GoW Official API!

EDIT (Sirrian):

I’ve removed the body of this message, as tinkering with the API is not something we want to promote on our forums, since it’s the first step on the path to bots & hacks, and quite likely that you’ll get banned (permanently), unless you’re quite savvy about how APIs work.


TLDR: Don’t use the API - it’s a VERY bad idea. You’ll likely get banned if you experiment.

As Nimhain mentioned to Samboy… we HIGHLY RECOMMEND not attemnpting to use the API. This API is not of the “friendly” type set up for external users. We have plans to add one of those a little later.
Any improper or incorrect use of this API can very easily result in automated account banning. There is no appeal process for this… no exceptions. Even if something works TODAY, we may change it, and at that point, incorrect calls may trigger an account ban.
Furthermore, any use of a 3rd party tool or website to access trhis API has the potential to steal your account information, which may then be used to take or hack your account


Nice job Sam…

Same with Krystara the Community Discord Bot^^

Thanks! I felt I needed to share this with the community.

Good job sam

Good job, whatever all this means… I got as far as “some quirks, including perma-banning the account and IP address used if the data supplied is incorrect” and thought yeah this isn’t for me…

1 Like

It’ll only do that if you don’t follow the instructions properly. And make the same error ~10 times in a row, by thinking “Hey, why isn’t this working? I know, I’ll just try again, instead of trying to do something meaningful!”

But, but, but… it is of “common user” knowledge that clicking at something or repeating the same stuff over and over eventually will make it work

Maaaan… computers so hard… :wink::laughing:


It really does annoy me when people think that spam-clicking something is going to help, and then when you go in and open, say, 3 windows to diagnose it (the program, a browser and task manager for example) they’re like “OMG you’re going to make it really slow with that much stuff open!”. Forget computers, PEOPLE are hard!


^^^ This is the most honest thing I’ve ever read.

1 Like

So, if I’m reading this correctly, first you do the authentication using a username/password which gives you a token (not sure how you get the token out of the body of the response, or if the entire body IS the token). Then you make another call as get_hero_profile with the player’s invite code to get “stuff”.

Does the invite code have to match who is logged in? I’m guessing not since you said that the server token isn’t currently required. It would be ideal if it doesn’t, so a website wouldn’t need a user to give their game login info to have the website get their collection data, only the invite code.

Any specifics on what type of data is returned?

when i am correct it is JSON format

Rasper. The token is the response body, then the “result” object, then just simply “ServerToken”. The invite code does NOT have to match the currently signed in user - the data for the currently signed-in user is returned along with the server token in a block called “pUser”. And yes, it’s JSON format, which is why it says that in the docs.

1 Like

Sorry to be a killjoy, folks, but we can’t have a thread like this on our official forums… you can share what you like privately, and mess around with stuff… but we can’t officially promote tools to get people banned so easily… it creates a nightmare for our support guys dealing with it.