VerifyPin endpoint not working (security check)

Kerchakk commented 1 month ago

Issue Checklist

[X] I have properly named the issue
[X] I looked in issues/discussions, if my question was previously anwsered

What is the Request Method?

POST

What is the Request URL?

https://egs-platform-service.store.epicgames.com/api/v1/private/egs/account/content-controls/verify-pin

What are your Request Headers (if applicable)?

headers = { "Authorization": f"Bearer {token}", "Content-Type": "application/json", "User-Agent": "Fortnite/++Fortnite+Release-12.61-CL-13567329 Windows/10.0.19041.1.256.64bit", "Accept": "application/json", }

What are your Request Payload/Body (if applicable)?

json={"pin": "000000"}

What is the Response Status Code?

403

What are the Response Headers (if applicable)?

{'Date': 'Fri, 04 Oct 2024 12:51:56 GMT', 'Content-Type': 'text/html; charset=UTF-8', 'Transfer-Encoding': 'chunked', 'Connection': 'close', 'Accept-CH': 'Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA', 'Critical-CH': 'Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA', 'Cross-Origin-Embedder-Policy': 'require-corp', 'Cross-Origin-Opener-Policy': 'same-origin', 'Cross-Origin-Resource-Policy': 'same-origin', 'Origin-Agent-Cluster': '?1', 'Permissions-Policy': 'accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()', 'Referrer-Policy': 'same-origin', 'X-Content-Options': 'nosniff', 'X-Frame-Options': 'SAMEORIGIN', 'cf-mitigated': 'challenge', 'cf-chl-out': '', 'Cache-Control': 'private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0', 'Expires': 'Thu, 01 Jan 1970 00:00:01 GMT', 'Set-Cookie': '__cf_bm=; path=/; expires=Fri, 04-Oct-24 13:21:56 GMT; domain=.store.epicgames.com; HttpOnly; Secure; SameSite=None', 'Vary': 'Accept-Encoding', 'Server': 'cloudflare', 'CF-RAY': '', 'Content-Encoding': 'br'}

What is the Response Content? (if applicable)

response is html code implicty saying that its flagged : }, en: { challengeTitle: 'One More Step', challengeSubtitle: 'Please complete a security check to continue', sessionId: 'Session ID', ipAddress: 'IP Address', },

Additional Context (if applicable)

i did enable parental control and set a code in epic games website
the static token is 100% working with others requests

LeleDerGrasshalmi commented 1 month ago

That's cloudflare anti bot protection, not an error from epic.

Kerchakk commented 1 month ago

Is there no way to do it ? Whats the use of the endpoint if its unusable ?

LeleDerGrasshalmi commented 1 month ago

it is not unusable, there are ways to access it, but i would recommend just using the api directly

POST https://content-controls-prod.ol.epicgames.net/content-controls/:accountId/verify-pin

{
    "pin":"000000"
}

Kerchakk commented 1 month ago

that all ? damn why didnt i find this endpoint earlier ? i was starting to think about bypassing cf_clearance and cf_duid Thanks for the help, appreciate it

LeleDerGrasshalmi / FortniteEndpointsDocumentation