| ... | ... | @@ -163,9 +163,11 @@ Audience is for the Nintendo Switch Online app. `sub` is the Nintendo Switch Onl |
|
|
|
Nintendo Switch Online app web service token
|
|
|
|
---
|
|
|
|
|
|
|
|
JSON web token signed by one of the keys in https://api-lp1.znc.srv.nintendo.net/v1/WebService/Certificate/List. Valid for 7200 seconds (two hours).
|
|
|
|
JSON web token signed by one of the keys in https://api-lp1.znc.srv.nintendo.net/v1/WebService/Certificate/List. Valid for 23400 seconds (6 hours and 30 minutes) (7200 seconds/two hours before October 2022).
|
|
|
|
|
|
|
|
Used to authenticate to web services (e.g. SplatNet 2). The Nintendo Switch Online app requests a web service token then sends it in the `x-gamewebtoken` header in the first request. The app also exposes a JavaScript API to allow the web service to request a new token if it expires, although web services don't usually need a web service token again as in all current web services the initial request sets a HTTP cookie session token.
|
|
|
|
Used to authenticate to web services (e.g. SplatNet 2). The Nintendo Switch Online app requests a web service token then sends it in the `x-gamewebtoken` header in the first request.
|
|
|
|
|
|
|
|
NookLink and SplatNet 3 handle authentication using JavaScript; as a workaround for how the server sends the token the servers for those web services set a `_gtoken` cookie to the value of the `x-gamewebtoken` header in any request it is provided in. The app also exposes a JavaScript API to allow the web service to request a new token if it expires, although web services don't usually need a web service token again as in all current web services the initial request sets a HTTP cookie session token.
|
|
|
|
|
|
|
|
### Example header
|
|
|
|
|
| ... | ... | @@ -216,4 +218,11 @@ Known `aud` values: |
|
|
|
SplatNet 2 iksm_session
|
|
|
|
---
|
|
|
|
|
|
|
|
Every SplatNet 2 request includes an iksm_session cookie in the response. If an iksm_session cookie was sent in the request the value in the response will be the same. iksm_session cookies are set even if a web service token is not set. The cookie includes an expiration time of 1 day from the time of the request. Various projects (e.g. splatoon2.ink) have used the same iksm_session for a long time. So iksm_session appears to valid for 1 day from last use. |
|
|
|
Every SplatNet 2 request includes an iksm_session cookie in the response. If an iksm_session cookie was sent in the request the value in the response will be the same. iksm_session cookies are set even if a web service token is not set. The cookie includes an expiration time of 1 day from the time of the request. Various projects (e.g. splatoon2.ink) have used the same iksm_session for a long time. So iksm_session appears to be valid for 1 day from last use.
|
|
|
|
|
|
|
|
SplatNet 3 bullet token
|
|
|
|
---
|
|
|
|
|
|
|
|
Bearer token used to authenticate to SplatNet 3. Valid for 2 hours.
|
|
|
|
|
|
|
|
https://github.com/samuelthomas2774/nxapi/discussions/11#discussioncomment-3593578 |
