Questions about the code (API)

[Araxeus]

I would open a discussion instead of an issue, but they don't seem to be enabled

what is https://bsp-td-prod.atoma.cloud ? it seems like its the url for the api that you fetch the items from?

so there is an official api for darktide?

https://github.com/danreeves/dt-exchange/blob/0f0fd2ab6285273befbe3bd791aadfb2d710015f/src/components/Store.tsx#L241

https://github.com/danreeves/dt-exchange/blob/0f0fd2ab6285273befbe3bd791aadfb2d710015f/src/hooks/useMasterList.ts#L5-L11

https://github.com/danreeves/dt-exchange/blob/0f0fd2ab6285273befbe3bd791aadfb2d710015f/src/utils.ts#L3-L7

[danreeves]

bsp-td-prod.atoma.cloud is the API for Darktide. It's technically not a public API, you need an auth token either from the account.atoma.cloud site or the game and most of the endpoints don't work with the web auth token.

[Araxeus]

So it's reverse engineered from the game code?

Have you made any kind of docs about its structure?

[danreeves]

Yeah, I reverse engineered it from the game code and the website code. I've not documented it.

[danreeves]

Do you have something in mind or need help with something?

[Araxeus]

Just looking through for now, thanks for the answers :)

would be cool if u could make unofficial docs for the api - it would help other people who might want to use it for something else

[danreeves]

Unfortunately there's not really anything else you can do with the API without a game auth token which is hard to get. I think documenting the API could be useful, yeah

[Araxeus]

a game auth token which is hard to get.

Could it maybe be possible to create a mod that captures that auth token?

[danreeves]

The authentication isn't exposed to the lua api mods have access to. I know people have MITM themselves to access it

[Araxeus]

I know people have MITM themselves to access it

How can I do that? Is it about capturing http traffic?

Maybe a program could be made that automate that for the average user

[danreeves]

yeah, it's about capturing http traffic. i would not recommend it for non-technical users because it impacts browsing the web (e.g. it can make browsers say all websites have invalid SSL certificates)

I know someone has used https://www.telerik.com/download/fiddler to MITM themself

[danreeves]

you can find some info by searching this archived discord https://discord.gg/ACH4WPXs

[Araxeus]

Looks to be very hard to bypass the ssl cert, I don't even see anyone that actually did it

https://discord.com/channels/1030483394104139827/1030483394104139830/1055464016794886246

https://discord.com/channels/1030483394104139827/1030483394104139830/1055040202449629225

[danreeves]

yes it's difficult and inconsistent 😅