Now that I got authentication out of the way, it's time that we actually get something useful done with the Halo Infinite API. This whole saga started with me wanting to get the match stats so that I can analyze them outside the game, and that's what I thought I'd tackle first.
A week ago I was finally able to figure out what endpoints the Halo Infinite Web API uses. Now, the challenge became figuring out how to properly request the data from those, as there were two component pieces to every request - a Spartan token, and a clearance. After fiddling with the API a bit, and looking at the endpoint that aggregates all other endpoints, I was able to learn that there is a straightforward way to get all the right tokens through a number of chained requests, that are documented in this blog post.
As with most of my reverse engineering stories, this one starts with "Hmm... I wonder if I can get this data anyway?" I mentioned this in my previous blog post that I just finished the Halo Infinite campaign, and the next step was multiplayer, which also meant that I wanted to keep track of my stats to see just how bad I am playing against real people and aimbots.