java – How can I authenticate a PATCH request to Roblox’s group API to update a user’s role?


While making a Discord bot to update a user’s role in both the Discord server and a Roblox group, I kept encountering an authentication issue. I’m using the Discord JDA to make the bot and this URL: https://groups.roblox.com/v1/groups/{groupId}/users/{userId}?roleId={roleId} to update a user’s role in a group. I’m also using Apache’s httpcomponents library to send a PATCH request to the URL. I’ve tried to use cookies by using the BasicCookieStore from Apache’s httpcomponents, adding the cookie .ROBLOSECURITY with my account’s .ROBLOSECURITY token or code, and setting the BasicCookieStore for the HttpClients as the BasicCookieStore I just mentioned. I’ve also tried setting the header .ROBLOSECURITY in the HttpPatch variable as my account’s .ROBLOSECURITY token or code, but still no luck. In the code below, the commented parts are the cookie method and the rest is the header method I tried. When I ran the code and did the command, the response just says Authorization has been denied for this request. I’ve searched on google for hours now but still no luck. The Roblox dev forums doesn’t really have anything about this too and I can’t post on the Roblox dev forums anyways. Anyone got any ideas on how to authenticate the request?

public class TestRoleCommand extends SimpleCommand {
    public TestRoleCommand() {
        super("testrole", "test role", "testrole");
    }

    @Override
    public void onCommand(MessageReceivedEvent event, List<String> args) {
        try {
            /*
             *BasicCookieStore cookieStore = new BasicCookieStore();
             *BasicClientCookie cookie = new BasicClientCookie(".ROBLOSECURITY", "{token}");
             *cookieStore.addCookie(cookie);
             */
            CloseableHttpClient client = HttpClientBuilder.create().setUserAgent("DiscordBot")./*setDefaultCookieStore(cookieStore).*/build();
            HttpPatch patch = new HttpPatch("https://groups.roblox.com/v1/groups/5677278/users/983980640?roleId=37376856");
            patch.setHeader(".ROBLOSECURITY", "{token}");
            HttpResponse response = client.execute(patch);
            StringBuffer buffer = new StringBuffer();
            try (BufferedReader reader = new BufferedReader(new InputStreamReader(response.getEntity().getContent()))) {
                String line;
                while ((line = reader.readLine()) != null) {
                    buffer.append(line);
                }
            }
            System.out.println(buffer.toString());
        } catch (Exception e) {
            e.printStackTrace();
        }
    }
}