NAV
shell python

Introduction

Welcome to the Corporate Clash API Documentation! This will include documentation detailing launcher APIs and other public APIs for your usage.

Please read the Acceptable Usage Policy at the bottom of this document before using it. We want to ensure our users' data is safe and our services are protected from abuse, which will keep our costs down and keep Corporate Clash running!

Note: manifest documentation to allow third-party launchers to download our game files is planned.

User-agent requirement

Please set an appropriate user-agent header:

user-agent: MyCoolSite/1.0.0

If you'd like to include extra info, feel free, but keep it under 100 characters:

user-agent: example.com/1.0.0 python-requests/2.27.1

Please include an identifiable user-agent with requests. We don't gate the user-agent besides preventing fake scrapers ( eg. pretending to be GoogleBot). If we can't get in touch with you and your client is abusing our API we might block it to ensure functionality for other API consumers.

V1: API Version 1

These APIs don't require authentication, as they're open access.

V1: Districts

import requests

r = requests.get('https://corporateclash.net/api/v1/districts.js')
out = r.json()
curl "https://corporateclash.net/api/v1/districts.js" \
  -H "User-Agent: my-shell/1"

JSON:

[
  {
    "name": "Cupcake Cove",
    "online": true,
    "population": 39,
    "invasion_online": false,
    "last_update": 1651361858,
    "cogs_attacking": "None",
    "count_defeated": 0,
    "count_total": 0,
    "remaining_time": 0
  },
  {
    "name": "Kazoo Kanyon",
    "online": true,
    "population": 37,
    "invasion_online": true,
    "last_update": 1651361858,
    "cogs_attacking": "Middleman",
    "count_defeated": 180,
    "count_total": 4913,
    "remaining_time": 2082
  }
]

This endpoint retrieves all districts connected to the server.

HTTP Request

GET https://corporateclash.net/api/v1/districts.js

Return Object

Returns an array of district objects, defined as:

Parameter type Description
name string The name of the district
online boolean Whether or not the district is online / available. This might be 'false' if the district is scheduled for/undergoing maintenance.
population integer The amount of toons in the district
invasion_online boolean Whether or not an invasion is active.
last_update integer The last time the district was updated. This generally requires a value change to update, eg. toons leaving/joining the district.
cogs_attacking string The name of the cog invading the district.
count_defeated integer The number of cogs defeated for the current invasion.
count_total integer How many cogs need to be defeated to end the invasion early.
remaining_time integer The amount of seconds before the invasion ends.

V1 Game Info

import requests

r = requests.get('https://corporateclash.net/api/v1/game_info.js')
out = r.json()
curl "https://corporateclash.net/api/v1/game_info.js" \
  -H "User-Agent: my-shell/1"

Returned JSON:

{
  "num_toons": 383,
  "production_closed": false,
  "production_closed_reason": "We're performing maintenance",
  "version": "v1.2.7.9"
}

This endpoint retrieves info about the live game

HTTP Request

GET https://corporateclash.net/api/v1/game_info.js

Return Object

Parameter type Description
num_toons integer The number of toons online; player count is limited to the number of toons in-game and does not include those in the main menu
production_closed boolean Whether or not logging into the game is currently possible for a regular user
production_closed_reason integer An english reason for the game being closed
version boolean Current version of the game; pulled from the latest version in CorporateClash/Changelogs

Launcher V1 API

These APIs are the primary method for logging users into the game.

For these APIs, we only allow client implementations that do not store the password, and store login tokens locally on users' computer. If malicious launchers are created that consume these APIs, we might shut off third party access and implement technical measures to prevent third-party usage.

POST Register

import requests

username = 'judge'
password = ''
friendly = 'my 2022 laptop'

r = requests.post("https://corporateclash.net/api/launcher/v1/register", json={
    'username': username,
    'password': password,
    'friendly': friendlyname
})

# curl 7.82.0 introduced the --json option which sends `application/json` for the headers `content-type` and `accept`
curl "https://corporateclash.net/api/launcher/v1/register" \
  --json '{"username": "judge", "password": "", "friendly": "my 2022 laptop"}'

JSON:

{
  "status": true,
  "reason": 0,
  "toonstep": false,
  "message": "success!",
  "token": "abcdefg1234567890abcdefg1234567890abcdefg1234567890",
  "id": 1
}

This endpoint registers a launcher with a user's account for persistent login access.

HTTP Request

POST https://corporateclash.net/api/launcher/v1/register

JSON post body:

Parameter type Description
username string The username for the account
password string The password for the account
friendly string A name the user can refer to this launcher/computer as. Will be referenced in the launcher confirmation email and website account page.

Return Object

Returns an array of district objects, defined as:

Parameter type Description
status boolean Whether or not token issuance was a success
reason string An integer indicating the failure reason/where in our backend this failed. Feel free to show it to the user, however, what these codes mean is not public.
toonstep boolean Whether or not this operation failed due to toonstep.
message string Text indicicating why this operation failed or succeeded
token string The login token to be used in future requests.
id integer? A unique ID for this launcher. It is recommended to display this to the user in case they need to audit launcher access on their account.

The token and username should be stored somewhere on the user's computer. If possible, try utilizing a built-in secret store or data protection API for the launcher platform you're targeting, eg KeyChain on MacOS or the Windows Credential Store. Otherwise, storing it in a configuration folder for your application is fine.

Launcher errors when token is revoked

JSON:

{
  "error": "Unauthorized",
  "bad_token": true
}

Your API requests will fail with a 401 status and this response if it's ever revoked via the website (eg. on the account page or via a password reset).

Return Object

Parameter type Description
error boolean Error message
bad_token boolean Whether or not the token is invalid

POST Login

import requests

token = 'abcdefg1234567890abcdefg1234567890abcdefg1234567890'

r = requests.post("https://corporateclash.net/api/launcher/v1/login", headers={
    'Authorization': f'Bearer {token}'
})

curl -X POST "https://corporateclash.net/api/launcher/v1/login" \
  -H 'Authorization: Bearer abcdefg1234567890abcdefg1234567890abcdefg1234567890'

JSON:

{
  "status": true,
  "success": true,
  "toonstep": false,
  "message": "Welcome back to Toontown, judge!",
  "token": "0987654321gfedcba0987654321gfedcba0987654321gfedcba",
}

This endpoint allows logging into the game.

HTTP Request

POST https://corporateclash.net/api/launcher/v1/login

Headers to include in your post request:

Header Value
Authorization The user's token in bearer format

Return Object

Parameter type Description
status boolean Whether or not logging in was successful
success boolean Same as status
toonstep boolean Whether or not this operation failed due to toonstep
message string Text indicicating why this operation failed or succeeded
token string a temporary login token that allows access into the game under the user's account

After logging in, you should start the game process with the following environment variables:

Environment Variable Value
TT_GAMESERVER The value provided by the Metadata API under realms[realm_idx].hostname
TT_PLAYCOOKIE the token above

GET Metadata

import requests

token = 'abcdefg1234567890abcdefg1234567890abcdefg1234567890'

r = requests.get("https://corporateclash.net/api/launcher/v1/metadata", headers={
    'Authorization': f'Bearer {token}'
})

curl "https://corporateclash.net/api/launcher/v1/metadata" \
  -H 'Authorization: Bearer abcdefg1234567890abcdefg1234567890abcdefg1234567890'

JSON:

{
  "acc_launcher_friendly": "my 2022 laptop",
  "acc_launcher_authorization_id": 1,
  "realms": [
    {
      "id": 1,
      "name": "Production",
      "slug": "production",
      "hostname": "example.com",
      "everyone": true,
      "closed": false,
      "closed_reason": "We are closed for maintenance",
      "manifests": {
        "macos": "https://example.com/api/v1/launcher/manifest/v3/production/macos",
        "windows": "https://example.com/api/v1/launcher/manifest/v3/production/windows",
        "resources": "https://example.com/api/v1/launcher/manifest/v3/production/resources"
      },
      "downloadservers": [
        {
          "id": 1,
          "name": "Download server one",
          "base_url": "https://example.com/downloads",
          "realm": "production"
        }
      ]
    }
  ],
  "bad_token": false
}

This endpoint provides metadata.

HTTP Request

POST https://corporateclash.net/api/launcher/v1/metadata

Headers to include in your post request:

Header Value
Authorization The user's token in bearer format

Return Object

Provides information for downloading files from the game. Further documentation of our entire asset distribution scheme will become available at a later date.

Parameter type Description
acc_launcher_friendly string The launcher's friendly value, same as register
acc_launcher_authorization_id integer The launcher's ID, same as register
realms object The realms this user has access to. Normally this will only contain 1 server.
bad_token boolean Whether or not the token is bad. An authentication check is performed on this API so this should always be false.

POST Revoke Current Token

import requests

token = 'abcdefg1234567890abcdefg1234567890abcdefg1234567890'

r = requests.post("https://corporateclash.net/api/launcher/v1/revoke_self", headers={
    'Authorization': f'Bearer {token}'
})

curl -X POST "https://corporateclash.net/api/launcher/v1/revoke_self" \
  -H 'Authorization: Bearer abcdefg1234567890abcdefg1234567890abcdefg1234567890'

JSON:

{
  "status": true,
  "bad_token": false
}

This endpoint revokes the launcher authorization associated with the token sent in the Authorization header.

HTTP Request

POST https://corporateclash.net/api/launcher/v1/revoke_self

Headers to include in your post request:

Header Value
Authorization The user's token in bearer format

Return Object

Parameter type Description
status boolean Whether or not recovation was successful
bad_token boolean Whether or not the token was bad already

After running this, the token will no longer work for any APIs.

Errors

Error Code Meaning
400 Bad Request -- Your request is invalid.
401 Unauthorized -- Your API key is wrong.
403 Forbidden -- The kitten requested is hidden for administrators only.
404 Not Found -- The specified kitten could not be found.
405 Method Not Allowed -- You tried to access a kitten with an invalid method.
406 Not Acceptable -- You requested a format that isn't json.
410 Gone -- The kitten requested has been removed from our servers.
418 I'm a teapot.
429 Too Many Requests -- You're requesting too many kittens! Slow down!
500 Internal Server Error -- We had a problem with our server. Try again later.
503 Service Unavailable -- We're temporarily offline for maintenance. Please try again later.

Acceptable Usage Policy

For the purposes of these terms, 'we', 'our', or 'us' shall refer to the entity Corporate Clash, and 'you' shall refer to the API user, whether that be a company or individual implementing and consuming these APIs.

General rules:

More legalese:

Termination

You may stop using our APIs at any time with or without notice. Further, if you want to terminate the Terms, you must provide us with prior written notice and upon termination, cease your use of the applicable APIs. We reserve the right to terminate the Terms with you or discontinue the APIs or any portion or feature or your access thereto for any reason and at any time without liability or other obligation to you.

Your Obligations Post-Termination

Upon any termination of the Terms or discontinuation of your access to an API, you will immediately stop using the API, cease all use of Corporate Clash intellectual property or other logos, and delete any cached or stored content.

WARRANTIES

EXCEPT AS EXPRESSLY SET OUT IN THE TERMS, NEITHER US NOR OUR SUPPLIERS OR DISTRIBUTORS MAKE ANY SPECIFIC PROMISES ABOUT THE APIS. FOR EXAMPLE, WE DON'T MAKE ANY COMMITMENTS ABOUT THE CONTENT ACCESSED THROUGH THE APIS, THE SPECIFIC FUNCTIONS OF THE APIS, OR THEIR RELIABILITY, AVAILABILITY, OR ABILITY TO MEET YOUR NEEDS. WE PROVIDE THE APIS "AS IS".

SOME JURISDICTIONS PROVIDE FOR CERTAIN WARRANTIES, LIKE THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT. EXCEPT AS EXPRESSLY PROVIDED FOR IN THE TERMS, TO THE EXTENT PERMITTED BY LAW, WE EXCLUDE ALL WARRANTIES, GUARANTEES, CONDITIONS, REPRESENTATIONS, AND UNDERTAKINGS.

LIMITATION OF LIABILITY

WHEN PERMITTED BY LAW, US, AND OUR SUPPLIERS AND DISTRIBUTORS, WILL NOT BE RESPONSIBLE FOR LOST PROFITS, REVENUES, OR DATA; FINANCIAL LOSSES; OR INDIRECT, SPECIAL, CONSEQUENTIAL, EXEMPLARY, OR PUNITIVE DAMAGES.

TO THE EXTENT PERMITTED BY LAW, THE TOTAL LIABILITY OF US, AND OUR SUPPLIERS AND DISTRIBUTORS, FOR ANY CLAIM UNDER THE TERMS, INCLUDING FOR ANY IMPLIED WARRANTIES, IS LIMITED TO THE AMOUNT YOU PAID US TO USE THE APPLICABLE APIS (OR, IF WE CHOOSE, TO SUPPLYING YOU THE APIS AGAIN) DURING THE SIX MONTHS PRIOR TO THE EVENT GIVING RISE TO THE LIABILITY.

IN ALL CASES, US, AND OUR SUPPLIERS AND DISTRIBUTORS, WILL NOT BE LIABLE FOR ANY EXPENSE, LOSS, OR DAMAGE THAT IS NOT REASONABLY FORESEEABLE.

Indemnification

Unless prohibited by applicable law, if you are a business, you will defend and indemnify us, and our affiliates, directors, officers, employees, and users, against all liabilities, damages, losses, costs, fees (including legal fees), and expenses relating to any allegation or third-party legal proceeding to the extent arising from:

We may modify the Terms or any portion to, for example, reflect changes to the law or changes to our APIs. This might happen regularly and without notice. You should look at the Terms regularly. Any continued use of the API constitutes your acceptance of the modified Terms.

The APIs were developed solely at private expense and are commercial computer software and related documentation within the meaning of the applicable U.S. Federal Acquisition Regulation and agency supplements thereto.