swagdog420 Posted July 15, 2022 #1 Posted July 15, 2022 I'm trying to POST the following to https://api.stake.com/graphql with correct headers but instead of the data I used to get when requesting, I get 403 Forbidden "Error code:1020". Anyone have any idea on how to fix this? Was working yesterday and the week before. Quote query StakeBalances($available: Boolean = true, $vault: Boolean = false) { user { id balances { available @include(if: $available) { currency amount __typename } vault @include(if: $vault) { currency amount __typename } __typename } __typename } }
Digighost Posted July 15, 2022 #2 Posted July 15, 2022 Hey swagdog420 I can confirm I'm getting the same error. I opened a post about it just recently I have not yet found a solution. Ill let you know if i do. Please do the same.
LucasStark Posted July 15, 2022 #4 Posted July 15, 2022 I'm also having the same error and it's been happening for a few weeks now.
mota Posted July 15, 2022 #5 Posted July 15, 2022 I think they are activating / testing some kind of protection
koyan Posted July 16, 2022 #6 Posted July 16, 2022 I had the same issue yesterday, and for a day last week. Now it seems to be working again.
vitonator Posted November 22, 2022 #7 Posted November 22, 2022 Now the cookie must be passed with the request to get data from the API
paddyspub Posted November 26, 2022 #8 Posted November 26, 2022 @swagdog420 did you find the solution?
dvdx1995 Posted December 28, 2022 #9 Posted December 28, 2022 If you still need help, let me know. I for sure will be able to assist you with connecting to API.
dvdx1995 Posted December 28, 2022 #10 Posted December 28, 2022 To request API for the StakeBalances , you should use that CURL request. Quote curl --location --request POST 'https://stake.games/_api/graphql' \ --header 'cookie: __cf_bm=<YOUR COOKIE HERE>; cf_clearance=<YOUR COOKIE HERE>' \ --header 'x-access-token: <YOUR API TOKEN HERE>' \ --header 'user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36' \ --header 'Content-Type: application/json' \ --data-raw '{"query":"query StakeBalances($available: Boolean = true, $vault: Boolean = false) {\r\n user {\r\n id\r\n balances {\r\n available @include(if: $available) {\r\n currency\r\n amount\r\n __typename\r\n }\r\n vault @include(if: $vault) {\r\n currency\r\n amount\r\n __typename\r\n }\r\n __typename\r\n }\r\n __typename\r\n }\r\n}","variables":{}}' If you will have any trouble to rewrite any other programing language (php,c,nodejs,python etc) let me know.
PHLz Posted January 2, 2023 #11 Posted January 2, 2023 On 12/28/2022 at 5:16 PM, dvdx1995 said: To request API for the StakeBalances , you should use that CURL request. If you will have any trouble to rewrite any other programing language (php,c,nodejs,python etc) let me know. can you give me an example of a dice bet request in python please? On 12/28/2022 at 5:16 PM, dvdx1995 said: To request API for the StakeBalances , you should use that CURL request. If you will have any trouble to rewrite any other programing language (php,c,nodejs,python etc) let me know. Do you have discord? I tried with one of your python example, but it returns me a web page
dvdx1995 Posted January 2, 2023 #12 Posted January 2, 2023 unfortuneately i cant share as mods are banning for discord etc. You have to make sure that cf_clearance cookie is from the same page as you're doing the request. It is unique for each of stake mirrors page, also make sure that the user-agent and x-access-token is passed in the headers of the request. Example on the dice request is on here Quote import requests import json url = "https://stake.games/_api/graphql" payload="{\"query\":\"mutation DiceRoll($amount: Float!, $target: Float!, $condition: CasinoGameDiceConditionEnum!, $currency: CurrencyEnum!, $identifier: String!) {diceRoll( amount: $amount \\r\\n target: $target \\r\\n condition: $condition \\r\\n currency: $currency \\r\\n identifier: $identifier) { \\r\\n ...CasinoBet state {...CasinoGameDice }}}fragment CasinoBet on CasinoBet { id active payoutMultiplier amountMultiplier amount payout updatedAt currency game user { id name }}fragment CasinoGameDice on CasinoGameDice { result target condition}\\r\\n\",\"variables\":{\"target\":50.5,\"condition\":\"above\",\"identifier\":\"<YOUR IDENTIFIER HERE>\",\"amount\":0,\"currency\":\"ltc\"}}" headers = { 'cookie': ' cf_clearance=<YOUR COOKIE HERE>', 'x-access-token': '<YOUR ACCESS TOKEN>', 'origin': 'https://stake.games', 'user-agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36', 'Content-Type': 'application/json' } response = requests.request("POST", url, headers=headers, data=payload) print(response.text)
sonderangebot10 Posted January 10, 2023 #14 Posted January 10, 2023 On 1/2/2023 at 7:32 PM, dvdx1995 said: unfortuneately i cant share as mods are banning for discord etc. You have to make sure that cf_clearance cookie is from the same page as you're doing the request. It is unique for each of stake mirrors page, also make sure that the user-agent and x-access-token is passed in the headers of the request. Example on the dice request is on here What about if it works for about 30 minutes but then I need to get a new access token? Just recently I came into this issue that the access token is being rotated every 30 minutes or so... In the past it used to work indefinetily... EDIT: the key is not being rotated. Neither is cf_clearance. Only after changing the cookies I stop getting 403 forbidden
dvdx1995 Posted January 10, 2023 #15 Posted January 10, 2023 9 minutes ago, sonderangebot10 said: What about if it works for about 30 minutes but then I need to get a new access token? Just recently I came into this issue that the access token is being rotated every 30 minutes or so... In the past it used to work indefinetily... EDIT: the key is not being rotated. Neither is cf_clearance. Only after changing the cookies I stop getting 403 forbidden cf_clearance should be valid for at least 10 days. I had to change mine today, but the previous one which i used was valid for 10 days.
madcoin Posted January 10, 2023 #16 Posted January 10, 2023 Stake already remove that cf_clearance, if u start from fresh browser... I got same error forbidden also now Work fine on laptop/pc but not on rdp
dvdx1995 Posted January 10, 2023 #17 Posted January 10, 2023 i think it has nothing with the stake. the cookie cf_clearance is generated by cloudflare , and their software checking on that cookies. I think it must be used with the same IP/Agent as it was generated with then it should work fine. For me i've only tested this locally, so i don't know how it will work on remote machine.
sonderangebot10 Posted January 11, 2023 #18 Posted January 11, 2023 On 1/10/2023 at 11:25 PM, dvdx1995 said: i think it has nothing with the stake. the cookie cf_clearance is generated by cloudflare , and their software checking on that cookies. I think it must be used with the same IP/Agent as it was generated with then it should work fine. For me i've only tested this locally, so i don't know how it will work on remote machine. works fine for about 30 minutes
dvdx1995 Posted January 11, 2023 #19 Posted January 11, 2023 okay they changed something and removed the cf_clearance cookie and there are some issues with the accessing to the api, but of couse i found the way to acces to it with node.js if you have any troubles let me know i can help.
ku10ng Posted January 12, 2023 #20 Posted January 12, 2023 13 hours ago, dvdx1995 said: okay they changed something and removed the cf_clearance cookie and there are some issues with the accessing to the api, but of couse i found the way to acces to it with node.js if you have any troubles let me know i can help. How did you do it and can you guide me ?
dvdx1995 Posted January 12, 2023 #21 Posted January 12, 2023 Quote const puppeteer = require("puppeteer"); var querymines = "mutation MinesBet($amount: Float!, $currency: CurrencyEnum!, $minesCount: Int!, $fields: [Int!], $identifier: String) {minesBet( amount: $amount currency: $currency minesCount: $minesCount fields: $fields identifier: $identifier ) {...CasinoBet state { ...CasinoGameMines } }}fragment CasinoBet on CasinoBet {id active payoutMultiplier amountMultiplier amount payout updatedAt currency game user { id name }}fragment CasinoGameMines on CasinoGameMines {mines minesCount rounds {field payoutMultiplier }}"; var querydice = "mutation DiceRoll($amount: Float!, $target: Float!, $condition: CasinoGameDiceConditionEnum!, $currency: CurrencyEnum!, $identifier: String!) {\n diceRoll(\n amount: $amount\n target: $target\n condition: $condition\n currency: $currency\n identifier: $identifier\n ) {\n ...CasinoBet\n state {\n ...CasinoGameDice\n }\n }\n}\n\nfragment CasinoBet on CasinoBet {\n id\n active\n payoutMultiplier\n amountMultiplier\n amount\n payout\n updatedAt\n currency\n game\n user {\n id\n name\n }\n}\n\nfragment CasinoGameDice on CasinoGameDice {\n result\n target\n condition\n}\n"; var data = JSON.stringify({ "query": querymines, "variables": { "amount": 0, "currency": "ltc", "fields": [1], "identifier": "xxxxxxxxxxxxxx", "minesCount": 21 } }); async function main() { const browser = await puppeteer.launch({ args: ["--enable-features=NetworkService", "--no-sandbox"], ignoreHTTPSErrors: true }); const page = await browser.newPage(); await page.setRequestInterception(true); page.once("request", interceptedRequest => { interceptedRequest.continue({ method: "POST", postData: data, headers: { ...interceptedRequest.headers(), 'authority': 'stake.games', 'accept': '*/*', 'accept-language': 'pl-PL,pl;q=0.9,en-US;q=0.8,en;q=0.7', 'cache-control': 'no-cache', 'content-type': 'application/json', 'Cookie': '<OUR COOKIES HERE>', 'origin': 'https://stake.games', 'pragma': 'no-cache', 'sec-ch-ua': '"Not?A_Brand";v="8", "Chromium";v="108", "Google Chrome";v="108"', 'sec-ch-ua-mobile': '?0', 'sec-ch-ua-platform': '"Windows"', 'sec-fetch-dest': 'empty', 'sec-fetch-mode': 'cors', 'sec-fetch-site': 'same-origin', 'user-agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36', 'x-access-token': '<API KEY TOKEN>' } }); }); const response = await page.goto("https://stake.games/_api/graphql"); var data= await response.text(); try { handlejson(JSON.parse(data)); } catch (e) {} await browser.close(); } interval = setInterval(function (){main();},1000); //setinterval to api calls function handlejson(data){ console.log(data); // do something here with our data } Here is the sample code which should work
ku10ng Posted January 12, 2023 #22 Posted January 12, 2023 2 hours ago, dvdx1995 said: Here is the sample code which should work use with nodejs ?
Jaunty90 Posted January 13, 2023 #23 Posted January 13, 2023 i'm using C# graphql client, and was able to make requests, couple of days ago all was working fine. but something changed lately. I'm checking charles, my request is failing with 403. But if i'm trying to resend same request via charles without modifying anything all is working fine and getting expected response.. Something weird.. 1 hour ago, Jaunty90 said: i'm using C# graphql client, and was able to make requests, couple of days ago all was working fine. but something changed lately. I'm checking charles, my request is failing with 403. But if i'm trying to resend same request via charles without modifying anything all is working fine and getting expected response.. Something weird.. i was able to make identical (to browser) request via code, but it is still failing. as i said if i'm resending my request in charles it is working fine, but the only difference i see with failing and not failing request is size of "TLS handshake".. have no clue how to deal with that
namtt007 Posted January 15, 2023 #24 Posted January 15, 2023 On 1/12/2023 at 8:00 PM, dvdx1995 said: Here is the sample code which should work I tried to use your sample code, but i can't get response of data. Could you please take a took on it?
Featured Comment
Archived
This topic is now archived and is closed to further replies.