Web API

The TrackMania Forever game client uses a based web API to communicate with the master server. This article attempts to document the API with the potential goal of eventually having a fully functional custom master server.

Basic concepts
TrackMania uses a XML-RPC based API to authenticate players, load server lists, load rankings, etc. Below is some documentation about what has been reversed engineered. A lot is still left to be documented, as logged on the Progress page.

The game sends HTTP(s) POST requests to to communicate with the API, using the headers:  and
 * http://game.trackmaniaforever.com/online_game/request.php
 * http://game2.trackmaniaforever.com/online_game/request.php
 * http://nations.trackmaniaforever.com/online_game/request.php

Request
 TmForever 2.11.16    MOLUX fr    [...] [...]      [...]    [...]

Here is a description of the xml:


 * root
 * game
 * name The client you are using. Known values: TmForever
 * version Version of the client.
 * distro Unknown. Set to MOLUX for TMNF or TAHOR for TMUF.
 * lang Language of the client, as ISO 639-1.
 * author See .
 * request
 * name Name of the requested function.
 * param Parameters for the call.
 * auth Optional. Only seen on Connect and Disconnect.
 * value Looks like an auth ticket.

Author
The author tag identifies the user sending the request. In this documentation, three cases are possible for the author tag:

 The method doesn't require authentication (denoted as "No (Empty)"), the author tag is filled with following content:  The method requires user name (denoted as "No (Set to 1)"), the author tag is filled with following content: the user's name 1  The method requires authentication (denoted as "Yes"), the author tag is filled with following content: the user's name the session's id  

Response
   [...]  [...]    </r> <e>execution time : 0.0010 s</e> </r>

Here is a description of the returned xml:


 * r
 * r
 * n The name of the called function.
 * c The returned data.
 * e A string giving the execution time.

GetConnectionAndGameParams
''Gets a lot of information. First request sent by client.''

AddBuddy
Add a friend to the friends list

List of seen error codes:

CheckLogin
Checks if login is already used for account creation.

MailAccount
Requests the server to send a password recovery email.

Disconnect
Closes connection.

GetBuddies
Get friends list.

GetManialinkInfos
Gets infos about a manialink.

GetManialinkResource
Gets info about a maniacode

GetOnlineProfile
Gets infos about the player.

GetLeagues
Gets the regions list.

OpenSession
Gets a session ID.

k is hard-coded in the game's binary. One value has been seen, both for United and Nations: MIGdMA0GCSqGSIb3DQEBAQUAA4GLADCBhwKBgQCpBgX3c4ezM18RiGPlQiVKINu+JicxOd6yuHl5q30 00CdTLu53A3ceuelum2+ui+MmASL3JjmVVOoNURvK7GCt79wLUUSbtTaZPXPr73TioZBCVkPd8chAb8 EurZtlDp5QQvDCaoCfFJ4V8VJgM0IK0qVIHRP+D03tKgb2WOgK9QIBEQ==

RemoveBuddy
Remove a friend from the friends list

Subscribe
''Registers a new account. Warning: This is sent over HTTPS.''

RedirectOnMasterServer
This response happens sometimes. It tells the client to switch auth server. When received, the client sends same request it just sent, but to the other server specified.

Here is a description of the response:


 * a
 * b Name of the game.
 * c New server address to use.
 * d Endpoint (generally online_game).
 * e HTTPS port.
 * f HTTP port.
 * g Base region (World).
 * h ?. Set to 1
 * i ?. Set to 1
 * j (Maybe) List of authorized/available remote methods (described below), or permissions.
 * k One remote call (multiple of them in the j tag)
 * l Method/Permission name.
 * q Might be if authorized/available or not (seems always 1).

Here is a list of the methods that have been seen in k:


 * AddCustomChallenge
 * AddResults
 * CheckServerPassword
 * Connect
 * ConvertAccount
 * CreateGroup
 * Disconnect
 * GetChallenge
 * GetChallengeFromUId
 * GetManialinkResource
 * GetReplay
 * MoveFromLeague
 * PayCoppersTransaction
 * SLiveUpdate
 * SendMessages
 * ShareChallenge
 * StartOfficialRecord
 * StopOfficialRecord
 * Subscribe
 * SubscribeToGroup
 * UnsubscribeFromGroup
 * UpdateOnlineProfile
 * UploadOfficialRecord
 * ValidateSoloAccount

How to help
Use a to see the game's communication while experimenting with client features, and describe requests and responses in as much detail as possible.