RoZod supports cookie pooling, allowing you to use multiple Roblox accounts to distribute load, avoid rate limits, and provide failover capabilities.
Basic cookie pool Configure multiple cookies by passing an array:
import { configureServer } from 'rozod' ; configureServer ({ cookies: [ process . env . ROBLOX_COOKIE_1 , process . env . ROBLOX_COOKIE_2 , process . env . ROBLOX_COOKIE_3 , ], });
RoZod will automatically rotate through accounts using round-robin by default.
With round-robin rotation, requests cycle through accounts: 1 → 2 → 3 → 1 → 2 → …
Rotation modes Control how cookies are selected from the pool:
Round-robin (default) Cycles through cookies sequentially:
configureServer ({ cookies: [ 'cookie1' , 'cookie2' , 'cookie3' ], cookieRotation: 'round-robin' , // Default for multiple cookies }); // Request 1 uses cookie1 // Request 2 uses cookie2 // Request 3 uses cookie3 // Request 4 uses cookie1 (cycles back)
Round-robin is the default when multiple cookies are provided. You don’t need to specify it explicitly.
Random selection Randomly picks a cookie for each request:
configureServer ({ cookies: [ 'cookie1' , 'cookie2' , 'cookie3' ], cookieRotation: 'random' , }); // Each request randomly selects from the pool
Random selection provides better load distribution when making many parallel requests.
No rotation Always uses the first cookie:
configureServer ({ cookies: [ 'cookie1' , 'cookie2' , 'cookie3' ], cookieRotation: 'none' , }); // All requests use cookie1 // Other cookies available as manual fallback
With cookieRotation: 'none', only the first cookie is used. Other cookies in the pool are ignored unless manually specified.
Use cases Load distribution Spread API calls across multiple accounts to avoid rate limits:
import { configureServer , fetchApi } from 'rozod' ; import { getGamesIcons } from 'rozod/lib/endpoints/gamesv1' ; configureServer ({ cookies: [ process . env . ACCOUNT_1 , process . env . ACCOUNT_2 , process . env . ACCOUNT_3 , ], cookieRotation: 'round-robin' , }); // Make many requests - automatically distributed across accounts const icons = await Promise . all ([ fetchApi ( getGamesIcons , { universeIds: [ 1 ] }), // Uses account 1 fetchApi ( getGamesIcons , { universeIds: [ 2 ] }), // Uses account 2 fetchApi ( getGamesIcons , { universeIds: [ 3 ] }), // Uses account 3 fetchApi ( getGamesIcons , { universeIds: [ 4 ] }), // Uses account 1 ]);
High-volume applications For applications handling millions of requests:
configureServer ({ cookies: Array . from ({ length: 10 }, ( _ , i ) => process . env [ `ROBLOX_COOKIE_ ${ i + 1 } ` ] ), cookieRotation: 'random' , // Better for parallel requests });
RoZod powers RoGold , which handles millions of API requests daily using cookie pooling. Failover and redundancy Provide backup accounts in case one fails:
import { configureServer } from 'rozod' ; configureServer ({ cookies: [ process . env . PRIMARY_COOKIE , process . env . BACKUP_COOKIE_1 , process . env . BACKUP_COOKIE_2 , ], }); // If primary account hits rate limit, subsequent requests use backups
User agent rotation Combine cookie rotation with user agent rotation for maximum effectiveness:
configureServer ({ cookies: [ 'cookie1' , 'cookie2' , 'cookie3' ], cookieRotation: 'round-robin' , userAgents: [ 'CustomBot/1.0' , 'CustomBot/2.0' ], userAgentRotation: 'random' , });
User agent rotation modes None (default)
Round-robin
Random
Use the same user agent for all requests in a session: configureServer ({ userAgents: [ 'UA1' , 'UA2' ], userAgentRotation: 'none' , // Default });
Cycle through user agents sequentially: configureServer ({ userAgents: [ 'UA1' , 'UA2' , 'UA3' ], userAgentRotation: 'round-robin' , });
Randomly select a user agent per request: configureServer ({ userAgents: [ 'UA1' , 'UA2' , 'UA3' ], userAgentRotation: 'random' , });
Cookie management utilities Get current cookies Retrieve all cookies from the pool:
import { getCookies } from 'rozod' ; const cookies = getCookies (); console . log ( `Pool has ${ cookies . length } cookies` );
Update specific cookie Manually update a cookie in the pool:
import { updateCookie } from 'rozod' ; // Update the first cookie (index 0) const success = updateCookie ( 0 , newCookieValue ); if ( success ) { console . log ( 'Cookie updated successfully' ); }
Refresh cookies Proactively refresh cookies before they expire:
import { refreshCookie , getCookies } from 'rozod' ; // Refresh all cookies in the pool const cookies = getCookies (); for ( let i = 0 ; i < cookies . length ; i ++ ) { const result = await refreshCookie ( i ); if ( result . success ) { console . log ( `Cookie ${ i } refreshed:` , result . newCookie ); } else { console . error ( `Cookie ${ i } refresh failed:` , result . error ); } }
See Cookie rotation for more details on automatic and manual cookie refresh. Monitoring and debugging Track cookie usage Log which cookie is being used for each request:
import { configureServer , fetchApi } from 'rozod' ; import { getUsersUserdetails } from 'rozod/lib/endpoints/usersv1' ; configureServer ({ cookies: [ 'cookie1' , 'cookie2' , 'cookie3' ], cookieRotation: 'round-robin' , }); // The cookie rotation happens automatically inside fetchApi const userInfo = await fetchApi ( getUsersUserdetails , { userIds: [ 123456 ] });
Handle cookie rotation events Get notified when Roblox rotates a cookie:
configureServer ({ cookies: [ cookie1 , cookie2 , cookie3 ], onCookieRefresh : async ({ oldCookie , newCookie , poolIndex }) => { console . log ( `Cookie at index ${ poolIndex } was rotated` ); await db . updateCookie ( poolIndex , newCookie ); } });
Best practices
Use separate accounts for different purposes
Create dedicated Roblox accounts for your bot/service instead of using personal accounts. This provides better isolation and security.
Start with round-robin rotation
Round-robin provides predictable, even distribution. Use random rotation only if you need better load balancing for highly parallel workloads.
Periodically check that all cookies in your pool are valid and not expired or banned. Remove invalid cookies to avoid errors.
Implement cookie rotation handlers
Always configure onCookieRefresh to persist new cookie values when Roblox rotates them.
Don't share cookies across services
Each service should have its own cookie pool. Sharing cookies can lead to rate limiting and authentication conflicts.
Error handling Handle errors that may occur with cookie pools:
import { fetchApi , isAnyErrorResponse } from 'rozod' ; import { getUsersUserdetails } from 'rozod/lib/endpoints/usersv1' ; const result = await fetchApi ( getUsersUserdetails , { userIds: [ 123456 ] }); if ( isAnyErrorResponse ( result )) { if ( result . message . includes ( 'Token Validation Failed' )) { console . error ( 'Authentication failed - cookie may be invalid' ); // Implement cookie refresh or removal logic } else if ( result . message . includes ( 'TooManyRequests' )) { console . error ( 'Rate limited - consider adding more cookies to pool' ); } }
Next steps
Cookie rotation Handle automatic cookie rotation from Roblox
Security features Understand built-in security mechanisms
Error handling Handle authentication and rate limit errors
Server authentication Learn more about server configuration