mixv2 / epicresearch Goto Github PK

Yea the title said it, I wanna get the endpoint to change the user picture via post/get or whatever.

Is there any way to add a creator code to an account so that the purchases of this account supports that creator?

With best regards

get_profile = requests.post(f"https://fortnite-public-service-prod11.ol.epicgames.com/fortnite/api/game/v2/profile/{account_id}/client/QueryProfile?profileId=athena&rvn=-1", headers=headers, params={})
i get this problem (title), i want get skins account owner

please help i want to use mixHackV2 its broken please help

When I try to send the request to "ClaimLoginReward", the server returns "ClaimLoginReward is not valid on player:profile_common_public profiles (common_public)". All profiles are common_public, but I know some bots that can claim the daily reward for you. So how do I code that? I am pretty sure that "ClaimLoginReward" is the endpoint for the daily reward

Dear MixV2,

there was an issue I faced and I hope that you can help me further. After setting the creator for an account to be used in item shop, I gifted a few things and it didn't apply to the creator code panel. I thought it would work and anybody can support a creator (doesn't matter where he live, because the other account was set to another region) but it didn't work actually. I thought we might be missing one property in giftCatagory, would it be possible?

Thank you in advance and stay safe
With best regards
Mahdi

Some documentation on the current register flow with a bit of info on Funcaptcha would be greatly appreciated. Thanks!

I saw a lot of discord bots doing it, they have a endpoint to use. Is there any way how to get it?

nothing

I was looking around the web and found this repo which can improve my programs exacute time. I am trying for the past 2 days to get an auth code with Authorization Code.
I read the the instructions about 50 times and was still unable to get the auth code.
My question is can you please give an example in some programming language, for example python?

Hey there,

after reading the whole documentation I found that I can access really interesting informations about each account, except the vBucks balance of that account. Is there any why to find taht out?

Thanks in advance.

I have done a research about the meaning of "MCP" and I have only found an Epic Games post and an Unreal Tournament bug.

I have also visited this page, which says that there is a DefaultPlatformService entry, in Unreal Engine, which is set by default to "MCP"

Please add friend request

Do you have any details on the XMPP service build into the Epic Games store?

Would be great to have for this: RareDevs/Rare#93

I guess it would be similar to the Fortnite XMPP service?

In Auth Clients, the client called graphqlWebsite has an ID, but its secret is unknown.

1. Does that mean that I can authenticate neither by authorization code, nor using client credentials, because both methods would require a secret?

2. Or can I work directly with the authorization code returned by visiting the following URL?

https://www.epicgames.com/id/api/redirect?clientId=319e1527d0be4457a1067829fc0ad86e&responseType=code

Indeed, I notice that the redirectURL looks like:

https://graphql.epicgames.com/graphql?code=XXX

So it is enticing to use that XXX code along my queries, but I am not sure whether I would get higher permissions by doing so.

3. Otherwise, is there any other client (with known secret) that I could use to get higher permissions to read data from the API with GraphQL? With the few which I have tried, the POST request times out when I submit the access token in the headers like:

import requests

access_token = "MY_TOKEN"

r = requests.post(
    url="https://graphql.epicgames.com/graphql",
    json={"query": "{ Catalog { searchStore(count:3, start: 1617) { paging {total} elements {title} } } }"},
    headers={"Authorization": f'Bearer {access_token}'},
)

whereas this works, but without any higher permission:

import requests

r = requests.post(
    url="https://graphql.epicgames.com/graphql",
    json={"query": "{ Catalog { searchStore(count:3, start: 1617) { paging {total} elements {title} } } }"},
)

At the end of the day, my goal would be to figure out the way the Chinese leaker fetched the upcoming free games:
These games were not present in the public database, as can be seen on ScreamDB, so I am very surprised.

or the way the French leaker at dealabs.com achieved roughly the same.
It has to be a different way, because he has access to less data: he is missing the game to be given away on December 30.

4. Any piece of advice towards this objective?

Hey Mix I have worked around Epic Games for 2 years now and I have lots of endpoints and clients that I could add to the repo helping to maintain and bring more information. APIS that have not been found nor available to the public, including private clients for authentication on the EOS servers... Would love to work with you on this repo.

Thanks

¡Hey!
Im trying to get access to the cosmetics of a player, and more info about a player.
I use axios to post to get the access token, the id, and the name.
So, How is the correct endpoint form and post way to get these info?
I tried the classic QueryProfile?profile=athena giving the userID and:
Header = {
'Content-Type' : "xxx-i-form-urlencoded",
'Authorization': Bearer ${access_token}
And no Data or Body (are the same)
But the response of that post is something like Authorization error or invalid.
Please help me!!

Finally solved it, to fix it just concat the access token variable before the use in Authorization, that worked for me.

var access_token= "Bearer ".concat(token);
//Now use it in Authorization
Authorization: access_token

When I try to use token to token I get the error message {"errorCode":"errors.com.epicgames.common.oauth.unauthorized_client","errorMessage":"Sorry your client is not allowed to use the grant type token_to_token","messageVars":[],"numericErrorCode":1015,"originatingService":"com.epicgames.account.public","intent":"prod","error_description":"Sorry your client is not allowed to use the grant type token_to_token","error":"unauthorized_client"} . I am using the right acces token so I don't know why this is happening.

I'd like to join the community but the discord link is expired/invalid.

I am trying to authenticate by exchange code. I don't know how to make the authentication header and I am not sure what needs to be in it.

Im trying to get this https://account-public-service-prod.ol.epicgames.com/account/api/public/account/6c34056253a84d269063194d7a69560d/ but it just tells me Authentication failed. I dont wanna put my password in and stuff bc then itll say all the other stuff. You did say you can just get the user but idk how.

Is it possable to unban a user on fortnite with this method? Also can you add rare / unreleased skins to your account. Thanks

Hey, I'm trying to find a way to query servers and their player's info on another game on ark survival which utilises the Epic Online Services. Is it possible using this approach, and could you advise on how to find the client ID / secret? Thanks

I am making a fortnite bot and I am trying to figure out what this does, Can someone explain?

Epic Games changed the exchange code authentication from GET request on https://www.epicgames.com/id/api/exchange to POST request on https://www.epicgames.com/id/api/exchange/generate.
So you should probably update your notes.

Ever since Epic started encrypting the in-game memory for Fortnite, the BenBot has been unable to extract the keys from the game, which means the free flow of updated keys posted online by BenBot has stopped. These keys are needed to view all the content of the game, like unreleased weapons, with the software FModel.

One workaround for this would be to directly download the keys from Epic's server. Does anybody here know the official API endpoint for getting Fortnite AES keys, and the exact method to contact this endpoint?

I searched this repository but couldn't find anything, so how do I use it.
Which endpoint do I need to use? What has to be in the header and what has to be in the body of the request?

Hey, im trying to get the cosmetics and some info player using the QueryProfile, I use Node.JS and axios. My code is:

let head = {
'Content-Type': 'application/json',
'Authorization': `bearer ${res.data.access_token}` //<- Here i use the access_token previously defined
   }
   //I think data is not necessary but I use it too
   let data = {
     'grant_type': 'authorization_code',
     'code': code
   }
   let res3 = await axios.post(`https://fortnite-public-service-prod11.ol.epicgames.com/fortnite/api/game/v2/profile/${res.data.account_id}/client/QueryProfile?profileId=athena&rvn=-1`, head, data).catch(e => console.log(e))
  console.log(res3.data)```
  The error is: 401

get cosmetics from account

First thanks for putting this research together!

I've been trying all day to work out the generation of the deviceId, via Postman. Your instructions are:

Authenticate yourself with an fortniteIOSGameClient token with your preferred method of authentication.

Call https://account-public-service-prod.ol.epicgames.com/account/api/public/account/{accountId}/deviceAuth with method POST. Your response should look something like:

{
  "deviceId": "...",
  "accountId": "...",
  "secret": "...",
  "userAgent": "Any HTTP Client/0.1",
}

So "Authenticate yourself with an fortniteIOSGameClient" - I go to the table later in the document and pull out:

Client Name	Client ID	Secret
fortniteIOSGameClient	3446cd72694c4a4485d81b77adbb2141	9209d4a5e25a457fb9b07489d313b41a

Using these I login via OAuth:

I then reuse the client ID in the URL for the deviceAuth (X below), and use the generated OAuth token as a bearer token in the authentication of the second request:

The result is:

Sorry your login does not posses the permissions 'account:public:account:deviceAuths CREATE' needed to perform the requested operation

What am I doing wrong?

check if email is registered

Hey,

Discord invite link has expired, can you update it? Thanks.

How do I change the display name of the account thats currently logged in? Via the metadata endpoint or is there something else?

Can you make a new invite because the old one is invalid. Thanks

Hey!

Recently Fortnite stopped request more DailyQuest when I use "ClaimLoginReward", obligating me to sign in mode to get new daily quest

Someone know other mcp that I can also use to refresh/get new DailyQuest, I was investigating to use "RefreshExpeditions" but I don't know what it does or if will help.

Thanks

Mainly I want this for Fortnite stuff

Hello, which api can get user's game list and play duration? Please!

Please can you provide some information regarding endpoints for STW?
Thanks

Device code getting documentation is pretty empty, it not really helpful. I always get
Authentication failed for /api/oauth/deviceAuthorization

Here the full request

Host: account-public-service-prod03.ol.epicgames.com
Content-Type: application/x-www-form-urlencoded
Content-Length: 29

grant_type=client_credentials

https://github.com/MixV2/EpicResearch/blob/master/docs/auth/grant_types/exchange_code.md

"Send a GET request to https://account-public-service-prod.ol.epicgames.com/account/api/oauth/exchange with a valid Authorization header"

What do I have to use in the Authorization header?

Hello,

I am looking for a coder for a advanced Fortnite bot. Looks like you have the skills. Please contact me via email at [email protected]