Use 2k API

[sliekens]

The current implementation uses HTML scraping, which is "meh" at best. The good news is that there is now a JSON API that we can use.

Base URL: https://api.2k.com/

Here are the endpoints I've discovered, I've written them down in this format:

• The request syntax (replace :variables with your own data)
• A list of observed response codes + JSON schema
• Sample response data

The overall flow is this:

1. Login
2. Check the validity of a code (optional)
3. Redeem the code
   • This triggers a background job that doesn't complete right away
4. Check job completion (optional if you don't care about the outcome)

Login

POST /borderlands/users/authenticate HTTP/1.1
Host: api.2k.com
Origin: https://borderlands.com
Content-Type: application/json

{
   "username":"string",
   "password":"string"
}

200 OK

Your session token is returned in the X-SESSION-SET response header. You need this JWT for calling the other endpoints.

403 Forbidden

{
    "authenticated": false
}

Check Code Entitlement

GET /borderlands/code/:code/info HTTP/1.1
Host: api.2k.com
Origin: https://borderlands.com
X-SESSION: :session-token

200 OK

{
   "entitlement_offer_codes":[
      {
         "code": "string",
         "max_redeemable": "number",
         "amount_redeemed": "number",
         "start_date": "string",
         "end_date": "string",
         "offer_title_text": "string",
         "offer_description_text": "string",
         "offer_service": "string",
         "offer_title": "string",
         "offer_id": "number",
         "is_active": "boolean"
      }
   ]
}

code: "XXXXX-XXXXX-XXXXX-XXXXX-XXXXX" (your code)
max_redeemable: 1000000
amount_redeemed: 31
start_date: "2019-04-10T15:32:23.000Z"
end_date: "2019-04-30T17:00:00.000Z"
offer_title_text: "5 Golden Keys"
offer_description_text: "You have unlocked 5 Golden Keys! Use your Golden Keys to open the mysterious loot chest located in Sanctuary to receive rare and powerful items!"
offer_service: "xboxlive"
offer_title: "willow2"
offer_id: 367
is_active: false

401 Unauthorized

{
    "errors": {
        "jwt": [
            "string"
        ]
    }
}

jwt: "MISSING_TOKEN"

Redeem a Code

GET /borderlands/code/:code/redeem/:offer_service HTTP/1.1
Host: api.2k.com
Origin: https://borderlands.com
X-SESSION: :session-token

201 Created

{  
   "message": "string",
   "job_id": "string",
   "min_wait_milliseconds": "number",
   "max_wait_milliseconds": "number",
   "max_retry_attempts": "number"
}

message: "REDEMPTION_QUEUED"
job_id: "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
min_wait_milliseconds: 750
max_wait_milliseconds: 1000
max_retry_attempts: 5

412 Precondition Failed

{
    "error": {
        "code": "string",
        "message": "string"
    }
}

code: "RATE_LIMITED"
message: "[RATE_LIMITED]"

Check Status

GET /borderlands/code/:code/job/:job_id HTTP/1.1
Host: api.2k.com
Origin: https://borderlands.com
X-SESSION: :session-token

200 Ok

{
    "success": true
}

202 Accepted

{
    "error": "string",
    "min_wait_milliseconds": "number",
    "max_wait_milliseconds": "number"
}

error: "JOB_STILL_QUEUED"
min_wait_milliseconds: 250
max_wait_milliseconds: 500

400 Bad Request

{  
   "success": "boolean",
   "errors":[  
      "string"
   ],
   "exceptions":[ ],
   "eoc": "string | null"
}

success: false
errors: "NO_SUCH_CODE" or "CODE_ALREADY_REDEEMED"
eoc: "XXXXX-XXXXX-XXXXX-XXXXX-XXXXX" (your code) or null

401 Unauthorized

{
    "error": "string",
    "message": "string"
}

error: "Token not valid"
message: "There is an issue with your token"

[sliekens]

@ryparker, you might be interested in this.

[cortz]

When trying to login with postman: CORS disallowed :/

[sliekens]

@cortz make sure you copy all the headers from the example, in particular the Origin header.

[bpoulliot]

@cortz Using Postman was what I've been trying to do and I finally got everything set up.
Follow the headers provided, then go to Body and use raw formatting to paste the JSON for username and password.

I wanted to be able to chain these together (such as by using the Runner) so after much searching I cobbled together the code snippet below:

function getAll(key) {
    let result = [];
    key = key.toLowerCase();
    pm.response.headers.each((header) => {
        if (String(header.key).toLowerCase() === key) {
            result.push(header.valueOf());
        }
    });
    return result;
}

tokenVal = getAll('X-SESSION-SET');
pm.collectionVariables.set("token", tokenVal);

The first part is a function to get the headers, since there's a bug in Postman that hasn't been fixed yet such that pm.request.headers.get or any derivative thereof doesn't work. This does and doesn't utilize deprecated information. Paste this into the Tests tab.

@StevenLiekens: The redeem code info is correct except it's a POST, not a GET.