Web API

From Mania Tech Wiki
Revision as of 12:23, 12 May 2019 by Maxoufox (talk | contribs) (OpenSession)
Jump to navigation Jump to search

Goal and how to help

One day, eventually, Trackmania will reach his EoL. This is about documenting as much as possible to eventually get the point of having a fully functional custom authentication server. If you want to give help, go ahead. Just grab fiddler and start tweaking around with the game. You can check what has already been done on the Progress page.

Basic concepts

TrackMania uses a XML-RPC-like API to authenticate players, load server lists, load rankings, etc... Here is some documentation about what has been reversed engineered. A lot is still left to be documented.

The game sends unencrypted POST requests to

to communicate with the API.

It sets two headers: User-Agent: GameBox and Accept: */*, and uses the following format as request body :

<?xml version="1.0" encoding="UTF-8"?>
<root>
  <game>
    <name>TmForever</name>
    <version>2.11.16</version>
    <distro>MOLUX</distro>
    <lang>fr</lang>
  </game>
  <author>
    <login/>
    <session/>
  </author>
  <request>
    <name>[...]</name>
    <params>
      [...]
    </params>
  </request>
  <auth>
    <value>[...]</value>
  </auth>
</root>

Here is a description of the parameters :

  • root
    • game
      • name the client you are using. Known values: TmForever
      • version Version of the client
      • distro Unknown. Set to MOLUX for TMNF or TAHOR for TMUF
      • lang lang of the client, as ISO 639-1
    • author
      • login is not set when calling GetConnectionAndGameParams
      • session is not set when calling GetConnectionAndGameParams
    • request
      • name Name of the requested function.
      • param Parameters for the call.
    • auth Optional. Only seen on Connect and Disconnect
      • value Looks like an auth ticket.

The server responds with XML, which has obfurscated names:

<?xml version="1.0" encoding="UTF-8"?>
<r>
  <r>
    <n>[...]</n>
    <c>
      [...]
    </c>
  </r>
  <e>execution time : 0.0010 s</e>
</r>

Here is a description of the return:

  • r
    • r
      • n The name of the called function
      • c The return data
    • e A string giving the execution time.

Functions calls

GetConnectionAndGameParams

First request sent by client.

Session required? Parameters Response
No (Empty)
  • dedicated Set to 0 with TMF. Purpose is unknown. Maybe for servers.
  • download Max P2P download speed, as set in game config, in B/s
  • upload Max P2P upload speed, as set in game config, in B/s

CheckLogin

Used to check if login is already used for account creation.

Session required? Parameters Response
No (Set to 1)
  • l Player login.
  • e Set to 1 if login is used, otherwise 0.
  • p ?. Set to 0.

MailAccount

Used to make the server send a password recovery email.

Session required? Parameters Response
No (Empty)
  • login Player login

Empty response

Disconnect

Used to disconnect (Duh).

Session required? Parameters Response
Yes

Empty parameters

Empty response

GetLeagues

Used to get regions list

Session required? Parameters Response
No (Set to 1)

Empty parameters

  • l Multiple of them, one per region
    • a Region name
    • b Parent regions (Separated with "|", eg. "France|Alsace")
    • i An url pointing to the region's flag.

OpenSession

Used to open a session

Session required? Parameters Response
No (Set to 1)
  • cr ?
  • i Session ID
  • s ?. Seems Hexadecimal
  • k ?. Base64 encoded.


RedirectOnMasterServer

This response happens sometimes. It tells the client to switch auth server. When recieved, the client sends same request it just send, but to the other server specified.

Here is a description of the response:

  • a
    • b Name of the game
    • c New server address to use
    • d Endpoint (generally online_game)
    • e HTTPS port
    • f HTTP port
    • g Base region (World)
    • h ?. Set to 1
    • i ?. Set to 1
    • j (Maybe) List of authorized/available remote methods (described below), or permissions
      • k one remote call (multiple of them in the j tag)
        • l Method/Permission name
        • q Might be if authorized/available or not (Seems always 1).

Here is a list of the methods that have been seen in k:

  • AddCustomChallenge
  • AddResults
  • CheckServerPassword
  • Connect
  • ConvertAccount
  • CreateGroup
  • Disconnect
  • GetChallenge
  • GetChallengeFromUId
  • GetManialinkResource
  • GetReplay
  • MoveFromLeague
  • PayCoppersTransaction
  • SLiveUpdate
  • SendMessages
  • ShareChallenge
  • StartOfficialRecord
  • StopOfficialRecord
  • Subscribe
  • SubscribeToGroup
  • UnsubscribeFromGroup
  • UpdateOnlineProfile
  • UploadOfficialRecord
  • ValidateSoloAccount