Skip to content

Instantly share code, notes, and snippets.

@codecat

codecat/Webservices.md

Last active Aug 18, 2020
Embed
What would you like to do?
Trackmania Webservices

Authentication

Send a POST request to the following URL:

https://prod.trackmania.core.nadeo.online/v2/authentication/token/basic

With the following request parameters:

  • Basic auth with username/password set to your dedicated server login/password

  • Header Content-Type set to application/json

  • Json data as request body:

     {"audience":"NadeoLiveServices"}

Note that if you don't provide a json body, you get a token for audience NadeoServices. You may also request a token for the audience NadeoClubServices.

This will give you a JSON web token together with a refresh token:

{
	"accessToken":"eyJhbGciOiJIUzI1NiIsImVudiI6InRyYWNrbWFuaWEtcHJvZCIsInZlciI6IjEifQ.<payload>.<signature>",
	"refreshToken":"eyJhbGciOiJIUzI1NiIsImVudiI6InRyYWNrbWFuaWEtcHJvZCIsInZlciI6IjEifQ.<payload>.<signature>"
}

If you URL-base64-decode the payload, you get the following json object:

{
	"jti":"<uuid>",
	"iss":"NadeoServices",
	"iat":1595191016,
	"rat":1595192816,
	"exp":1595194616,
	"aud":"NadeoLiveServices",
	"usg":"Server",
	"sid":"<uuid>",
	"sub":"<uuod>",
	"aun":"mm",
	"rtk":false,
	"pce":false
}

Where exp defines the expiration time, and rat the time after which you are able to refresh the token.

Token refreshing

(Note that this is untested, but should work okay!)

To refresh your token, send a POST to the following URL:

https://prod.trackmania.core.nadeo.online/v2/authentication/token/refresh

With the Authorization header set to nadeo_v1 t=<full refresh token>.

The response is the same as with normal authentication.

Live services requests

To send requests to the live services, you simply have to add the header Authorization to every request with the value nadeo_v1 t=<access token>.

For example, to get a list of the tracks currently in track of the day, you could run this curl command:

curl -H "Authorization: nadeo_v1 t=<access token>" \
     -H "Accept: application/json" \
     -H "Content-Type: application/json" \
     https://live-services.trackmania.nadeo.live/api/token/campaign/month?offset=0&length=9

You can use Openplanet to inspect HTTP requests sent from scripts and find out more about the live services API. I have made this plugin specifically for that purpose.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.