Guild Wars 2

Dryalkiel.1385:

I’m getting the problems with listings.json as well. My Service had been running for months with no problems. Now listings.json doesn’t seem to work anymore. I tried it in my browser and it still throws an Access Denied response. search.json still works though.

Anyone aware of this issue?

I think they made a change to listing.json to also require your game client session key. You can’t use the session key that you get from logging in to their web site.

As for an example with C# source code, you can look here:

http://notifier.zicore.de/

Note: I am not Zicore and that is not my code. So, use it at your own risk.

Thanks… I tried this and unfortunately, the app cannot find my session key It just gives “squares” and some \0

The thing is, I AM able to get the sessionId from my application but when I use it to lookup search.json, it get a 401 error.

If I login with a browser and get the session Id from the cookie and skip the whole “GetSessionKey” part of my app, it works.

It’s like my session key expires as soon as I get it or something

Dryalkiel.1385:

The thing is, I AM able to get the sessionId from my application but when I use it to lookup search.json, it get a 401 error.

If I login with a browser and get the session Id from the cookie and skip the whole “GetSessionKey” part of my app, it works.

It’s like my session key expires as soon as I get it or something

You may have extracted the session key wrongly. Make sure the session key you got from the app. exactly matches the one showed in fiddler.

They can’t match since everytime you start a new session, you get a new one. I’ll mess around with it some more and if I find a solution I’ll post here.

StevenL.3761:

Your JS script calls the API controller on your own server: http://yourserver/tradingpost/listings. This when your C# code takes over. Your API controller first ensures that your server has a valid session, then gets the requested data from the TP service. Returning the data to your script can be as simple as calling ‘Response.Write(json)’. This is when your JS script takes over again. It’s not particularly hard, and I think you’re overthinking this.

tl;dr: your API controller acts as a proxy that hides the complexity of maintaining a session

Yes I might be, can I ask you again. Can you walk me through how to get “logged in” to the TP and then request some JSON data?

I have a controller action (MVC – asp.net) that has a cookie set (gotten from fiddler). What I don’t know how to do in asp.net, I don’t know if you can help me, is get my cookie from the server and start making requests so I can get json data. This is what I have so far:

public ActionResult GW2;
//myCookie.Expires = DateTime.Now.AddDays(1d);
//Response.Cookies.Add(myCookie);

Response.AddHeader(“s”, “XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX”);
Response.Redirect(“https://tradingpost-live.ncplatform.net/”);

return View();
}

*Edit, I just don’t know how to do this, I haven’t done this before.

Yay! Finally repaired it!

Basically, when you access the login page BEFORE login in, you get a session id in the cookies. You need to login with your email, password AND sessionId. this seems to “bind” the sessionid to your user. You also need to set the path and domain for your cookie → new Cookie(“s”, _SessionId, “/”, “guildwars2.com”);

@Fossilized Amber : You don’t want to use the sessionId from fiddler since everytime you login, you get a new sessionId. You’ll want to automate the “GetSessionKey” part of your application. You also don’t need to set the time the cookie expires. The response’s cookiecontainer will probably not return a Cookie object but you can retrieve it from Response.Headers[“Set-Cookie”].

Dryalkiel.1385:

Yay! Finally repaired it!

Basically, when you access the login page BEFORE login in, you get a session id in the cookies. You need to login with your email, password AND sessionId. this seems to “bind” the sessionid to your user. You also need to set the path and domain for your cookie -> new Cookie(“s”, _SessionId, “/”, “guildwars2.com”);

@Fossilized Amber : You don’t want to use the sessionId from fiddler since everytime you login, you get a new sessionId. You’ll want to automate the “GetSessionKey” part of your application. You also don’t need to set the time the cookie expires. The response’s cookiecontainer will probably not return a Cookie object but you can retrieve it from Response.Headers[“Set-Cookie”].

Like I have said, there are 2 levels of session ids. The one that you get from the website is the less useful form of session id because it would not allow you to buy items from the TP or see your own transactions. You may not even be able to use that to see the listings.json of each item.

The session id from the client would allow you to do all that and you can see that session id through fiddler when you open the TP dialog in the game.

They are BOTH set in the cookie of your requests. The session id usually remains valid for a long while.

Email, password and session id. Besides finding a way to automate getting a session id from fiddler, if I am understanding this more, I need to have my email, password and session id on hand?

While I hate sounding like a broken record, Dryalkiel, can you explain what you mean by Response.Headers[“set-cookie”]? I don’t have enough experience to know what classes to use to do this. I was looking around at an HttpResponse class (something like that) in order to POST my information to the server (and bind this all to my user?). Should I be using a GET?

I understand this conceptually but not how to do it in code.

Fossilized Amber.1352:

Email, password and session id. Besides finding a way to automate getting a session id from fiddler, if I am understanding this more, I need to have my email, password and session id on hand?

Once you have your session id, you don’t need your email and password anymore.

If you plan to get the less useful session id from the website, then you need to login using your email and password.

If you plan to get the more useful session id from the game client, you don’t need those. But you would probably need to write a program to access that session id.

That’s okay, the web sessionId is enough for me. My application just looks up prices. It doesn’t buy or sell so I don’t need the ingame key. Search.json does return a buy and sell price so I won’t need listings.json anymore. Thanks for the help though

@Fossilized Amber : Well, if you don’t have enough experience in this, isn’t this too big a project for you? At any rates, you might want to read up on a few things before diving in.

Here’s some useful links :
http://www.w3schools.com/tags/ref_httpmethods.asp
http://msdn.microsoft.com/en-us/library/system.net.httpwebrequest.aspx
http://msdn.microsoft.com/en-us/library/system.net.httpwebresponse.aspx

And no, not automate from FIDDLER. Fiddler is just a tool to lookup the info sent and obtained from your browser. You’ll want to automate the sessionId part from within your application by loging in with some HttpWebRequests.

You’ll want to lookup GW2Spidy too. It’s in PHP but the logic is basically the same.

It looks like they dropped the use of the “Character GUID.” When I run fiddler I no longer see the Character GUID being passed along with the session ID in the cookies section.

I looked into this because a program I made a few months ago was throwing an authorization error at me when I started it up today. It’s been a few weeks since I used it last.

The other change I noticed is that: tradingpost-live.ncplatform.net has been changed to: tradingpost-dfw-live.ncplatform.net.

Dryalkiel.1385:

That’s okay, the web sessionId is enough for me. My application just looks up prices. It doesn’t buy or sell so I don’t need the ingame key. Search.json does return a buy and sell price so I won’t need listings.json anymore. Thanks for the help though

That why I said it depends on what you need; the type of application that you want to write.

One thing to watch out for though, even if you are looking at the buy/sell price you have to be aware that there is a caching bug on the TP especially on fast moving items where the buy/sell price obtained from the TP (through search or items.json) is an outdated cached version. Listings.json does not have this problem and buy/sell price without quantity is limited for most usage. You only need 1 crazy buyer or seller to give you the wrong impression on the demand/supply of that item.

Rand.3186:

It looks like they dropped the use of the “Character GUID.” When I run fiddler I no longer see the Character GUID being passed along with the session ID in the cookies section.

I looked into this because a program I made a few months ago was throwing an authorization error at me when I started it up today. It’s been a few weeks since I used it last.

The other change I noticed is that: tradingpost-live.ncplatform.net has been changed to: tradingpost-dfw-live.ncplatform.net.

Just return an empty string now for character guid. You can still use tradingpost-live.

DarkSpirit.7046:

Just return an empty string now for character guid. You can still use tradingpost-live.

Yeah, that’s how I got around to fixing it. Wasn’t a problem once I realized what was changed. I only posted it so that anyone else bumping into the issue would know why.

One other thing I noticed around a month or so ago was that you more or less have to use listings.json now in order to be sure that you’re getting the current highest buy order / lowest sell price of an item.

Example: http://www.gw2spidy.com/item/20853 — Shows 99g. Cheapest is actually 9g. (This is not a fast moving item). This might only be an issue with relatively new items on the trading post? I haven’t quite figured out what the deal is with it. I think this might have been an intentional change to speed up the Trading Post; there was a patch a month or so ago that made the trading post much more responsive.

Ok, I’ve made progress. Dryalkiel can you look at this?

http://pastebin.com/ybP0zqer

I’ve used my session id from fiddler and I’m getting an “unauthorized” message back.

Why are you setting UseCookies to false? Also, did you realize that you are never actually injecting your instance of HttpClientHandler into the HttpClient?

Line 35

UseCookies = true

Line 38

using (httpClient = new HttpClient(httpClientHandler) { BaseAddress = baseAddress })

Of course! How did I not see that, thank you for your eagle-eyes StevenL.

I’ve got an updated pastebin here, it’s almost done. Another question I’m sending out, I am trying to save the HttpResponseMessage in a private variable in my class. The console doesn’t change output so this variable isn’t being correctly set. Any clue why that is?

http://pastebin.com/Hzubkr5h

*You can copy/paste the code as is (filling in the session id from fiddler) if you’d like to try it out yourself

they changed something in their tradingpost link. can’t get it work anymore. and i’m too lazy right now to check for a new link

Looks like this doesnt work anymore?

Pat Cavit.9234:

ameerpostalman.8975:

Looks like this doesnt work anymore?

TP was completely rewritten and all these endpoints are gone, yes.

When was the TP completely rewritten? Because they only stopped working on 2nd Dec.

Assuming that the original ncplatform APIs were reverse-engineered using web debugging proxies, what is stopping anybody from doing the same for the updated trading post?

Risingashes.8694:

When was the TP completely rewritten? Because they only stopped working on 2nd Dec.

https://www.guildwars2.com/en/news/introducing-the-new-trading-post/

darthmaim.6017:

Risingashes.8694:

When was the TP completely rewritten? Because they only stopped working on 2nd Dec.

https://www.guildwars2.com/en/news/introducing-the-new-trading-post/

Yes obviously the TP was rewritten at that point, yet the web endpoints were disabled this patch. Meaning the causal statement: The Trading Post was rewritten and as a result the web endpoints were broken- which @Pat Cavit seems to be suggesting doesn’t seem true.

If there were multiple rewritings that would make sense.

Does that imply that we should get faster loading times now than back when the updated TP was launched?

So, is direct interaction with the TP still allowed though? I’d like to manage my transactions and especially add new ones while in university, where I can’t run GW2 on my netbook.