Hello yall. I spent the past two days figuring out how the sharing api works, so thought I'd share it.
Note that my knowledge is mostly educated guesswork based on the de-compiled game code.
1. Authentication
The game takes a
2. API Routes
The API routes used in the code are:
I would like to thank N2O4 for setting me on the right path, as I originally was trying to sniff packets, which, in hindsight is so dumb, but whatever.
If you would like to play around with these api routes, I made a mod providing console commands to send them using the same functions the game uses: download, source
Note that my knowledge is mostly educated guesswork based on the de-compiled game code.
1. Authentication
The game takes a
platform_id
also referred to as a platform_token
by the code to request a sharing_id
and login_token
pair from the server. The platform_id
seems to be a 128b spooky hash (Wikipedia) of a random lowercase 16B alfa-numeric string. The login_token
seems to be considered public. The code also uses a specific user agent: s&1FS&xdkf2r5k9p2zU!PDYXW$bqae
, however I have not checked if the server requires it. The login_token
is attached in the Login-token
header in each authorized request.2. API Routes
The API routes used in the code are:
POST: /api/users/create
Not authenticated. Takes one parameter,platform_id
.
Returns a json object with two keysuser_id
(sharing_id) andlogin_token
GET: /api/users/rockets/<user_id>?page=<page_num>
Authenticated.
Returns a json object containing a list of rocket items (see below) underrockets
and the number of pages underpages
204
indicates no rockets being posted by the user (or empty page?)GET: /api/rockets/get/<sort_mode>?page=<page_num>&category=<category>
Authenticated. Note thatcategory
is a integer.
Same as/api/users/rockets
GET: /api/rockets/<rocket_id>
Authenticated.
Returns a json object representing a rocket. It has the folowing fields:name
: stringdescription
: stringcategory
: list of intsdata
a base64 encoded compressed (gzip) json blueprintversion
stringviews
intdownloads
introcket_id
stringowner_id
stringpublic
booluploaded_utc
date at which the rocket was uploaded, as a intvote_status
intvotes
two long list of ints
GET /api/rockets/search?query=<query>&page=<page>
Authenticated.
query
seems to be an arbitrary string,page
is a int
Return value the same as/api/user/rockets
POST /api/rockets/upload
Authenticated.
Parameters:name
stringdesc
stringcategory
list of intsrocket_data
a base64 encoded compresed (gzip) json blueprintpublic
boolversion
string
POST /api/rockets/linked-upload
Authenticated.
Parameters:rocket_data
a base64 encoded compresed (gzip) json blueprintversion
stringpreview_url
string. The game passes in a empty string
POST /api/rockets/edit
Authenticated.
Parameters:rocket_id
stringdesc
stringcategory
list of intspublic
bool
POST /api/rockets/delete
Authenticated.
Parameters:rocket_id
string
POST /api/rockets/vote
Authenticated.
Parameters:rocket_id
stringvote
int.
GET /api/users/mod-check
Authenticated.
Returns a json object with the keyis_admin
storing a bool with the result of the query.
I would like to thank N2O4 for setting me on the right path, as I originally was trying to sniff packets, which, in hindsight is so dumb, but whatever.
If you would like to play around with these api routes, I made a mod providing console commands to send them using the same functions the game uses: download, source