QueryProfile

[ad1txx1]

Issue Checklist

• [X] I have properly named the issue
• [X] I looked in issues/discussions, if my question was previously anwsered

What is the Request Method?

POST

What is the Request URL?

https://fngw-mcp-gc-livefn.ol.epicgames.com/fortnite/api/game/v2/profile/fbec52b969644409a011a18851311dd6/client/common_public

What are your Request Headers (if applicable)?

authorization bearer

What are your Request Payload/Body (if applicable)?

nil

What is the Response Status Code?

403

What are the Response Headers (if applicable)?

No response

What is the Response Content? (if applicable)

{ "errorCode" : "errors.com.epicgames.common.missing_permission", "errorMessage" : "Sorry your login does not posses the permissions 'fortnite:profile:accountId:commands ALL' needed to perform the requested operation", "messageVars" : [ "fortnite:profile:accountId:commands", "ALL" ], "numericErrorCode" : 1023, "originatingService" : "fortnite", "intent" : "prod-live" }

Additional Context (if applicable)

No response

[LeleDerGrasshalmi]

seems like you are not using an account id, or not fortnite user auth for that account

[ad1txx1]

seems like you are not using an account id, or not fortnite user auth for that account

i am but i removed it and replace with "accountId" for privacy reasons

also tried to create exchange code (https://account-public-service-prod.ol.epicgames.com/account/api/oauth/exchange) and getting the same error (raw):

{"errorCode":"errors.com.epicgames.common.missing_permission","errorMessage":"Sorry your login does not posses the permissions 'account:oauth:exchangeTokenCode CREATE' needed to perform the requested operation","messageVars":["account:oauth:exchangeTokenCode","CREATE"],"numericErrorCode":1023,"originatingService":"com.epicgames.account.public","intent":"prod"}

[ad1txx1]

seems like you are not using an account id, or not fortnite user auth for that account

i am but i removed it and replace with "accountId" for privacy reasons

also tried to create exchange code (https://account-public-service-prod.ol.epicgames.com/account/api/oauth/exchange) and getting the same error (raw):

{"errorCode":"errors.com.epicgames.common.missing_permission","errorMessage":"Sorry your login does not posses the permissions 'account:oauth:exchangeTokenCode CREATE' needed to perform the requested operation","messageVars":["account:oauth:exchangeTokenCode","CREATE"],"numericErrorCode":1023,"originatingService":"com.epicgames.account.public","intent":"prod"}

i fixed this but still didnt fix this: POST https://fngw-mcp-gc-livefn.ol.epicgames.com/fortnite/api/game/v2/profile/fbec52b969644409a011a18851311dd6/client/common_public

autorization bearer eg1~token (in headers)

payload:

dataP := map[string]interface{}{
            "grant_type":    "exchange_code",
            "exchange_code": respCode.Code,
            "token_type":    "eg1",
        }

error:

{
  "errorCode" : "errors.com.epicgames.common.missing_permission",
  "errorMessage" : "Sorry your login does not posses the permissions 'fortnite:profile:fbec52b969644409a011a18851311dd6:commands ALL' needed to perform the requested operation",
  "messageVars" : [ "fortnite:profile:fbec52b969644409a011a18851311dd6:commands", "ALL" ],
  "numericErrorCode" : 1023,
  "originatingService" : "fortnite",
  "intent" : "prod-live"
}

[ad1txx1]

i also tried using the normal EPIC_BEARER_TOKEN, not eg1 but still doesnt work.

i also tried with an empty payload and still the same error

[LeleDerGrasshalmi]

i also tried using the normal EPIC_BEARER_TOKEN, not eg1 but still doesnt work.

EPIC_BEARER_TOKEN is used as a cookie, not for normal service authentication.

that perm above shows you are either using the wrong account id (must be your own), are not using fortnite auth.

may share your oauth /token request basic auth.

[ad1txx1]

i also tried using the normal EPIC_BEARER_TOKEN, not eg1 but still doesnt work.

EPIC_BEARER_TOKEN is used as a cookie, not for normal service authentication.

that perm above shows you are either using the wrong account id (must be your own), are not using fortnite auth.

may share your oauth /token request basic auth.

i am using the same account id shown on the epic games personal page (unless we're talking about another account id?), im using the eg1 bearer in headers but still the perm error.

[LeleDerGrasshalmi]

The account is you are using is different from the account you are using to authenticate, that's your issue.

[ad1txx1]

its not, im using the bearer for the same accountId im passing in the API

[LeleDerGrasshalmi]

I mean, the error is very clear, you are doing something wrong.

[ad1txx1]

I mean, the error is very clear, you are doing something wrong.

headersE := map[string]string{
            "accept":                    "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7",
            "accept-encoding":           "gzip, deflate, br, zstd",
            "accept-language":           "en-US,en;q=0.9",
            "cache-control":             "max-age=0",
            "priority":                  "u=0, i",
            "sec-ch-ua":                 `"Google Chrome";v="129", "Not=A?Brand";v="8", "Chromium";v="129"`,
            "sec-ch-ua-mobile":          "?0",
            "sec-ch-ua-platform":        `"Windows"`,
            "sec-fetch-dest":            "document",
            "sec-fetch-mode":            "navigate",
            "sec-fetch-site":            "none",
            "sec-fetch-user":            "?1",
            "upgrade-insecure-requests": "1",
            "X-XSRF-Token":              xsrfToken,
            "user-agent":                "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36",
            "Authorization":             bearer,
        }

        reqE, err := http.NewRequest("GET", "https://account-public-service-prod.ol.epicgames.com/account/api/oauth/exchange", nil)
        if err != nil {
            fmt.Println(err)
        }

        for k, v := range headersE {
            reqE.Header.Set(k, v)
        }

        if proxyURL != nil {
            client.Transport.(*http.Transport).Proxy = http.ProxyURL(proxyURL)
        }

        respE, err := client.Do(reqE)
        if err != nil {
            fmt.Println(err)
        }

        defer func() {
            io.Copy(io.Discard, respE.Body)
            respE.Body.Close()
        }()

        contentEncoding2 := respE.Header.Get("Content-Encoding")
        bodyStrE, err := decompressBody(respE.Body, contentEncoding2)
        if err != nil {
            errorss++
        }

        var respCode Response
        err = json.Unmarshal([]byte(bodyStrE), &respCode)
        if err != nil {
            fmt.Println(err)
        }

        fmt.Println(respCode.Code)

        fmt.Println(bodyStrE)
        //fmt.Println(respE.Cookies())

        headersP := map[string]string{
            "Accept":                "application/json, text/plain, */*",
            "Accept-Encoding":       "gzip, deflate, br, zstd",
            "Accept-Language":       "en-US",
            "Content-Type":          "application/json",
            "Origin":                "https://www.twinmotion.com",
            "Priority":              "u=1, i",
            "Referer":               "https://www.twinmotion.com/id/register?redirect_uri=https%3A%2F%2Fwww.twinmotion.com%2Fen-US%2F&client_id=4f5e975e1b4c4b5caca20f70daa90c17&lang=en-US",
            "Sec-CH-UA":             `"Brave";v="129", "Not=A?Brand";v="8", "Chromium";v="129"`,
            "Sec-CH-UA-Mobile":      "?0",
            "Sec-CH-UA-Platform":    `"Windows"`,
            "Sec-Fetch-Dest":        "empty",
            "Sec-Fetch-Mode":        "cors",
            "Sec-Fetch-Site":        "same-origin",
            "Sec-GPC":               "1",
            "User-Agent":            "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36",
            "X-Epic-Access-Key":     "undefined",
            "X-Epic-Client-ID":      "4f5e975e1b4c4b5caca20f70daa90c17",
            "X-Epic-Display-Mode":   "web",
            "X-Epic-Duration":       "23764",
            "X-Epic-Event-Action":   "register",
            "X-Epic-Event-Category": "register",
            "X-Epic-Flow":           "register",
            "X-Epic-Platform":       "WEB",
            "X-Epic-Strategy-Flags": "isolatedTestFlagEnabled=false",
            "X-Requested-With":      "XMLHttpRequest",
            "X-XSRF-Token":          xsrfToken,
            "Authorization":         bearer,
        }

        dataP := map[string]interface{}{
            "grant_type":    "exchange_code",
            "exchange_code": respCode.Code,
            "token_type":    "eg1",
        }

        jsonData, err := json.Marshal(dataP)
        if err != nil {
            fmt.Println(err)
        }

        reqP, err := http.NewRequest("POST", "https://fngw-mcp-gc-livefn.ol.epicgames.com/fortnite/api/game/v2/privacy/account/fbec52b969644409a011a18851311dd6", bytes.NewBuffer(jsonData))
        if err != nil {
            fmt.Println(err)
            errorss++
        }

        for k, v := range headersP {
            reqP.Header.Add(k, v)
        }

        if proxyURL != nil {
            client.Transport.(*http.Transport).Proxy = http.ProxyURL(proxyURL)
        }

is there anything wrong here? the first request for the exchange code works, and it gives me an exchange code, but on the second one theres still the error. im using the bearer for the correct client id:

[LeleDerGrasshalmi]

there is so much 'wrong' here, why the heck are you using browser request headers here?? why is there an xsrf token?

why are you using twinmotion web request headers

doesnt make any sense & you did NOT include the basic auth u are using

[ad1txx1]

there is so much 'wrong' here, why the heck are you using browser request headers here?? why is there an xsrf token?

why are you using twinmotion web request headers

doesnt make any sense & you did NOT include the basic auth u are using

well its the same with or without headers but i finally fixed it. although now im getting this:

{
  "errorCode" : "errors.com.epicgames.fortnite.operation_not_found",
  "errorMessage" : "Operation campaign not valid",
  "messageVars" : [ "campaign" ],
  "numericErrorCode" : 16035,
  "originatingService" : "fortnite",
  "intent" : "prod-live"
}

this is the request:

reqP, err := http.NewRequest("POST", "https://fngw-mcp-gc-livefn.ol.epicgames.com/fortnite/api/game/v2/profile/8e2e55d4e5884cab869bd802d0a17508/client/campaign", bytes.NewBuffer(jsonData))
        if err != nil {
            fmt.Println(err)
            errorss++
        }

[LeleDerGrasshalmi]

thats because your request url is wrong, please read the docs

https://github.com/LeleDerGrasshalmi/FortniteEndpointsDocumentation/blob/main/EpicGames/FN-Service/Game/Profile/README.md#request

[ad1txx1]

https://fngw-mcp-gc-livefn.ol.epicgames.com/fortnite/api/game/v2/profile/8e2e55d4e5884cab869bd802d0a17508/client/athena?profileId=athena&rvn=-1

is this right?

[LeleDerGrasshalmi]

no, follow the linked docs.

[ad1txx1]

no, follow the linked docs.

{ "errorCode" : "errors.com.epicgames.modules.profiles.invalid_payload", "errorMessage" : "Unable to parse command com.epicgames.fortnite.core.game.commands.QueryProfile. Could not deserialize payload for com.epicgames.fortnite.core.game.commands.QueryProfile", "messageVars" : [ "com.epicgames.fortnite.core.game.commands.QueryProfile", "Could not deserialize payload for com.epicgames.fortnite.core.game.commands.QueryProfile" ], "numericErrorCode" : 12806, "originatingService" : "fortnite", "intent" : "prod-live" }

[LeleDerGrasshalmi]

you do not follow the docs.

[ad1txx1]

ok i thought it meant empty as in no payload. thanks for all the patience and help <3