Guild Wars 2

RedGlow.2715:

(apparently the presence of the Authorization header prompts the library/browser to preflight the request, and I don’t know enough of CORS to say if this is correct or not)

Just to add: you are right here. If there’s a custom header set, a preflight request is being sent in order to determine if the main request is safe to send.

See https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS#Preflighted_requests

Simply put: preflight requests are not supported. Thats why the access_token parameter exists in first place.

Lawton Campbell.8517:

Nabrok.9023:

A more paranoid person would say it’s a conspiracy to sell bank space!

Personally, I’d find it more believable if it were a conspiracy to sell character slots.

Yup, exactly that. Thick leather was invented to sell bank tabs…

Lawton Campbell.8517:

The wvw objectives endpoint needs changes made to content before it can be deployed — all of the objectives on the green/blue borderlands currently point to the lake.

Speaking of the underlying content: there are several problems i found while collecting the floor data – ok to open an issue on GitHub?

I guess WvW endpoints won’t be updated before HoT release, just to save up double work due to a major change (new borderland map).

Can’t you guys just put this thing on github so that others could contribute too?

€: combining the above files and clean out doubles yields this: https://gist.github.com/codemasher/e2e0e5e39de5dc4439e0

zeeZ.5713:

{"name": “00000000-0000-0000-0000-000000000000”,“profession”: 1,“race”: 1,“map_id”: 1029,“world_id”: 268435516,“team_color_id”: 0,“commander”: false,“fov”: 1.222,“supply”: 100,“health”: 300000}

Is 193 characters already, the mumble wiki defines the field as wchar_t identity²⁵⁶, so I may get be getting a bit angsty about how big those numbers can get and what other nonsense we want added there :P

Thats why i’ve thrown out all the redundant stuff. The only character info we’d need is the ID. Anything else is available via the API. So it’d be cool if we could get some more data here which is hard to get via the API.

Lawton Campbell.8517:

Also the mumble wiki says not to update it that often — because it’s just raw shared memory there’s no explicit synchronization. I’m a bit worried about hammering it with writes (e.g., the consumer might read corrupted JSON).

I really really want to just have like … a local websocket or something that you can connect to to register for events, but that’s still a long way off.

Ok, corrupted JSON isn’t cool. I mean, most of the data doesn’t change that often anyways, so an update every couple seconds would be ok, wouldn’kitten Ok, the player’s health would be sort of a problem then…

I’m still at work… will do later

That’s a good idea! Since launch of the /v2 API and it’s authorized endpoints there’s some data in the identity block which is redundant or unnessecary anyway. Time to clean up and add cool (realtime) stuff!

https://github.com/arenanet/api-cdi/blob/master/mumble.md

// Mumble Link Identity
// JSON-encoded string with the following fields
{
    "name": "Stabby Mcstabberson",
    "profession": 5,
    "map_id": 50,
    "world_id": 1001,
    "team_color_id": 0,
    "commander": false
}

{
    "character_id": "SOME UUID STRING",
    "map_id": 50,
    "team_color_id": 0,
    "commander": false,
    "health": 27586,
    "supply": 15,
...
}

Yay, my guild is famous!

I’m pretty sure this is not intended. In fact, there have been patches which turned numerical strings into actual numbers in other endpoints (items for example).

Flash is required, don’t know if it’s bundled with android chrome.
See also: https://github.com/arenanet/api-cdi/issues/44
and https://forum-en.gw2archive.eu/forum/community/api/The-copy-button-on-API-Key-Management

RedGlow.2715:

Well, both items you linked (yours, and mine) contain the details field, actually.

Now it gets super weird, because i could swear it wasn’t there. Caching issue, devs?

Well, if you haven’t access to a database, why not just save a .json (or whatever type suits you best) containing the recipe- and output-ids from recipes.json – that’d be enough to backlink.

Hmm, thats weird because usually there’s a “details” object in the item response, containing “unlock_type” and “recipe_id” like in here https://api.guildwars2.com/v2/items/48452. In the last days i noticed that some items were missing the “details” for whatever reason – and so does the one you picked: https://api.guildwars2.com/v2/items/9615.

However, in order to do a reverse lookup, you’d best have a database of the items and recipes endpoint so you could just do:

-- get the id of the recipe-unlock for an item
SELECT * FROM `gw2_items` where `unlock_type` = 'CraftingRecipe' AND `unlock_id` = (SELECT `recipe_id` FROM `gw2_recipes` WHERE `output_id` = 48106)

It’s not yet possible to get the unlocked skins of an account (and theres no PR on that yet: https://github.com/arenanet/api-cdi/pulls), but if so, all this would be possible – the TP data is already available and so are item databases.

See this thread: https://forum-en.gw2archive.eu/forum/community/api/Error-with-tokeninfo-endpoint

Lawton Campbell.8517:

Wait, items were removed from the API?

In a way, yes: https://forum-en.gw2archive.eu/forum/community/api/items-and-how-it-works/4173243

Neff.1563:

Eearslya.6309:

The items are in the API just fine, but no, mystic forge recipes are not currently in the API. There have been a few requests for this already, but no official pull request on the GitHub.

You are right. Found this site to be very helpful in finding the item IDs manually. Look like (so far) they are all in the API.

Thanks for mentioning my little search, glad that it helps in a way
Note that the backend database (same as http://gw2treasures.com) has been created long before the “item discovery reset” and was updated incremental, so there might be items listed which aren’t in the API anymore.

Well, there’s that pull request: https://github.com/arenanet/api-cdi/pull/8

ezd.6359:

One more question: is it possible to restrict leaflet from zooming out of “max bounds”? It is working in old version of leaflet by default

I’m pretty sure that was the feature bug which caused the map to jump on the screen on low zoom levels when it was smaller than the element which contained it. This has been fixed in more recent versions.

Edit: here’s an example: http://gw2.chillerlan.net/examples/gw2-maps-leaflet.html

This forum’s software sucks. <.<
It sucks so hard that i’ve written my reply in markdown.

https://gist.github.com/codemasher/50d75a36d28558231a92

(yes, i’m desperate)

There is an open PR on this topic over here: https://github.com/arenanet/api-cdi/pull/53 – you might want to comment on this.

Hmm, that’s weird. For me it’s still fine (8 bank tabs, 240 slots). Seems like accounts with 9+ (<256 slots) bank tabs are affected. Can anyone confirm? (https://forum-en.gw2archive.eu/forum/community/api/Launching-inventory-endpoints/first#post5212876)

Right. It’s perfectly fine.

Might fit perfectly into the characters endpoint. May someone please reopen https://github.com/arenanet/api-cdi/pull/16

See this thread: http://forums.overwolf.com/index.php?/topic/3043-mumble-link-plugin-released/

and these examples:
https://github.com/meh/npapi-mumble-link/tree/c5465a9a3e722535d9ff6289d16b3eb0c8835769/examples
http://forums.overwolf.com/index.php?/topic/3043-mumble-link-plugin-released/page-2#entry12257

So what exactly are you doing? Do you write an Overwolf app or a python script? The NPAPI plugin was made for Overwolf.

ilokogi.4015:

Thanks, okay… I just have to understand how use this mumble link api with an Overwolf app :/
“okay you can use my app but you need to install overwolf and mumble !” >< Great !

Oh, you’re using Overwolf, here’s help: https://github.com/meh/npapi-mumble-link
I’m using it in my location tracker app
https://github.com/codemasher/Overwolf-Locationtracker/blob/master/app/files/js/gw2location.js#L940-L978

No, the API can’t do that yet. Thats why we still use the Mumble Link API.

Vermil Rockrim.9756:

smiley.1438:

It seems that file_get_contents() fails as soon as it gets the HTTP/403 and doesn’t receive the content.

The function returns the read data or FALSE on failure.

Try using cURL instead.
See: https://github.com/codemasher/gw2-database/blob/master/classes/gw2api.class.php#L130

Thank you, I have been using cURL to no avail but after looking at your link noticed some missing constants, and a ‘CA root certificate file’ that was needed to .. make the SSL work? I don’t know much about that, but I’m happy with the results. The working code is the following:

$url = “https://api.guildwars2.com/v2/characters”;
$ch = curl_init();
curl_setopt_array($ch, [
CURLOPT_URL => $url,
CURLOPT_SSL_VERIFYPEER => true,
CURLOPT_SSL_VERIFYHOST => 2,
CURLOPT_CAINFO => getcwd().“\cacert.pem”,
CURLOPT_RETURNTRANSFER => true]);
$output = curl_exec($ch);
curl_close($ch);
echo $output;

I got the certificate from here http://curl.haxx.se/ca/cacert.pem
Thanks for your guidance, this was driving me nuts.

The missing variables are all in the code i linked, along with a link to the root certificates (which are indeed needed to “make SSL work”)
https://github.com/codemasher/gw2-database/blob/master/classes/gw2api.class.php#L65

Glad you found it anyway and it worked for you!

fishball.7204:

You can check if $data returns null.

It won’t return null. Ever. It will return a boolean false or a string containing the response (which may be empty) – that makes a slight difference.

This has been asked already a loooong time ago, along with a question about heightmaps…

It seems that file_get_contents() fails as soon as it gets the HTTP/403 and doesn’t receive the content.

The function returns the read data or FALSE on failure.

Try using cURL instead.
See: https://github.com/codemasher/gw2-database/blob/master/classes/gw2api.class.php#L130

Great work! 10/10

I don’t know what kind of program you are writing, but in case it runs on the client’s desktop, you could simply use the mumble link API to get the current character. However, i guess it’s something which could probably be exposed via the API though.

You might want to comment or add a PR over here: https://github.com/arenanet/api-cdi/pulls

Otokomae.9356:

Wait… is this the thread where we ask for future DirectX 12 implementation, or whatever other optimizations are required to allow kitten ,000 PC to get above 15 FPS at Claw of Jormag?

no.

You may ask in the suggestions subforum. While you’re at it, please ask for a 64bit client which supports more than one cpu core…

However, you should avoid to use the API key via frontend scripting languages (as in JavaScript). Keep in mind that it is basically the OAuth2 access token which is intended to be used between the app`s backend and the gw2 API server.

Don’t even try to use custom headers when using CORS requests – just append access_token=<API_KEY> to the request URL. Also, preflight requests are not supported.

Most of the karma items are still missing in the API – hope this is gonna be fixed soon™.

I think it was mentioned before to expose the account’s/character’s age via the API. When in doubt, just open a pull request over here: https://github.com/arenanet/api-cdi/pulls

I’d also put the API key into an input-element instead of just leaving it as text node – just to make it more convenient for those who have flash disabled:

<input type="text" readonly="true" value="API_KEY_YO" onclick="this.select();" />

Oh, there’s a copy-to-clipboard button now. Thanks!

But why does it use flash?
http://caniuse.com/#feat=clipboard
http://www.w3.org/TR/clipboard-apis/

I’d provide flash just as a fallback. I guess most of the gw2 players are using a modern browser.

Why don’t you start a discussion on the wiki’s talk page where this topic would be more appropirate?
https://wiki.guildwars2.com/wiki/API_talk:2

Lawton Campbell.8517:

smiley.1438:

I’m less concerned about the verification of an API key since this PR (https://github.com/arenanet/api-cdi/pull/27) might be a solution, i’m more concerned about the fact that authorization (log in with gw2) is impossible.

I’m not clear on how that’s a solution for verification. Would the application only accept keys that have a specific name?

Exactly. You would check the API key against /v2/tokeninfo an look for a keyname like “my awesome website SOME_RANDOM_HASH” which you provided to the user while he was about to register with your website.

I’m less concerned about the verification of an API key since this PR (https://github.com/arenanet/api-cdi/pull/27) might be a solution, i’m more concerned about the fact that authorization (log in with gw2) is impossible.

Imagine a GW related website which would attract a huge amount of users. Each user provides an email address and a password along with some other personal information. A hacker finds an exploit and gets his hands on the user database via some SQL injection on the poorly programmed backend and is able to decrypt the md5-hashed passwords in no time (thanks to rainbow tables). He tries to log-in on the GW account website with each of those credentials with a huge success rate due to ignorant users who use the same credentials all over the web.
THIS HAPPENED FOR REAL IN THE PAST!

If the whole thing would have run with an OAuth log-in, noone would have been harmed (except for maybe a few PEBCAK who fell prey to the natural selection. sorry.). The OAuth tokens don’t let you access the account itself – just the API.

This was also my concern mentioned in this thread: https://forum-en.gw2archive.eu/forum/community/api/HEADS-UP-OAuth2-being-replaced-next-week

€:
See also this thread: https://forum-en.gw2archive.eu/forum/community/api/Web-registration-using-keys

Since API support for korean and chinese hasn’t been officially announced, we can safely assume there are only 4 languages. Also, it wasn’t a “maybe 6” as in “we don’t know” but as in “once it’s been announced”.

Also, the Accept-Language header can be a pain in the kitteh when working in web applications (i assume you’re about to write a desktop application).
For example: this forum heavily relies on the Accept-Language header and redirects you to “your” language all the time (german in my case) – even when using the language-prefix “forum-en”. So i have to change the default language in my browser to english to prevent redirects. So much for Accept-Language.

a) Why would you want a fallback value? You know that the API supports 4 (or maybe 6 with zh & ko) languages which you can check easily in your application and then send the correct lang parameter.
b) Who cares on a clean URL which only the backend sees? From a php point of view it’s the easiest thing to throw an array of parameters into http_build_query() - so why would i want to go the extra mile to send another header? I mean, i can even send the access_token parameter and save the Authorization Bearer header.

See this thread: https://forum-en.gw2archive.eu/forum/community/api/PHP-SQL-script-takes-9hrs-to-complete-db/4472325

I think there was also a Python implementation around, but i can’t find it anymore.

€:

There it is: https://forum-en.gw2archive.eu/forum/community/api/v2-item-details-and-recipe-details/4436181

Just btw.: the response header is of informational character, not nessecarily part of the result.

I think “resources” isn’t the best wording. X-Result-Total returns the total number of items which could be queried on that given endpoint (same as counting the array of numbers which you get when requesting without any parameters) – 41110 items in your case. The number of items in your query result is in X-Result-Count, obviously.

I don’t see an issue here. Can you elaborate on this please?

http://wiki.guildwars2.com/wiki/API:2#Paging

X-Result-Total – The total number of resources.