServer, fetchApi } from 'rozod';
import { getUsersUserdetails } from 'rozod/lib/endpoints/usersv1';

// Configure once at startup
configureServer({ cookies: 'your_roblosecurity_cookie_here' });

// All subsequent requests automatically include the cookie
const userInfo = await fetchApi(getUsersUserdetails, { userIds: [123456] });

Multiple Accounts (Cookie Pool)

Use multiple Roblox accounts for load distribution or fallback:

import { configureServer } from 'rozod';

// Multiple accounts with round-robin rotation (default)
configureServer({
  cookies: [
    'account1_roblosecurity_cookie',
    'account2_roblosecurity_cookie',
    'account3_roblosecurity_cookie',
  ],
});

// Requests automatically cycle through accounts: 1 → 2 → 3 → 1 → 2 → ...

Rotation Modes

Control how cookies and user agents are selected:

import { configureServer } from 'rozod';

configureServer({
  cookies: ['cookie1', 'cookie2', 'cookie3'],
  cookieRotation: 'round-robin',  // Cycle sequentially (default for multiple)
  // cookieRotation: 'random',    // Pick randomly per request
  // cookieRotation: 'none',      // Always use first cookie

  userAgents: ['CustomBot/1.0', 'CustomBot/2.0'],  // Optional custom UAs
  userAgentRotation: 'none',      // Consistent per session (default)
  // userAgentRotation: 'random',
  // userAgentRotation: 'round-robin',
});

User Agent Pool

RoZod includes built-in browser user agents applied automatically in server environments. Customize or disable:

// Use custom user agents
configureServer({
  cookies: '...',
  userAgents: ['MyBot/1.0', 'MyService/2.0'],
  userAgentRotation: 'round-robin',
});

// Disable user agent injection
configureServer({ cookies: '...', userAgents: [] });

OpenCloud API Key

For OpenCloud endpoints (apis.roblox.com), set your API key once:

import { configureServer } from 'rozod';
import { v2 } from 'rozod/lib/opencloud';

// Configure OpenCloud API key
configureServer({ cloudKey: 'your_opencloud_api_key_here' });

// All OpenCloud requests automatically include x-api-key header
const universeInfo = await fetchApi(v2.getCloudV2UniversesUniverseId, {
  universe_id: '123456789',
});

You can configure both classic API cookies and OpenCloud keys together:

configureServer({
  cookies: ['account1', 'account2'],  // For classic *.roblox.com APIs
  cloudKey: 'your_opencloud_key',     // For apis.roblox.com
});

Note: The API key is only applied to OpenCloud endpoints (URLs containing /cloud/). Cookies are applied to all other Roblox APIs, including undocumented cookie-based APIs on apis.roblox.com.

Configuration Management

import { configureServer, clearServerConfig, getServerConfig } from 'rozod';

// Check current configuration
const config = getServerConfig();
console.log(config.cookies, config.cloudKey);

// Clear all server configuration
clearServerConfig();

Manual Headers (Legacy)

You can still pass headers manually per-request if needed:

const userInfo = await fetchApi(
  getUsersUserdetails, 
  { userIds: [123456] },
  {
    headers: {
      'Cookie': '.ROBLOSECURITY=your_cookie_here'
    }
  }
);

Note: Manual headers take precedence over configureServer() defaults.

Security Features

RoZod automatically handles advanced Roblox security requirements:

  • ✅ XCSRF Token Management - Automatic CSRF token retrieval and caching
  • ✅ Hardware-Backed Authentication - Full HBA signature support
  • ✅ Challenge Handling - Captchas, 2FA, and other authentication challenges
  • ✅ Cookie Security - Secure cookie parsing and validation
  • ✅ Cookie Rotation - Automatic handling of Roblox's cookie rotation

Cookie Rotation Handling

Roblox is gradually implementing .ROBLOSECURITY cookie rotation for improved security. RoZod automatically detects when cookies are rotated and can notify you to persist the new values:

import { configureServer, refreshCookie, getCookies } from 'rozod';

configureServer({
  cookies: process.env.ROBLOX_COOKIE,
  onCookieRefresh: async ({ oldCookie, newCookie, poolIndex }) => {
    // Roblox rotated the cookie - persist the new value
    await db.updateCookie(poolIndex, newCookie);
    console.log('Cookie rotated and saved!');
  }
});

The internal cookie pool updates automatically, so the callback is only needed if you want to persist cookies across restarts.

You can also proactively refresh cookies before they expire:

// Refresh on a schedule or before important operations
const result = await refreshCookie(0);
if (result.success) {
  await db.updateCookie(0, result.newCookie);
}

// Utility functions
const allCookies = getCookies();        // Get current cookie values
updateCookie(0, 'new_value');           // Manually update a cookie

Challenge Handling

For advanced authentication challenges (captchas, 2FA), set up a global challenge handler:

import { setHandleGenericChallenge } from 'rozod';

setHandleGenericChallenge(async (challenge) => {
  // Handle captcha, 2FA, or other challenges
  // Return the challenge response or undefined to skip
  if (challenge.challengeType === 'captcha') {
    const solution = await solveCaptcha(challenge.challengeId);
    return {
      challengeType: challenge.challengeType,
      challengeId: challenge.challengeId,
      challengeBase64Metadata: solution
    };
  }
});

Hardware-Backed Authentication (Advanced)

For Node.js environments requiring custom HBA keys:

import { changeHBAKeys } from 'rozod';

// Provide your own crypto key pair for HBA signatures
const keyPair = await crypto.subtle.generateKey(
  { name: 'ECDSA', namedCurve: 'P-256' },
  true,
  ['sign', 'verify']
);

changeHBAKeys(keyPair);

OpenCloud Authentication

OpenCloud APIs require API keys. Use configureServer() for automatic injection:

import { configureServer, fetchApi } from 'rozod';
import { v2 } from 'rozod/lib/opencloud';

// Configure once at startup
configureServer({ cloudKey: 'your_opencloud_api_key_here' });

// All OpenCloud requests automatically include x-api-key
const universeInfo = await fetchApi(v2.getCloudV2UniversesUniverseId, {
  universe_id: '123456789',
});

Or pass headers manually per-request:

const universeInfo = await fetchApi(
  v2.getCloudV2UniversesUniverseId,
  { universe_id: '123456789' },
  {
    headers: {
      'x-api-key': 'your_opencloud_api_key_here'
    }
  }
);

Custom Endpoints

You can define custom endpoints for your specific needs:

import { z } from 'zod';
import { endpoint, fetchApi } from 'rozod';

const myCustomEndpoint = endpoint({
  method: 'GET',
  path: '/v1/custom/:customId',
  baseUrl: 'https://my-api.example.com',
  parameters: {
    customId: z.string(),
    optional: z.string().optional(),
  },
  response: z.object({
    success: z.boolean(),
    data: z.array(z.string()),
  }),
});

const response = await fetchApi(myCustomEndpoint, { customId: '123' });

Credits

This repository is maintained by Alrovi ApS, the company behind RoGold.

Disclaimer

RoZod is not affiliated with, maintained, authorized, endorsed, or sponsored by Roblox Corporation or any of its affiliates.