The GenerateGUID function randomly creates a universally unique identifier (UUID) string.

The sixteen octets of a UUID are represented as 32 hexadecimal (base 16) digits, displayed in 5 groups separated by hyphens in the form 8-4-4-4-12 for a total of 36 characters. For example: 123e4567-e89b-12d3-a456-426655440000.

The wrapInCurlyBraces argument determines whether the returned string is wrapped in curly braces {}. For instance:

• true - {94b717b2-d54f-4340-a504-bd809ef5bf5c}
• false - db454790-7563-44ed-ab4b-397ff5df737b

The GetAsync function sends an HTTP GET request. It functions similarly to RequestAsync except that it accepts HTTP request parameters as method parameters instead of a single dictionary and returns only the body of the HTTP response. Generally, this method is useful only as a shorthand and RequestAsync should to be used in most cases.

When true, the nocache parameter prevents this function from caching results from previous calls with the same url.

This method returns a value previously added to the secrets store for the experience. The secret content is not printable and, for security reasons, secrets are not available when the experience runs locally.

The returned Secret can be transformed using built-in methods such as Secret:AddPrefix(). It is expected to be sent as a part of the HTTP request.

Note that a secret may have an associated domain name. If the domain name is empty, the secret cannot be sent over the network and therefore could not be used as an API key. To allow sending the secret anywhere, set the domain name to *. You can also limit the URL to a specific domain name such as apis.myservice.com or to subdomains of a domain, for example *.myservice.org.

The JSONDecode function transforms a JSON object or array into a Lua table with the following characteristics:

• Keys of the table are strings or numbers but not both. If a JSON object contains both, string keys are ignored.
• An empty JSON object generates an empty Lua table {}.
• If the input string is not a valid JSON object, this function will throw an error.

To encode a Lua table into a JSON object, you can use the HttpService:JSONEncode() function.

Many web endpoints use JSON, as it is commonly used on the Internet. Visit JSON.org to become more familiar with the format.

This method can be used regardless of whether HTTP Requests are enabled.

The JSONEncode function transforms a Lua table into a JSON object or array based on the following guidelines:

• Keys of the table must be either strings or numbers. If a table contains both, an array takes priority (string keys are ignored).

• An empty Lua table {} generates an empty JSON array.

• The value nil is never generated.

• Cyclic table references cause an error.

  This function allows values such as inf and nan, which are not valid JSON. This may cause problems if you want to use the outputted JSON elsewhere.

To reverse the encoding process, and decode a JSON object, you can use the HttpService:JSONDecode() function.

Many web endpoints use JSON, as it is commonly used on the Internet. Visit JSON.org to become more familiar with the format.

This method can be used regardless of whether HTTP Requests are enabled.

The PostAsync function sends an HTTP POST request. It functions similarly to RequestAsync except that it accepts HTTP request parameters as method parameters instead of a single dictionary and returns only the body of the HTTP response. Generally, this method is useful only as a shorthand and RequestAsync should to be used in most cases.

When true, the compress parameter controls whether large request bodies will be compressed using gzip.

This method sends an HTTP request using a dictionary to specify the request data, such as the target URL, method, headers and request body data. It returns a dictionary that describes the response data received. Optionally, the request can be compressed using HttpCompression.

Request Dictionary Fields

HTTP Headers

In the request dictionary, you can specify custom HTTP headers to use in the request. However, some headers cannot be specified. For example, Content-Length is determined from the request body. User-Agent and Roblox-Id are locked by Roblox. Other headers like Accept or Cache-Control use default values but can be overridden. More commonly, some REST APIs may require API keys or other service authentication to be specified in request headers.

This method does not detect the format of body content. Many web servers require the Content-Type header be set appropriately when sending certain formats. Other methods of HttpService use the HttpContentType enum; for this method set the Content-Type header appropriately: text/plain, text/xml, application/xml, application/json or application/x-www-form-urlencoded are replacement Content-Type header values for the respective enum values.

Response Dictionary Fields

The function returns a dictionary containing the following fields:

Error Cases

This method raises an error if the response times out or if the target server rejects the request. If a web service goes down for some reason, it can cause scripts that use this method to stop functioning altogether. It is often a good idea to wrap calls to this method in pcall and gracefully handle failure cases if the required information isn't available.

Limitations

The current limitation for sending and receiving HTTP requests is 500 requests per minute. Requests over this threshold will fail. Additionally, Roblox domains are excluded. This means that HTTP requests cannot be sent to any Roblox owned site, such as www.roblox.com.

The UrlEncode function percent-encodes a given string so that reserved characters properly encoded with '%' and two hexadecimal characters.

This is useful when formatting URLs for use with HttpService:GetAsync()/HttpService:PostAsync(), or POST data of the media type application/x-www-form-urlencoded (Enum.HttpContentType.ApplicationUrlEncoded).

For instance, when you encode the URL https://www.roblox.com/discover#/, this function returns https%3A%2F%2Fwww%2Eroblox%2Ecom%2Fdiscover%23%2F.