1. RocketLeaguePublic

This repository contains all information necessary to consume the /Services API of the game Rocket League, which is also used by the game itself.

1.1. Terms of content

<!-- TOC -->

• 1. RocketLeaguePublic
  • 1.1. Terms of content
  • 1.2. Endpoints
  • 1.3. Intercepting requests
  • 1.4. Headers
  • 1.5. Signing
    • 1.5.1. Requests
    • 1.5.2. Responses
  • 1.6. Authentication
  • 1.7. Requests
    • 1.7.1. Ads/GetAds
    • 1.7.2. Auth/AuthPlayer (STEAM)
    • 1.7.2. Auth/AuthPlayer (EPIC)
    • 1.7.3. Clubs/GetClubInvites
    • 1.7.4. Clubs/GetPlayerClubDetails
    • 1.7.5. Codes/RedeemCode
    • 1.7.6. DLC/GetDLC
    • 1.7.7. Filters/FilterContent
    • 1.7.8. GameServer/FindPrivateServer
    • 1.7.9. GameServer/GetGameServerPingList
    • 1.7.10. GenericStorage/GetPlayerGenericStorage
    • 1.7.11. GenericStorage/SetPlayerGenericStorage
    • 1.7.12. Matchmaking/PlayerCancelPrivateMatch
    • 1.7.13. Matchmaking/PlayerSearchPrivateMatch
    • 1.7.14. Metrics/RecordMetrics
    • 1.7.15. Microtransaction/ClaimEntitlements
    • 1.7.16. Players/GetChatBanStatus
    • 1.7.17. Players/GetXP
    • 1.7.18. Population/UpdatePlayerPlaylist
    • 1.7.19. Products/GetContainerDropTable
    • 1.7.20. Products/GetLoadoutProducts
    • 1.7.21. Products/GetPlayerProducts
    • 1.7.22. RocketPass/GetPlayerInfo
    • 1.7.23. RocketPass/GetPlayerPrestigeRewards
    • 1.7.24. RocketPass/GetRewardContent
    • 1.7.25. Settings/GetStaticDataURL
    • 1.7.26. Skills/GetPlayerSkill
    • 1.7.27. Skills/GetSkillLeaderboard
    • 1.7.28. Skills/GetSkillLeaderboardValueForUser
    • 1.7.29. Stats/GetStatLeaderboard
    • 1.7.30. Stats/GetStatLeaderboardValueForUser
    • 1.7.31. Tournaments/Status/GetTournamentSubscriptions
  • 1.8. Possible Frequently Asked Questions
  • 1.9. Issues / Contributions
  • 1.10. Implementations

<!-- /TOC -->

1.2. Endpoints

The game uses https://api.rlpp.psynet.gg/Services to grab configuration values and do authentication.
When authentication has been successful, it connects to a websocket at wss://rl-psy.net/ws?PsyConnectionType=Player.

It is possible to keep using the HTTP api instead of the websocket server. I have not looked at connecting to the websocket server yet, but I assume you send the same headers as you would for an authenticated request for the handshake and then send & receive json requests.

1.3. Intercepting requests

If you want to intercept HTTPS requests from the game itself, you have to make sure that the websocket connection fails. It will fallback to HTTPS after 10 failed attempts.

You can easily do this by using the provided script for fiddler.

Make sure you are using a tool that supports HTTPS such as Fiddler / Charles and have installed its SSL Root Certificate in your Trusted Root Certification Authorities. (Something similar should be done if you are on a mac)

1.4. Headers

| Key | Value | Authenticated only | |-|-|-| | User-Agent | RL Win/220128.58061.363257 gzip | No | | PsyBuildID | -960700785 | No | | PsyEnvironment | Prod | No | | PsyRequestID | See Requests | No | | PsySig | See Signing | No | | PsyToken | See Authentication | Yes | | PsySessionID | See Authentication | Yes |

Take note that fields like PsyBuildID, FeatureSet and GameVersion may all be changed on a new patch.
I will try to keep this repository updated.

You can find the most up-to-date values for these variables by reading the launch.log file generated by Rocket League. On windows with Steam, this file can be found in Documents\My Games\Rocket League\TAGame\Logs.

1.5. Signing

Rocket League uses two HMAC-SHA256 signatures, one for the request and one for the response. Both can be found in the PsySig header. The response has an extra header called PsyTime which is an unix timestamp.

The input format is just Unix timestamp, if any, else empty + - + request body.

1.5.1. Requests

Secret: c338bd36fb8c42b1a431d30add939fc7
Input: -(Request body)

1.5.2. Responses

Secret: 3b932153785842ac927744b292e40e52
Input: (Value of PsyTime)-(Response body)

The secret for rl-cdn.psyonix.com is cqhyz50f3c3j2pxhwo6b1kypxikah0wh and input (Response body).

1.6. Authentication

As of now, I do only know how to implement it for Steam. An example of this can be found in the demo/demo.js file.
The other platforms should use the same format, just with a different AuthTicket.

1.7. Requests

All requests have to be send as POST with the header Content-Type: application/x-www-form-urlencoded.

If you want to mimic the game as closely as possible, you need to keep track of two counters.

var requestIdCounter = 0; // Starts at 0, increments for every request and response.
var serviceIdCounter = 1; // Starts at 1, increments for every service.

The result of requestIdCounter++ should be used for the PsyRequestID request header, so it becomes something like "PsyNetMessage_X_" + requestIdCounter++.
The result of serviceIdCounter++ should be used for the ID field below.

A request body looks like this.

[
    {
        "Service": "Settings/GetStaticDataURL",
        "Version": 1,
        "ID": 1,
        "Params": {
            "Platform": "Steam",
            "Language": "INT"
        }
    },
    {
        "Service": "Products/GetPlayerProducts",
        "Version": 1,
        "ID": 2,
        "Params": {
            "PlayerID": "Steam|XXXXXXXXXXXXXXXXXX|0"
        }
    }
]

About all fields like PlayerID, its format means <Platform>|<UniqueId>|<SplitscreenId>.

1.7.1. Ads/GetAds

Auth: Yes Version: 1 Params:

{
    "Language": "INT"
}

Result:

{
  "Ads": [
    {
      "ZoneID": 201,
      "Url": "https://rl-cdn.psyonix.com/Ads/Prod/124.7CjfwUcy/201.jpg",
      "UTCEndTime": 0000000000
    },
    {
      "ZoneID": 202,
      "Url": "https://rl-cdn.psyonix.com/Ads/Prod/124.7CjfwUcy/202.jpg",
      "UTCEndTime": 0000000000
    },
    {
      "ZoneID": 403,
      "Url": "https://rl-cdn.psyonix.com/Ads/Prod/124.7CjfwUcy/403.jpg",
      "UTCEndTime": 0000000000
    },
    {
      "ZoneID": 404,
      "Url": "https://rl-cdn.psyonix.com/Ads/Prod/124.7CjfwUcy/404.jpg",
      "UTCEndTime": 0000000000
    }
  ]
}

The ZoneIDs may look like status codes, but are actually the id used to match the corresponding advert location, like the billboards.

1.7.2. Auth/AuthPlayer Steam

Auth: No
Version: 1
Params:

{
    "Platform": "Steam",
    "PlayerName": "Your Steam display name",
    "PlayerID": "Your SteamID64",
    "GameVersion": 26,
    "Language": "INT",
    "AuthTicket": "Steam EncryptedAppTicket, see demo/demo.js for an example",
    "BuildRegion": "",
    "FeatureSet": "PrimeUpdate36_2",
    "bTrial": false,
    "bSkipAuth": false
}

Result:

{
    "SessionID": "sessionid", 
    "VerifiedPlayerName": "name", 
    "UseWebSocket": true, 
    "PerConURL": "url", 
    "PsyTag": {
        "Name": "name", 
        "Code": 0000
    }, 
    "CountryRestrictions": ["KeyCrate"]
}

1.7.2. Auth/AuthPlayer Epic

Auth: No
Version: 2
Params:

{
    "Platform": "Epic",
    "PlayerName": "Your Epic display name",
    "PlayerID": "Your Epic ID",
    "Language": "INT",
    "AuthTicket": "Epic EncryptedAppTicket, see demo/demo.js for an example",
    "BuildRegion": "",
    "FeatureSet": "PrimeUpdate36_2",
    "bTrial": false,
    "bSkipAuth": false,
    "bSetAsPrimaryAccount": false,
    "EpicAuthTicket": "Same as AuthTicket",
    "EpicAccountID": "Same as PlayerID"
}

Result:

{
    "SessionID": "sessionid",
    "VerifiedPlayerName": "name",
    "UseWebSocket": true,
    "PerConURL": "url",
    "PerConURLv2": "url version 2",
    "PsyToken": "Token",
    "PsyTag": {
      "Name": "name",
      "Code": 0000
    },
    "IsLastChanceAuthBan": false,
    "CountryRestrictions": []
}

1.7.3. Clubs/GetClubInvites

Auth: Yes
Version: 1
Params:

{}

Result:

{
    "ClubInvites": []
}

1.7.4. Clubs/GetPlayerClubDetails

Auth: Yes
**Ve