When I try to authenticate an user on my website using a such request:
POST [https://api.minecraftservices.com/authentication/login_with_xbox]
Content-Type application/jsonAccept application/json
Body {"XBL3.0":"x={userhash};{xstsToken}"// also tried with "ensureLegacyEnabled":true
{{}}}
It always responds with status 500 and this body: {path: '/authentication/login_with_xbox', error: 'INTERNAL_SERVER_ERROR'}
Comments 6
Hi @Robert Sjödahl,
I still encounter this issue. I've also discovered that status 500 is only returned when the provided data is full. Otherwise, correct errors are returned.
Unfortunately, I haven't found any way to contact the Minecraft API support, so please provide me with some directions. Of course, I'd happily share all the necessary details in the case.
Hi, there is no dedicated Minecraft API support, so you'll need to contact regular Mojang Support. You are then forwarded to the appropriate contact.
Hi everyone,
Around a week ago I have contacted the support team on this issue. We are continuing communication with them, however, they've told me the bug report is indeed more appropriate place for this issue.
Also, after searching through support pages I discovered that I need to fill an application form to use the API. I did it several days ago and now waiting for an answer (I hope it won't take long).
An important update is that I'm now getting error 401 instead of 500 with the same workaround (and XSTS and UHS are 100% correct). So, I think my issue can be explained so:
There was a temporary API outage/issue which returned error 500
Now I'm getting 401 because my app isn't whitelisted yet
It will work correctly as soon as it will be added to the whitelist
Does such explanation seem true? I'll update the issue after the app's verification
There was a minor fix on that API to make it so that a parse error of the xtoken does not become a 500 but rather a 401. Your app needs to be registered also but that should give a 403 if that were detected. So I think you are still having problems with the xsts token.
I have solved the issue!
The problem was actually NodeJS @xboxreplay/xboxlive-auth package, which didn't accept Properties and TokenType options in 'Exchange token for XSTS' part. Typescript highlighted it but I decided to ignore it as I thought the API was poorly documented.
Now I'm getting 403 error and message that tells that I need to register my app first. Are there apparently any deadlines for that?
Thank you all for the help.
Looking at metrics and testing myself I can see that the API is not down. But clearly you got a 500 response. Is this still a problem for you? It's hard to see why without more information. But you can't share any privacy/identifiable information here as this is public. You would have to open a support case with our support.