Skip to content
This repository has been archived by the owner on Feb 27, 2019. It is now read-only.

Api

Jump to bottom
lhw edited this page Jun 19, 2012 · 2 revisions

The current URL configuration can be obtained as JSON by a GET request to: https://api.gog.com/en/downloader2/status/RELEASE/ where RELEASE can be one of stable,beta and another one whichs purpose eludes me. Stable and Beta are currently showing the same URLs but different versions of the downloader. A possible answer for stable would look like this:

{
     "config": {
          "get_extra_link": "https://api.gog.com/en/downloader2/extra/", 
          "get_game_details": "https://api.gog.com/en/downloader2/game/", 
          "get_installer_link": "https://api.gog.com/en/downloader2/installer/", 
          "get_user_details": "https://api.gog.com/en/downloader2/user/", 
          "get_user_games": "https://api.gog.com/en/downloader2/user_games/", 
          "oauth_authorize_temp_token": "https://api.gog.com/en/oauth/login/", 
          "oauth_get_temp_token": "https://api.gog.com/en/oauth/initialize/", 
          "oauth_get_token": "https://api.gog.com/en/oauth/token/", 
          "set_app_status": "https://api.gog.com/en/downloader2/set_app_status/"
     }, 
     "current_timestamp": 1337202697, 
     "current_version": {
          "url": "http://static.gog.com/download/d3/stable/Setup_Downloader_3.0.40.exe", 
          "version": "3.0.40"
     }, 
     "status": "OK"
}

For the OAuth authentification the three calls are used in the following order: oauth_get_temp_token, oauth_authorize_temp_token, oauth_get_token. The consumer key and secret can be found in the source code and are subject to change. Probably

oauth_get_temp_token returns the temporary session token and secret. Without consumer key/secret and HMAC-SHA1 checksum for the OAuth request a request would look like this:

GET https://api.gog.com/en/oauth/initialize/ HTTP/1.1

oauth_token=dc96ab07bb8bc93cfd0bd134750e262c48099dbd&oauth_token_secret=73cfab67934b5e074457c47e8d3100325bec1d8b

oauth_authorize_temp_token obtains the oauth_verifier and uses email and password to authenticate the user. Again without the token/secret and other OAuth stuff.

GET https://api.gog.com/en/oauth/login/?user=<email>&password=<password> HTTP/1.1

oauth_verifier=dc96abbadabba8bc93cfd0bd134750e262c48099dbd

Using the oauth_verifier we can now obtain the final token and secret via oauth_get_token. A sample request could look like this:

GET https://api.gog.com/en/oauth/token/?oauth_verifier=dc96abbadabba8bc93cfd0bd134750e262c48099dbd HTTP/1.1

oauth_token=dc96ab07bb8bc93cfd0bd134750e262c48099dbd&oauth_token_secret=73cfab67934b5e074457c47e8d3100325bec1d8b

These can now be saved and used for other API request. I haven't tested the timeout on these yet. But they are valid for at least three days.

All the following API request have to be executed as OAuth requests. Which means token and secret obtained previously plus consumer key and secret and finally signed with HMAC-SHA1.

An example would be get_user_details:

GET https://api.gog.com/en/downloader2/user/ HTTP/1.1

{
     "result": "ok", 
     "status": "IGNORE. Same as configuration", 
     "timestamp": 1337942119, 
     "user": {
          "avatar": {
                "big": "", 
                "small": "http://static.gog.com/www/default/-img/newuser_small.png"
          }, 
          "email": "[email protected]", 
          "id": "123456789012", 
          "notifications": {
                "forum": 0, 
                "games": "0", 
                "messages": 0
          }, 
          "xywka": "USERNAME"
     }
}

And get_game_details:

GET https://api.gog.com/en/downloader2/game/beneath_a_steel_sky HTTP/1.1

{
     "game": {
          "extras": [
                {
                     "id": "240", 
                     "name": "manual (15 pages)", 
                     "path": "/beneath_a_steel_sky/extras/bass_manual.zip", 
                     "size_mb": "1"
                }, 
                {
                     "id": "238", 
                     "name": "HD wallpapers", 
                     "path": "/beneath_a_steel_sky/extras/bass_wallpapers.zip", 
                     "size_mb": "5"
                }, 
                {
                     "id": "237", 
                     "name": "avatars", 
                     "path": "/beneath_a_steel_sky/extras/bass_avatars.zip", 
                     "size_mb": "1"
                }, 
                {
                     "id": "239", 
                     "name": "comic book", 
                     "path": "/beneath_a_steel_sky/extras/bass_comic_book.zip", 
                     "size_mb": "12"
                }
          ], 
          "icon": "/upload/images/2008/11/56aebdac6283fd249fd5dfa569ae5668fbf15ba6.jpg", 
          "installers": [
                {
                     "id": 0, 
                     "path": "/beneath_a_steel_sky/setup_beneath_a_steel_sky.exe", 
                     "size_mb": "71,6"
                }
          ], 
          "title": "Beneath a Steel Sky"
     }, 
     "result": "ok", 
     "timestamp": 1337942120
}

The three requests which return the actual path with session id to the CDN are constructed in a similar fashion. Only get_extra_link additionally provides a title and type for the file. Here is an example for get_installer_link:

GET https://api.gog.com/en/downloader2/installer/beneath_a_steel_sky/0/ HTTP/1.1

installer_links:
{
     "file": {
          "available": 1, 
          "link": "LONG SESSION URL", 
          "message": ""
     }, 
     "result": "ok", 
     "timestamp": 1337942120
}

In addition to these three calls there is a fourth one which returns an XML file containing checksum information for the game downloads.

GET https://api.gog.com/en/downloader2/installer/beneath_a_steel_sky/0/crc/ HTTP/1.1

Which returns in the same format as the other three. I haven't analyzed this further but will look into it as soon as parallel downloads work.

Clone this wiki locally