If you've been following some of my recent work, you might've caught my latest blog post on enabling hidden game modes and maps in Halo Infinite. Well, clearly my curiosity got the best of me, because this post is very much a continuation of that story.
You might've seen over the course of the past couple of months since the Halo Infinite release some news and rumors about upcoming game modes in the game. I wondered how those folks got their hands on the new experience and just assumed that it's typical data mining in game files to look for new assets. That was until I really got hooked on the Halo Infinite story, started exploring the undocumented Halo Infinite API, and realized that the answer to my question was here all along!
If you've been following me on Twitter, you probably already know that I spend inordinate amounts of time on reverse engineering the Halo Infinite API. As I am working on my .NET wrapper for it (astutely called Grunt, I realized that putting together a nice-to-use blanket over the many GET HTTP APIs is relatively straightforward. There are some permissions here and there that I need to figure out, or in some cases fiddle with undocumented query parameters.
NOTE This post is part of a series about the Halo Infinite Web API. You can read more about how I started in the first post, where I talk about the process of figuring out the data endpoints, as well as more about the authentication process. You can also explore the .NET wrapper for the API that makes endpoint interaction a bit easier. If you’ve been following my blog, you know that I’ve been fiddling quite a bit with the Halo Infinite API.
Now that I got authentication out of the way, it's time that we actually get something useful done with the Halo Infinite API. This whole saga started with me wanting to get the match stats so that I can analyze them outside the game, and that's what I thought I'd tackle first.
A week ago I was finally able to figure out what endpoints the Halo Infinite Web API uses. Now, the challenge became figuring out how to properly request the data from those, as there were two component pieces to every request - a Spartan token, and a clearance. After fiddling with the API a bit, and looking at the endpoint that aggregates all other endpoints, I was able to learn that there is a straightforward way to get all the right tokens through a number of chained requests, that are documented in this blog post.
As with most of my reverse engineering stories, this one starts with "Hmm... I wonder if I can get this data anyway?" I mentioned this in my previous blog post that I just finished the Halo Infinite campaign, and the next step was multiplayer, which also meant that I wanted to keep track of my stats to see just how bad I am playing against real people and aimbots.