This method generates a random universally unique identifier (UUID) string. The sixteen octets of a UUID are represented as 32 hexadecimal (base 16) digits, displayed in five groups separated by hyphens in the form 8-4-4-4-12 for a total of 36 characters, for example 123e4567-e89b-12d3-a456-426655440000.

The UUID specification used is Version 4 (random), variant 1 (DCE 1.1, ISO/IEC 11578:1996). UUIDs of this version are the most commonly used due to their simplicity, as they are entirely randomly generated. Note that this version does not have certain features that other UUID versions have, such as encoded timestamps, MAC addresses, or time-based sorting like UUIDv7 or ULID.

There are over 5.3×10³⁶ unique v4 UUIDs, in which the probability of finding a duplicate within 103 trillion UUIDs is one in a billion.

The wrapInCurlyBraces argument determines whether the returned string is wrapped in curly braces ({}). For instance:

• true: {94b717b2-d54f-4340-a504-bd809ef5bf5c}
• false: db454790-7563-44ed-ab4b-397ff5df737b

This method sends an HTTP GET request. It functions similarly to RequestAsync() except that it accepts HTTP request parameters as method parameters instead of a single dictionary and returns only the body of the HTTP response. Generally, this method is useful only as a shorthand and RequestAsync() should to be used in most cases.

When true, the nocache parameter prevents this method from caching results from previous calls with the same url.

This method returns a value previously added to the secrets store for the experience. The secret content is not printable and not available when the experience runs locally.

The returned Secret can be transformed using built-in methods such as Secret:AddPrefix(). It is expected to be sent as a part of an HTTP request.

For more information, see the usage guide.

This method transforms a JSON object or array into a Luau table with the following characteristics:

• Keys of the table are strings or numbers but not both. If a JSON object contains both, string keys are ignored.
• An empty JSON object generates an empty Luau table ({}).
• If the input string is not a valid JSON object, this method will throw an error.

To encode a Luau table into a JSON object, use the HttpService:JSONEncode() method.

This method can be used regardless of whether HTTP requests are enabled.

This method transforms a Luau table into a JSON object or array based on the following guidelines:

• Keys of the table must be either strings or numbers. If a table contains both, an array takes priority (string keys are ignored).

• An empty Luau table ({}) generates an empty JSON array.

• The value nil is never generated.

• Cyclic table references cause an error.

  This method allows values such as inf and nan which are not valid JSON. This may cause problems if you want to use the outputted JSON elsewhere.

To reverse the encoding process and decode a JSON object, use the HttpService:JSONDecode() method.

This method can be used regardless of whether HTTP requests are enabled.

This method sends an HTTP POST request. It functions similarly to RequestAsync() except that it accepts HTTP request parameters as method parameters instead of a single dictionary and returns only the body of the HTTP response. Generally, this method is useful only as a shorthand and RequestAsync() should to be used in most cases.

When true, the compress parameter controls whether large request bodies will be compressed using gzip.

This method sends an HTTP request using a dictionary to specify the request data, such as the target URL, method, headers, and request body data. It returns a dictionary that describes the response data received. Optionally, the request can be compressed using HttpCompression.

Request dictionary fields

Supported HTTP methods

The HTTP request methods specify the purpose of the request being made and what is expected if the request is successful. For instance, the GET request method tells the server at the requested address that a resource is being requested and, if it succeeds, the resource at that address will be returned. Similarly, the HEAD request method does the same except the server knows to return a response without a Body element.

HTTP headers

In the request dictionary, you can specify custom HTTP headers to use in the request. However, some headers cannot be specified. For example, Content-Length is determined from the request body. User-Agent and Roblox-Id are locked by Roblox. Other headers like Accept or Cache-Control use default values but can be overridden. More commonly, some REST APIs may require API keys or other service authentication to be specified in request headers.

The RequestAsync() method does not detect the format of body content. Many web servers require the Content-Type header be set appropriately when sending certain formats. Other methods of HttpService use the HttpContentType enum; for this method set the Content-Type header appropriately: text/plain, text/xml, application/xml, application/json or application/x-www-form-urlencoded are replacement Content-Type header values for the respective enum values.

Response dictionary fields

RequestAsync() returns a dictionary containing the following fields:

Error Cases

RequestAsync() raises an error if the response times out or if the target server rejects the request. If a web service goes down for some reason, it can cause scripts that use this method to stop functioning altogether. It is often a good idea to wrap calls to this method in pcall() and gracefully handle failure cases if the required information isn't available.

Limitations

The current limitation for sending and receiving HTTP requests is 500 requests per minute. Requests over this threshold will fail. Additionally, Roblox domains are excluded. This means that HTTP requests cannot be sent to any Roblox-owned site such as www.roblox.com.

This method percent-encodes a given string so that reserved characters properly encoded with % and two hexadecimal characters.

This is useful when formatting URLs for use with HttpService:GetAsync()/HttpService:PostAsync(), or POST data of the media type application/x-www-form-urlencoded (Enum.HttpContentType.ApplicationUrlEncoded).

For instance, when you encode the URL https://www.roblox.com/discover#/, this method returns https%3A%2F%2Fwww%2Eroblox%2Ecom%2Fdiscover%23%2F.