search

andshrew / PlayStation-Trophies

Sony has an API for retrieving details of the trophies an account has earned, but there is no public documentation for using it. This is an attempt at documenting the API by capturing the requests made by the https://my.playstation.com web site.
MIT License
100 stars 4 forks source link

player's accountId #10

Closed rafaelfgyn closed 1 year ago

rafaelfgyn commented 2 years ago

hey andshrew,

congratulations for this amazing project.

I wonder if you know some route in the playstation api to get player's accountId of any player non related to the npsso key. For example, to get accountId of all player's friends.

andshrew commented 2 years ago

Hi @rafaelfgyn

Thanks for your comment. I know of the following endpoints you can use. You should be able to authenticate to these in the same way which is mentioned here.

https://m.np.playstation.net/api/userProfile/v1/internal/users/me/friends

This returns a list of the accountIds on the friends list of the account you used to authenticate with. You can also swap me for another accountId and you will get their friends list back (assuming the authenticating account has permission to view the other accounts friends list).

https://m.np.playstation.net/api/userProfile/v1/internal/users/{accountId}/profiles

This returns the basic profile details for an account so you can discover the onlineId (their PSN name) from an accountId.

https://m.np.playstation.net/api/userProfile/v1/internal/users/me/friends/{accountId}/summary

This gives you a relationship summary between the accountId and the authenticating account (are they a friend, a close friend, how many mutual friends you have etc).

It would be nice if there was a way to get the accountId and onlineId in a single request but I've not come across such an endpoint for doing that.

rafaelfgyn commented 2 years ago

man, thank you so much for all the hard work that you put in discovering some much about Sony's API. I'm about to launch a webpage so players can see their accounts, all thanks to your work, I have been work on this for about 2 years lol, so thank you again. That been said, I have to ask: How did you manage to discover so much about Sony' API? How did you find the endpoints, etc... I would like to help investigating the API, I believe there're more useful endpoints to be found.

andshrew commented 2 years ago

Hi @rafaelfgyn

You're welcome, I'm glad it's been a useful resource for developing your web site.

Regarding discovery, as Sony have reduced the amount of services which are available via a regular web browser the majority of the current APIs come from inspecting the mobile PS App. You could discover a lot just by inspecting the files within the app package. They were originally visible in the plain text Javascript file (or at least visible enough that you could work out what they would be). You can still do this, but current versions of the app have these files compiled into Hermes bytecode so you have to disassemble it with a tool like https://github.com/bongtrop/hbctool.

The other way is capturing and inspecting the traffic that the app is generating as you use it but that's not straight forward now due to the lengths developers go to try prevent this (eg. SSL certificate pinning), although it is still possible.

rafaelfgyn commented 2 years ago

I did manage to get the endpoints via regular web browser, after the launch of ps5 with the new api, they ended the old api and I lost all my job, it was a sad day to me (lol), now that everything turns around the mobile app, I'm lost. I know too little about mobile =/. I've tried to use some app the inspects the traffic but with no success.

rafaelfgyn commented 2 years ago

Hey man, do we have any endpoints to get the Id of a specific user?

andshrew commented 2 years ago

Hi @rafaelfgyn

The closest thing I'm aware of which can effectively do a username to id lookup is their search API (so whether someone appears in this is going to depend on their privacy settings relative to the account you are using to perform the request).

The endpoint URL is: https://m.np.playstation.com/api/search/v1/universalSearch

You need to POST an application/json request with the following content:

{
  "searchTerm": "rafaelfgyn",
  "domainRequests": [
    {
      "domain": "SocialAllAccounts",
      "socialSearchParams": {
        "strictGrouping": true
      },
      "pagination": {
        "cursor": "",
        "pageSize": 20
      },
      "featureFlags": {
        "isSpartacusEnabled": true
      }
    }
  ],
  "countryCode": "gb",
  "languageCode": "en",
  "age": 99
}

You'll get a response like:

{
  "domainResponses": [
    {
      "domain": "SocialAllAccounts",
      "domainTitle": "Results for SocialAllAccounts with search term \"rafaelfgyn\"",
      "domainTitleMessageId": "msgid_null",
      "domainTitleHighlight": [
        "Results for SocialAllAccounts with search term \"",
        "rafaelfgyn",
        "\""
      ],
      "zeroState": false,
      "next": "",
      "totalResultCount": 1,
      "results": [
        {
          "id": "id",
          "type": "social",
          "score": 236.3765,
          "socialMetadata": {
            "accountId": "1234567890",
            "country": "BR",
            "language": "pt",
            "onlineId": "rafaelfgyn",
            "isPsPlus": false,
            "isOfficiallyVerified": false,
            "avatarUrl": "http://static-resource.np.community.playstation.net/avatar/3RD/UP00011308076_37E14E48D0E885B75F69_L.png",
            "verifiedUserName": "",
            "highlights": {
              "onlineId": [
                "",
                "rafaelfgyn"
              ]
            }
          }
        }
      ]
    }
  ],
  "fallbackQueried": false
}

You can use the same method of authentication as all of the trophy endpoints.

andshrew commented 2 years ago

Hi @Sakreetos

You need to authenticate the request for it to work - see obtaining an authentication token from the documentation here for an example of how you can do that. Continuing the example using Powershell 7 after you've got your $token you would then run the following:

$body = '{
  "searchTerm": "rafaelfgyn",
  "domainRequests": [
    {
      "domain": "SocialAllAccounts",
      "socialSearchParams": {
        "strictGrouping": true
      },
      "pagination": {
        "cursor": "",
        "pageSize": 20
      },
      "featureFlags": {
        "isSpartacusEnabled": true
      }
    }
  ],
  "countryCode": "gb",
  "languageCode": "en",
  "age": 99
}'

Invoke-RestMethod -ContentType "application/json" -body $body -Uri "https://m.np.playstation.com/api/search/v1/universalSearch" -Method Post -Authentication Bearer -Token $token
Sakreetos commented 2 years ago

Yeah, already figured that out. Thank you)

rafaelfgyn commented 2 years ago

Man, thanks again for that. this endpoint is extremely useful. If you have any endpoints still to share please don't hesitate, or just update your documentation. If there's anything I can do to help just reach me out.

Changing of topic... did you see this? https://blog.playstation.com/2022/07/14/introducing-playstation-stars-an-all-new-loyalty-program/

isFakeAccount commented 1 year ago

You can use https://us-prof.np.community.playstation.net/userProfile/v1/users/{online_id}/profile2?fields?accountId%2ConlineId%2CcurrentOnlineId to get the account id from online id

andshrew commented 1 year ago

You can use https://us-prof.np.community.playstation.net/userProfile/v1/users/{online_id}/profile2?fields?accountId%2ConlineId%2CcurrentOnlineId to get the account id from online id

That seems to work perfectly, but there's a small typo it should be fields= not fields?

https://us-prof.np.community.playstation.net/userProfile/v1/users/{online_id}/profile2?fields=accountId%2ConlineId%2CcurrentOnlineId

isFakeAccount commented 1 year ago

Yes, there is a typo. I messed up when copying from python to URL format.