Introduction
Welcome to the Corporate Clash API Documentation! This will include documentation detailing launcher APIs and other public APIs for your usage.
Please read the Acceptable Usage Policy at the bottom of this document before using it. We want to ensure our users' data is safe and our services are protected from abuse, which will keep our costs down and keep Corporate Clash running!
Note: manifest documentation to allow third-party launchers to download our game files is planned.
User-agent requirement
Please set an appropriate user-agent header:
user-agent: MyCoolSite/1.0.0
If you'd like to include extra info, feel free, but keep it under 100 characters:
user-agent: example.com/1.0.0 python-requests/2.27.1
Please include an identifiable user-agent with requests. We don't gate the user-agent besides preventing fake scrapers ( eg. pretending to be GoogleBot). If we can't get in touch with you and your client is abusing our API we might block it to ensure functionality for other API consumers.
V1: API Version 1
These APIs don't require authentication, as they're open access.
V1: Districts
import requests
r = requests.get('https://corporateclash.net/api/v1/districts.js')
out = r.json()
curl "https://corporateclash.net/api/v1/districts.js" \
-H "User-Agent: my-shell/1"
JSON:
[
{
"name": "Cupcake Cove",
"online": true,
"population": 39,
"invasion_online": false,
"last_update": 1651361858,
"cogs_attacking": "None",
"count_defeated": 0,
"count_total": 0,
"remaining_time": 0
},
{
"name": "Kazoo Kanyon",
"online": true,
"population": 37,
"invasion_online": true,
"last_update": 1651361858,
"cogs_attacking": "Middleman",
"count_defeated": 180,
"count_total": 4913,
"remaining_time": 2082
}
]
This endpoint retrieves all districts connected to the server.
HTTP Request
GET https://corporateclash.net/api/v1/districts.js
Return Object
Returns an array of district objects, defined as:
| Parameter | type | Description |
|---|---|---|
| name | string | The name of the district |
| online | boolean | Whether or not the district is online / available. This might be 'false' if the district is scheduled for/undergoing maintenance. |
| population | integer | The amount of toons in the district |
| invasion_online | boolean | Whether or not an invasion is active. |
| last_update | integer | The last time the district was updated. This generally requires a value change to update, eg. toons leaving/joining the district. |
| cogs_attacking | string | The name of the cog invading the district. |
| count_defeated | integer | The number of cogs defeated for the current invasion. |
| count_total | integer | How many cogs need to be defeated to end the invasion early. |
| remaining_time | integer | The amount of seconds before the invasion ends. |
V1 Game Info
import requests
r = requests.get('https://corporateclash.net/api/v1/game_info.js')
out = r.json()
curl "https://corporateclash.net/api/v1/game_info.js" \
-H "User-Agent: my-shell/1"
Returned JSON:
{
"num_toons": 383,
"production_closed": false,
"production_closed_reason": "We're performing maintenance",
"version": "v1.2.7.9"
}
This endpoint retrieves info about the live game
HTTP Request
GET https://corporateclash.net/api/v1/game_info.js
Return Object
| Parameter | type | Description |
|---|---|---|
| num_toons | integer | The number of toons online; player count is limited to the number of toons in-game and does not include those in the main menu |
| production_closed | boolean | Whether or not logging into the game is currently possible for a regular user |
| production_closed_reason | integer | An english reason for the game being closed |
| version | boolean | Current version of the game; pulled from the latest version in CorporateClash/Changelogs |
Launcher V1 API
These APIs are the primary method for logging users into the game.
For these APIs, we only allow client implementations that do not store the password, and store login tokens locally on users' computer. If malicious launchers are created that consume these APIs, we might shut off third party access and implement technical measures to prevent third-party usage.
POST Register
import requests
username = 'judge'
password = ''
friendly = 'my 2022 laptop'
r = requests.post("https://corporateclash.net/api/launcher/v1/register", json={
'username': username,
'password': password,
'friendly': friendlyname
})
# curl 7.82.0 introduced the --json option which sends `application/json` for the headers `content-type` and `accept`
curl "https://corporateclash.net/api/launcher/v1/register" \
--json '{"username": "judge", "password": "", "friendly": "my 2022 laptop"}'
JSON:
{
"status": true,
"reason": 0,
"toonstep": false,
"message": "success!",
"token": "abcdefg1234567890abcdefg1234567890abcdefg1234567890",
"id": 1
}
This endpoint registers a launcher with a user's account for persistent login access.
HTTP Request
POST https://corporateclash.net/api/launcher/v1/register
JSON post body:
| Parameter | type | Description |
|---|---|---|
| username | string | The username for the account |
| password | string | The password for the account |
| friendly | string | A name the user can refer to this launcher/computer as. Will be referenced in the launcher confirmation email and website account page. |
Return Object
Returns an array of district objects, defined as:
| Parameter | type | Description |
|---|---|---|
| status | boolean | Whether or not token issuance was a success |
| reason | string | An integer indicating the failure reason/where in our backend this failed. Feel free to show it to the user, however, what these codes mean is not public. |
| toonstep | boolean | Whether or not this operation failed due to toonstep. |
| message | string | Text indicicating why this operation failed or succeeded |
| token | string | The login token to be used in future requests. |
| id | integer? | A unique ID for this launcher. It is recommended to display this to the user in case they need to audit launcher access on their account. |
The token and username should be stored somewhere on the user's computer. If possible, try utilizing a built-in secret store or data protection API for the launcher platform you're targeting, eg KeyChain on MacOS or the Windows Credential Store. Otherwise, storing it in a configuration folder for your application is fine.
Launcher errors when token is revoked
JSON:
{
"error": "Unauthorized",
"bad_token": true
}
Your API requests will fail with a 401 status and this response if it's ever revoked via the website (eg. on the account page or via a password reset).
Return Object
| Parameter | type | Description |
|---|---|---|
| error | boolean | Error message |
| bad_token | boolean | Whether or not the token is invalid |
POST Login
import requests
token = 'abcdefg1234567890abcdefg1234567890abcdefg1234567890'
r = requests.post("https://corporateclash.net/api/launcher/v1/login", headers={
'Authorization': f'Bearer {token}'
})
curl -X POST "https://corporateclash.net/api/launcher/v1/login" \
-H 'Authorization: Bearer abcdefg1234567890abcdefg1234567890abcdefg1234567890'
JSON:
{
"status": true,
"success": true,
"toonstep": false,
"message": "Welcome back to Toontown, judge!",
"token": "0987654321gfedcba0987654321gfedcba0987654321gfedcba",
}
This endpoint allows logging into the game.
HTTP Request
POST https://corporateclash.net/api/launcher/v1/login
Headers to include in your post request:
| Header | Value |
|---|---|
| Authorization | The user's token in bearer format |
Return Object
| Parameter | type | Description |
|---|---|---|
| status | boolean | Whether or not logging in was successful |
| success | boolean | Same as status |
| toonstep | boolean | Whether or not this operation failed due to toonstep |
| message | string | Text indicicating why this operation failed or succeeded |
| token | string | a temporary login token that allows access into the game under the user's account |
After logging in, you should start the game process with the following environment variables:
| Environment Variable | Value |
|---|---|
| TT_GAMESERVER | The value provided by the Metadata API under realms[realm_idx].hostname |
| TT_PLAYCOOKIE | the token above |
GET Metadata
import requests
token = 'abcdefg1234567890abcdefg1234567890abcdefg1234567890'
r = requests.get("https://corporateclash.net/api/launcher/v1/metadata", headers={
'Authorization': f'Bearer {token}'
})
curl "https://corporateclash.net/api/launcher/v1/metadata" \
-H 'Authorization: Bearer abcdefg1234567890abcdefg1234567890abcdefg1234567890'
JSON:
{
"acc_launcher_friendly": "my 2022 laptop",
"acc_launcher_authorization_id": 1,
"realms": [
{
"id": 1,
"name": "Production",
"slug": "production",
"hostname": "example.com",
"everyone": true,
"closed": false,
"closed_reason": "We are closed for maintenance",
"manifests": {
"macos": "https://example.com/api/v1/launcher/manifest/v3/production/macos",
"windows": "https://example.com/api/v1/launcher/manifest/v3/production/windows",
"resources": "https://example.com/api/v1/launcher/manifest/v3/production/resources"
},
"downloadservers": [
{
"id": 1,
"name": "Download server one",
"base_url": "https://example.com/downloads",
"realm": "production"
}
]
}
],
"bad_token": false
}
This endpoint provides metadata.
HTTP Request
POST https://corporateclash.net/api/launcher/v1/metadata
Headers to include in your post request:
| Header | Value |
|---|---|
| Authorization | The user's token in bearer format |
Return Object
Provides information for downloading files from the game. Further documentation of our entire asset distribution scheme will become available at a later date.
| Parameter | type | Description |
|---|---|---|
| acc_launcher_friendly | string | The launcher's friendly value, same as register |
| acc_launcher_authorization_id | integer | The launcher's ID, same as register |
| realms | object | The realms this user has access to. Normally this will only contain 1 server. |
| bad_token | boolean | Whether or not the token is bad. An authentication check is performed on this API so this should always be false. |
POST Revoke Current Token
import requests
token = 'abcdefg1234567890abcdefg1234567890abcdefg1234567890'
r = requests.post("https://corporateclash.net/api/launcher/v1/revoke_self", headers={
'Authorization': f'Bearer {token}'
})
curl -X POST "https://corporateclash.net/api/launcher/v1/revoke_self" \
-H 'Authorization: Bearer abcdefg1234567890abcdefg1234567890abcdefg1234567890'
JSON:
{
"status": true,
"bad_token": false
}
This endpoint revokes the launcher authorization associated with the token sent in the Authorization header.
HTTP Request
POST https://corporateclash.net/api/launcher/v1/revoke_self
Headers to include in your post request:
| Header | Value |
|---|---|
| Authorization | The user's token in bearer format |
Return Object
| Parameter | type | Description |
|---|---|---|
| status | boolean | Whether or not recovation was successful |
| bad_token | boolean | Whether or not the token was bad already |
After running this, the token will no longer work for any APIs.
Errors
| Error Code | Meaning |
|---|---|
| 400 | Bad Request -- Your request is invalid. |
| 401 | Unauthorized -- Your API key is wrong. |
| 403 | Forbidden -- The kitten requested is hidden for administrators only. |
| 404 | Not Found -- The specified kitten could not be found. |
| 405 | Method Not Allowed -- You tried to access a kitten with an invalid method. |
| 406 | Not Acceptable -- You requested a format that isn't json. |
| 410 | Gone -- The kitten requested has been removed from our servers. |
| 418 | I'm a teapot. |
| 429 | Too Many Requests -- You're requesting too many kittens! Slow down! |
| 500 | Internal Server Error -- We had a problem with our server. Try again later. |
| 503 | Service Unavailable -- We're temporarily offline for maintenance. Please try again later. |
Acceptable Usage Policy
For the purposes of these terms, 'we', 'our', or 'us' shall refer to the entity Corporate Clash, and 'you' shall refer to the API user, whether that be a company or individual implementing and consuming these APIs.
General rules:
- Do not store or transmit user login details (username/password/email) or long-lived login tokens to a server where those details would be reasonably easy to be readable by you. For example, it would be acceptable to store these via a users' existing storage service (Google Drive, Dropbox), but if it were stored on a server that specifically enabled functionality in your launcher, it would need to be stored in a reasonably encrypted manner, unreadable by you.
- Do not abuse our API by sending an unreasonably number of requests per second. If we return rate limiting headers or otherwise implement rate-limiting mechanisms, you must follow them.
- Do not perform illegal acts using our services, or otherwise enable others to perform illegal acts using our services.
- Comply with all United States and applicably user-bound privacy laws where applicable.
- We may require registration or contact before certain APIs are usable by you. If so, you should not attempt to access these APIs without performing such requirement.
- Do not attempt to access private APIs, including admin/staff/moderation APIs. Most of these are marked with an API version of '0' somewhere in the API request, however, you should assume they're private if they're not listed here.
- You agree that we might monitor the use of our APIs, and might restrict access if compliance with these rules is not met.
- If you provide feedback or suggestions about our APIs, then we (and those we allow) may use such information without obligation to you.
- These rules are non-exclusive. You acknowledge that we may develop products or services that may compete with any of our or your products or services.
- You will not make any statement regarding your use of an API which suggests partnership with, sponsorship by, or endorsement by us without our prior written approval.
- In the course of promoting, marketing, or demonstrating the APIs you are using and our associated products, we may produce and distribute incidental depictions, including screenshots, video, or other content from your API Client, and may use your company or product name. You grant us all necessary rights for the above purposes.
More legalese:
Termination
You may stop using our APIs at any time with or without notice. Further, if you want to terminate the Terms, you must provide us with prior written notice and upon termination, cease your use of the applicable APIs. We reserve the right to terminate the Terms with you or discontinue the APIs or any portion or feature or your access thereto for any reason and at any time without liability or other obligation to you.
Your Obligations Post-Termination
Upon any termination of the Terms or discontinuation of your access to an API, you will immediately stop using the API, cease all use of Corporate Clash intellectual property or other logos, and delete any cached or stored content.
WARRANTIES
EXCEPT AS EXPRESSLY SET OUT IN THE TERMS, NEITHER US NOR OUR SUPPLIERS OR DISTRIBUTORS MAKE ANY SPECIFIC PROMISES ABOUT THE APIS. FOR EXAMPLE, WE DON'T MAKE ANY COMMITMENTS ABOUT THE CONTENT ACCESSED THROUGH THE APIS, THE SPECIFIC FUNCTIONS OF THE APIS, OR THEIR RELIABILITY, AVAILABILITY, OR ABILITY TO MEET YOUR NEEDS. WE PROVIDE THE APIS "AS IS".
SOME JURISDICTIONS PROVIDE FOR CERTAIN WARRANTIES, LIKE THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT. EXCEPT AS EXPRESSLY PROVIDED FOR IN THE TERMS, TO THE EXTENT PERMITTED BY LAW, WE EXCLUDE ALL WARRANTIES, GUARANTEES, CONDITIONS, REPRESENTATIONS, AND UNDERTAKINGS.
LIMITATION OF LIABILITY
WHEN PERMITTED BY LAW, US, AND OUR SUPPLIERS AND DISTRIBUTORS, WILL NOT BE RESPONSIBLE FOR LOST PROFITS, REVENUES, OR DATA; FINANCIAL LOSSES; OR INDIRECT, SPECIAL, CONSEQUENTIAL, EXEMPLARY, OR PUNITIVE DAMAGES.
TO THE EXTENT PERMITTED BY LAW, THE TOTAL LIABILITY OF US, AND OUR SUPPLIERS AND DISTRIBUTORS, FOR ANY CLAIM UNDER THE TERMS, INCLUDING FOR ANY IMPLIED WARRANTIES, IS LIMITED TO THE AMOUNT YOU PAID US TO USE THE APPLICABLE APIS (OR, IF WE CHOOSE, TO SUPPLYING YOU THE APIS AGAIN) DURING THE SIX MONTHS PRIOR TO THE EVENT GIVING RISE TO THE LIABILITY.
IN ALL CASES, US, AND OUR SUPPLIERS AND DISTRIBUTORS, WILL NOT BE LIABLE FOR ANY EXPENSE, LOSS, OR DAMAGE THAT IS NOT REASONABLY FORESEEABLE.
Indemnification
Unless prohibited by applicable law, if you are a business, you will defend and indemnify us, and our affiliates, directors, officers, employees, and users, against all liabilities, damages, losses, costs, fees (including legal fees), and expenses relating to any allegation or third-party legal proceeding to the extent arising from:
- your misuse or your end user's misuse of the APIs;
- your violation or your end user's violation of the Terms; or
- any content or data routed into or used with the APIs by you, those acting on your behalf, or your end users.
We may modify the Terms or any portion to, for example, reflect changes to the law or changes to our APIs. This might happen regularly and without notice. You should look at the Terms regularly. Any continued use of the API constitutes your acceptance of the modified Terms.
The APIs were developed solely at private expense and are commercial computer software and related documentation within the meaning of the applicable U.S. Federal Acquisition Regulation and agency supplements thereto.