Cant Login due to Leagues API returned malformed data... server replied: Forbidden

[Squirtrex]

Cant login to acquisition due to the above message. I think it may have to due with rate limiting issues that are currently still being worked on? I also get stuck in infinte loops of rate limiting when fetching stash tabs that always get blocked. Anyone know of a fix for this?

[eugenikus8]

The same thing, yesterday it worked fine, today it no longer works

[PIYAL95]

same issue

[ArchDemons]

in file network_info.h need to change USER_AGENT to sting of any browser information like Mozilla/5.0 Gecko/20100101

[dykensp]

in file network_info.h need to change USER_AGENT to sting of any browser information like Mozilla/5.0 Gecko/20100101

did you recompile with above changes and it worked?

[ArchDemons]

did you recompile with above changes and it worked?

Yes

[Jozen2023]

can't find that file in aquisition install folder...can u be a tad more specific with instructions to make it work, ty

[ArchDemons]

can't find that file in aquisition install folder...can u be a tad more specific with instructions to make it work, ty

this file in sources.

https://github.com/testpushpleaseignore/acquisition/blob/4149f73f4c597d237c10749d6bbb49709130eeb7/network_info.h#L10

[AbBa221]

any link for working one? idk how to recompile

[testpushpleaseignore]

Don't have time to develop a fix for this right now, but if you set your User Agent to something generic (like what web browsers use), then who knows what GGG might do to your account. I would assume that it would be a form of Rate Limiting evasion, so do so at your own risk.

Here's their statement on what the User Agent should be for any programs talking to their APIs: https://www.pathofexile.com/developer/docs#:~:text=Any%20application%20that%20interacts%20with%20our%20API%20must%20set%20an%20identifiable%20User%20Agent%20header%20prefixed%20using%20the%20following%20format

[testpushpleaseignore]

Finally got a chance to get my debugger going for the project, and see the following response when launching the program:

{
    "error": {
        "code": 6,
        "message": "Temporarily Unavailable; This version of Acquisition is causing issues and has been blocked"
    }
}

Not much I can do right now, since I'm not getting too much info as to why it's being blocked, though from the previous update from GGG (https://github.com/testpushpleaseignore/acquisition/issues/41#issuecomment-1685131230), I won't be surprised if 0.9.7 is being blocked due to excessive requests to their API as well.

[Jozen2023]

0.9.6. doesnt work either, since about 2 days....was working fine before

[Marconium2]

Any update on what we can do to get this fixed? kinda painful to sell items lol

[Jozen2023]

I have a solution: abandon PoE...it seems like is slowly dying anyway..

[aiolos01]

Seems acquisition has been banned because of excessive requests.

I guess the way yo go would be:

1. Create a new version that does not autoupdate anything. This way we can update the few tabs that actually change (non remove-only) when we need to and without hitting the rate limiter.
2. Notify GGG that the issue has been resolved and get acquisition unbanned (only the new version as whoever still has the old one would cause the same issues).

[livejamie]

In order for Acquisition to get unblocked it needs to fix going over rate limits or switch to using OAuth.

[livejamie]

Alternatively, there's https://github.com/benjaminjackman/looty which is currently working, although I don't believe @benjaminjackman is maintaining it anymore.

http://poestack.com is another resource depending on what type of items you're searching for

[gerwaric]

Ack. I missed this thread while I was gone, so what I posted to https://github.com/testpushpleaseignore/acquisition/issues/43 a few days ago should have been posted here.

Basically, I've been working on an update that follows GGG's rate-limit policies dynamically. None of the limits are hard-coded because I'm parsing them from the http repsonse headers like GGG says we are supposed to. It's been tested by myself in the US as well as someone in the EU with different language and time zone settings. The language matters because I'm using the Date field in the http response headers. (Parsing the date incorrectly for non-English users was the problem with the aborted 0.9.8 release.)

For testing, I bumped the version number to 0.9.9-rc1 and my test build isn't being blocked.

I'd love to release an update, but I want to avoid repeating what happened with 0.9.8, so I'd like to get a few more people to help me test things over the next week or two if possible. I rewrote several big chunks of ItemsManagerWorker, so I'm sure there are bugs I haven't found yet. I really don't want to risk getting acquisition blocked again, or cause problems with anyone's accounts due to accidentally flooding GGG due to another bug.

[livejamie]

Is this easier to implement versus OAuth login?

[gerwaric]

@livejamie With OAuth, I suspect we'd have to switch to the https://api.pathofexile.com endpoints, and that could be a heavy lift. It is probably worth tackling after rate-limiting is implemented and acquisition is working again, however.

[aiolos01]

It's currently impossible to use OATH for a standalone application. On;y server based apps like poeastack and filterblade can use it. This is the same problem that PoB is facing. GGG has promised changes to its API to allow this but so far it hasn't implemented them.

[NokTham]

It's currently impossible to use OATH for a standalone application. On;y server based apps like poeastack and filterblade can use it. This is the same problem that PoB is facing. GGG has promised changes to its API to allow this but so far it hasn't implemented them.

What do you mean by server based? Exile Diary Reborn has OAuth implemented, and it's able to fetch stashes.

[ScopeyNZ]

@aiolos01 Public clients have been supported by the Path of Exile API for several months now: https://www.pathofexile.com/developer/docs/authorization#clients-public

[gerwaric]

@NokTham, It looks like Exile Diary Reborn is a confidential client, not a public one like Acquisition would need. It's authentication requests are passed through https://exilediary.com/auth/token, which you can see here: https://github.com/Qt-dev/exile-diary/blob/main/src/main/AuthManager.ts

For Acquisition use a confidential client like Exile Diary, someone would have to setup and maintain a similar web service, which goes beyond a code update. The alternative is a public client like @ScopeyNZ mentions.

Does anyone know of any public clients approved by GGG? I can't find any on reddit or via web searches, but I'm new to the Path of Exile developer scene.

I've thought about tackling OAuth once I can take v0.9.9 (which fixes rate-limiting) out of beta. However, OAuth looks like a heavy lift. The old API used by Acquisition is quite different from the one supported by OAuth and described in the developer documentation. That's potentially a bigger rewrite than rate limiting was.