RAMPAGE provides an OAuth system that is free to use for our community!


Redirect a user to id.rampagestudios.org/login/sso with query ?return_url=returnwebsite&scopes=abc.

Replace scopes with the data you want to get returned to you.
Replace return_url with your PHP script to receive the user data.

Scopes and return_url are required for it to work


Roblox Scopes

  • roblox_username
    Roblox username
  • roblox_display
    Roblox display name
  • roblox_id
    Roblox user id
  • roblox_avatar_url
    Roblox avatar (URL)
  • roblox_description
    Roblox description
  • roblox_banstatus
    Roblox Ban Status (boolean)
  • roblox_username_history
    Roblox Username History
  • roblox_groups
    Roblox Groups you are in


  • rampage_id
  • rampage_email
    RAMPAGE Email

Target Scopes

  • target_roblox
    Must add this if you need roblox scopes (roblox_id, roblox_ username, etc)
  • target_rampage
    Must add this if you need rampage scopes (rampage_id, rampage_email, etc)

If the target scopes are NOT added, you can’t interact with oAuth server to get the data.

Example: https://id.rampagestudios.org/login/sso?return_url=https://example.com/return.php&scopes=target_roblox,roblox_username

Properly encoded:

To url encode, I recommend using this website or use this PHP method:

$myurl = "https://id.rampagestudios.org/login/sso?return_url=https://example.com/return.php&scopes=target_roblox&roblox_username";
echo urlencode($myurl);
// Returns
// https://id.rampagestudios.org%2Flogin%3Freturn_url%3Dhttps%3A%2F%2Fexample.com%2Freturn.php%26scopes%3Droblox_username&3Dtarget_roblox

Handle Responses after return

If the login is successful, the user will be redirected to the return_url with an access key.


abc is the example access key. Once you get the key, you are able to make a POST request
to RAMPAGE servers & request access to the data. Once the user is returned, your server has up to 2 minutes to make that request, otherwise, that data will be invalidated.

Key is named: target_platform_key. So if you use scope target_roblox it will be target_roblox_key.
If you are requesting login for more than just one platform, for example target_rampage, It will return target_rampage_key and target_roblox_key. Each key is unique and have there own timers.

We are in process of adding more platforms.

Make a POST request to:
with json body:


Platform is the target scope for the specific platform you had your customer login for.

Key IS case sensitive.

Our servers will return JSON back to your POST Request.

key is generated key we gave to your user who logged in.

The error will occur when a user declines the authorization, no account is found, pending verification, or no Roblox account. Make sure to check with $_GET to make sure the login was a success.


Request Data after Authorization

Make your requests to:

This is the returned JSON sent to you if the login was a success.
(This is a example with the scopes: roblox_username, roblox_id, and roblox_avatar_url)


The error will occur when an invalid key has been entered.

{"success":false, "reason":"bad call"}

PHP Example

ini_set('display_errors', '1');
ini_set('display_startup_errors', '1');

function generate()
    return sprintf('%04X%04X-%04X-%04X-%04X-%04X%04X%04X', mt_rand(0, 65535), mt_rand(0, 65535), mt_rand(0, 65535), mt_rand(16384, 20479), mt_rand(32768, 49151), mt_rand(0, 65535), mt_rand(0, 65535), mt_rand(0, 65535));

// Format URL
$scopes = array("target_roblox", "roblox_username", "roblox_display", "roblox_id", "roblox_avatar_url"); // Add scopes you want here.
$return = "https://demo.vq9o.com/oauth/index.php"; // Return here.

// Format the URL (Do not touch)
$scopes = implode(',', $scopes); // Format to comma-seperated-value
$url = "https://id.rampagestudios.org/login/sso?scopes=" . rawurlencode($scopes) . "&return_url=" . rawurlencode($return);

// Handle URL
if (!empty($_GET["logout"])) {
    echo "<b>Logged out!</b>";
    setcookie(session_name(), '', 100);
    $_SESSION = array();

function GET($url, $fields)
    $ch = curl_init($url);
    $payload = json_encode($fields);

    curl_setopt($ch, CURLOPT_URL, $url);
    curl_setopt($ch, CURLOPT_POST, true);
    curl_setopt($ch, CURLOPT_POSTFIELDS, $payload);
    curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: application/json'));
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);

    $result = curl_exec($ch);
    return json_decode($result);

if (!empty($_GET["target_roblox_key"])) {
    $GeneratedCheckURL = "https://api.rampagestudios.org/v1/oauth/request/index.php";
    $Fields = [
        "key" => htmlspecialchars($_GET["target_roblox_key"]),
        "platform" => "target_roblox"
    $data = GET($GeneratedCheckURL, $Fields);

    if ($data->success == true) {
        $_SESSION["rampage_oauth_session"] = $data;
        echo "<b>Authorized!</b>";
        echo "<p>JSON:</p>". json_encode($data);
    } else {
        echo "<b>Login authorization key is expired!</b>";
} else {
    if (!empty($_GET["failed"])) {
        if (htmlspecialchars($_GET["failed"]) == true) {
            echo "<b>Login failed due to: Pending Verification, No Account Found, No Roblox Account, or another error.</b>";

<link rel="stylesheet" href="https://rampage.host/bulma.css">
<link rel="stylesheet" href="https://demo.vq9o.com/oauth/style.css">
<link rel="stylesheet" type="text/css" href="https://rampage.host/bulma_tooltip.css">
<link rel="stylesheet" href="https://fonts.googleapis.com/css2?family=Manrope:wght@700;800&amp;display=swap">

<nav class="navbar is-white topNav">
    <div class="container">
        <div class="navbar-brand">
            <a class="navbar-item">
                <p>Roblox <b>OAuth</b></p>
        <div class=" navbar-end">
            <div class="navbar-item">
                    if (empty($_SESSION["rampage_oauth_session"])) {
                        echo '<a class="button is-light" href="'. $url .'"><img height="25" width="25"
                        src="https://rampage.host/roblox.png" alt="">&nbsp;Login</a>';
                    } else {
                        echo '<a class="button is-dark is-outlined" href="'. $return .'?logout=true"><img height="25" width="25"
                        src="https://rampage.host/roblox.png" alt="">&nbsp;Logout</a>';
                        echo '<p class="image is-32x32 has-tooltip-bottom" data-tooltip="'. $_SESSION["rampage_oauth_session"]->roblox_username . '">
                        <img src="'.$_SESSION["rampage_oauth_session"]->roblox_avatar_url. '">


Javascript Example

const express = require("express");
const http = (...args) => import('node-fetch').then(({default: http}) => fetch(...args));
const cookieSession = require('cookie-session')
const app = express();
const PORT = process.env.PORT || 8080;
const scopes = ["target_roblox", "roblox_username", "roblox_display", "roblox_id", "roblox_avatar_url"];

    name: 'rampage_oauth_session',
    keys: ["securekey123"],
    maxAge: 24 * 60 * 60 * 1000 // 24 hours

app.get("/", (req, res) => {
    if (!req.session.rampage_oauth_session.loggedin) return res.redirect(`http://localhost:${PORT}/login`);

app.get("/dashboard", (req, res) => {
    if (!req.session.rampage_oauth_session.loggedin) return res.redirect(`http://localhost:${PORT}/login`);

app.get("/logout", (req, res) => {
    if (!req.session.rampage_oauth_session.loggedin) return res.redirect(`http://localhost:${PORT}/login`);
    req.session = null;
    res.send("Logged out!")

app.get("/authorize", (req, res) => {
    const target_roblox_key = req.query.target_roblox_key;

    if (!target_roblox_key) return console.log("No key found");

    const response = await fetch('https://api.rampagestudios.org/v1/oauth/request/index.php', {
        body: {
            key: target_roblox_key,
            platform: "roblox"
    const data = await response.json();

    if (!data.success) return console.log("Failed to verify success");
    req.session.rampage_oauth_session.loggedin = true
    req.session.rampage_oauth_session.data = data

app.get("/login", (req, res) => {
    const scopesFormated = scopes.join(",");
    const returnURL = `localhost:${PORT}/authorize`;
    const redirect = `https://id.rampagestudios.org/login/sso?scopes=${encodeURIComponent(scopesFormated)}&return_url=${encodeURIComponent(returnURL)}`;

app.listen(PORT, () => {
    console.log(`Server is running on port ${PORT}.`);
1 Like

We are still re-writing documentation with a new way of scopes & data processing, API endpoints are still on v1, we will let you know when it switches to this new v2 way of processing data.

V2 API is now live. More platforms are being slowly added! A warning screen has been deployed for applications detected on V1.


I LOVE THIS!!! Keep up the great work! I’d love to see discord scopes too!