Mojang API

This page provides documentation for API endpoints provided by Mojang Studios which allows user to query player data and make changes programmatically.

Currently, the API is rate limited at 600 requests per 10 minutes. ^[1]

Request and response[edit | edit source]

For requests with a payload, the following restrictions apply:

• Request must include the Content-Type header, which must be application/json. Otherwise, the server returns HTTP 415.
• Payload must be a valid json. Otherwise, the server returns HTTP 400.

If the request is successful, the server:

• Returns a successful response code (HTTP 2XX)
• Returns an empty payload (with HTTP 204) or a valid json

Otherwise, if the request fails, the server returns a non-2XX HTTP status code with this payload:

These are some common causes:

Account suspensions[edit | edit source]

A Minecraft account can be entered into a banned/suspended state by triggering a high volume of erroneous requests, such as a high volume of 429s while uploading a skin.

These suspensions appear to be temporary, although this is speculation and the exact functionality of this automatic suspension system is unknown.

POST https://api.minecraftservices.com/authentication/login_with_xbox

Returns 403 with the following JSON data

{
	"path": "/authentication/login_with_xbox",
	"details": {
		"reason": "ACCOUNT_SUSPENDED"
	},
	"errorMessage": "Your account has been suspended. Please contact customer service."
}

Other services will report that the account is banned, such as servers serving the otherwise unused message You are banned from playing online.

These suspensions typically clear within 24 hours but may require contacting Minecraft support if they don't.

Query player information[edit | edit source]

These endpoints do not need an access token, and some endpoints can query registered account that do not own the game.

Query player's UUID[edit | edit source]

Input

Player's name (case insensitive).

Request (GET)

• https://api.mojang.com/users/profiles/minecraft/<player name>
  • This endpoint is currently very unreliable as of January 15, 2025 (frequent, random 403 errors) due to a misconfiguration^[2] by Mojang.
• https://api.minecraftservices.com/minecraft/profile/lookup/name/<player name>

Response

Example

https://api.mojang.com/users/profiles/minecraft/jeb_
Player jeb_'s UUID.

{
    "name": "jeb_",
    "id": "853c80ef3c3749fdaa49938b674adae6"
}

Error

• HTTP 404 is returned if no player with such name exists.

Query player's username[edit | edit source]

Input

Player's username (case insensitive).

Request (GET)

https://api.minecraftservices.com/minecraft/profile/lookup/<UUID>

Response

The same as #Query player's UUID.

Query player UUIDs in batch[edit | edit source]

Payload

A JSON array with no more than 10 player names (case insensitive).

Request (POST)

• https://api.mojang.com/profiles/minecraft
• https://api.minecraftservices.com/minecraft/profile/lookup/bulk/byname

Response

Example

Request with payload ["jeb_","notch"].

[
    {
        "id": "853c80ef3c3749fdaa49938b674adae6",
        "name": "jeb_"
    },
    {
        "id": "069a79f444e94726a5befca90e38aaf5",
        "name": "Notch"
    }
]

Query player's skin and cape[edit | edit source]

Input

Player UUID and whether the request is signed.

Request (GET)

• https://sessionserver.mojang.com/session/minecraft/profile/<UUID>
• https://sessionserver.mojang.com/session/minecraft/profile/<UUID>?unsigned=false

Response

Example

https://sessionserver.mojang.com/session/minecraft/profile/853c80ef3c3749fdaa49938b674adae6
Returns:

{
    "id": "853c80ef3c3749fdaa49938b674adae6",
    "name": "jeb_",
    "properties": [
        {
            "name": "textures",
            "value": "ewogICJ0aW1lc3R..."
        }
    ]
}

Content in [String] value after Base64 decoded:

{
    "timestamp": 1653838459263,
    "profileId": "853c80ef3c3749fdaa49938b674adae6",
    "profileName": "jeb_",
    "textures": {
        "SKIN": {
            "url": "http://textures.minecraft.net/texture/7fd9ba42a7c81eeea22f1524271ae85a8e045ce0af5a6ae16c6406ae917e68b5"
        },
        "CAPE": {
            "url": "http://textures.minecraft.net/texture/9e507afc56359978a3eb3e32367042b853cddd0995d17d0da995662913fb00f7"
        }
    }
}

Error

Microsoft authentication[edit | edit source]

Authentication for Microsoft accounts. Before using Microsoft auth, an Microsoft Azure Application must be created to obtain OAuth 2.0 client ID and token, which can then be used to obtain a Microsoft token. When obtaining the token, the scope parameter should include XboxLive.signin to obtain an Xbox Live token.

Obtain an Xbox Live token with Microsoft token[edit | edit source]

Payload

Request (POST)

https://user.auth.xboxlive.com/user/authenticate

SSL renegotiation required in SSL implementation.

Response

Obtain an XSTS token with Xbox Live token[edit | edit source]

Payload

Request (POST)

https://xsts.auth.xboxlive.com/xsts/authorize

SSL renegotiation required in SSL implementation.

Response

Error

HTTP 401 is returned if an error occurs in obtaining the XSTS token.

Obtain Minecraft access token with XSTS token[edit | edit source]

Payload

Request (POST)

https://api.minecraftservices.com/authentication/login_with_xbox

Response

Check if the account owns Minecraft[edit | edit source]

Request header

Authorization should be Bearer <Minecraft access token>.

Request (GET)

https://api.minecraftservices.com/entitlements/mcstore

Response

If the account owns Minecraft, returns:

If the account does not own Minecraft or is playing with Xbox Game Pass, empty payload is returned.

Player config[edit | edit source]

These endpoints are at https://api.minecraftservices.com, and all requires the Authorization header in request with value Bearer <Minecraft access token>. HTTP 401 is returned if token is missing or invalid.

Query player profile[edit | edit source]

Request (GET)

/minecraft/profile

Response

Query player attributes[edit | edit source]

Request (GET)

/player/attributes

Response

Modify player attributes[edit | edit source]

Payload

Request (POST)

/player/attributes

Response

The same as #Query player attributes.

Get list of blocked users[edit | edit source]

Request (GET)

/privacy/blocklist

Response

Get keypair for signature[edit | edit source]

Request (POST)

/player/certificates

Response

Query player's name change information[edit | edit source]

Request (GET)

/minecraft/profile/namechange

Response

Check gift code validity[edit | edit source]

Request (GET)

/productvoucher/giftcode

Response

Returns HTTP 200 or 204 if the gift code is valid. Otherwise returns HTTP 404.

Check name availability[edit | edit source]

Request (GET)

/minecraft/profile/name/<name to be checked>/available

Response

Change name[edit | edit source]

Input

Name to change to

Request (PUT)

/minecraft/profile/name/<name to change to>

Response

Error

Change skin[edit | edit source]

Payload

Request (POST)

/minecraft/profile/skins

Response

Returns the profile if operation succeeds.

Upload skin[edit | edit source]

Payload

Payload is made up of two parts:

• variant: Skin variant. classic for the Steve model and slim for the Alex model.
• file: Image data for the new skin. See example below.

Request (POST)

/minecraft/profile/skins

Example

curl -X POST -H "Authorization: Bearer <access token>" -F variant=classic -F file="@steeevee.png;type=image/png" https://api.minecraftservices.com/minecraft/profile/skins

Response

Returns the profile if operation succeeds.

Reset skin[edit | edit source]

Input

Player's UUID.

Request (DELETE)

/minecraft/profile/skins/active

Response

Returns the profile if operation succeeds.

Hide cape[edit | edit source]

Request (DELETE)

/minecraft/profile/capes/active

Response

Returns the profile if operation succeeds.

Show cape[edit | edit source]

Payload

Request (PUT)

/minecraft/profile/capes/active

Response

Returns the profile if operation succeeds.

Error

Server[edit | edit source]

Query blocked server list[edit | edit source]

Request (GET)

https://sessionserver.mojang.com/blockedservers

Response

A text file where every line is the SHA-1 hash of a blocked server.

Verify login session on client[edit | edit source]

Payload

Server ID is obtained from the following algorithm:

public static String generateServerId(String baseServerId,   // Base server ID, usually an empty string""
                                      PublicKey publicKey,   // Server's RSA public key
                                      SecretKey secretKey    // The symmetric AES secret key used between server and client
                                     ) throws Exception { 
    MessageDigest messageDigest = MessageDigest.getInstance("SHA-1");
    messageDigest.update(baseServerId.getBytes("ISO_8859_1"));
    messageDigest.update(secretKey.getEncoded());
    messageDigest.update(publicKey.getEncoded());
    byte[] digestData = messageDigest.digest();
    return new BigInteger(digestData).toString(16);
}

Request (POST)

https://sessionserver.mojang.com/session/minecraft/join

Response

Returns HTTP 204 if authentication passes.

Verify login session on server[edit | edit source]

Input

Case insensitive player name, server ID obtained by the above algorithm and the client IP (optional).

Request (GET)

https://sessionserver.mojang.com/session/minecraft/hasJoined?username=<player name>&serverId=<Server ID>&ip=<Client IP>

Response

Returns this payload if verification passes.

Get Mojang public keys[edit | edit source]

Request (GET)

https://api.minecraftservices.com/publickeys

Response

History[edit | edit source]

References[edit | edit source]

This article is partially adapted from Mojang API on wiki.vg.

Examples[edit | edit source]

• C# - Full API wrapper
• C# - Full API wrapper with Mojang/Microsoft Authentication
• Dart - Almost full API wrapper with Mojang Authentication
• Go - Full API wrapper
• Go - UUIDs or names to profiles with skins, capes and name histories
• Python - Full API Wrapper. Also supports authentication & parts of the Minecraft website
• Python - Pymojang is a full wrapper around de Mojang API and Mojang Authentication API. Also support RCON, Query and Server List Ping
• Python - Full API wrapper (not updated since 2018)
• Python - UUIDs or names to profiles (not updated since 2018)
• PHP - Complete Mojang's API wrapper
• PHP - Almost full API wrapper with Mojang Authentication. Also support head rendering
• PHP - UUIDs or names to profiles with skins, heads and name histories
• PHP - UUIDs to names
• PHP - UUIDs to names, names to uuids
• Java - Almost full API Wrapper
• Java - Almost full API Wrapper with auth
• Java - Almost full API with Mojang Authentication and can also work as a console Application.
• JavaScript - UUIDs or names to profiles with skins, capes and name histories

References[edit | edit source]

Navigation[edit | edit source]

v t e Java Edition technical
General Concepts Block entity Coordinates Crashes [String] Loot context Mob AI Point of Interest Resource location Screenshot Statistics Telemetry Tick UUID JSON General format Data values Classic Indev Pre-flattening Data component format Predicate Entity format Map item format [NBT Compound / JSON Object] NBT format Particle format Text component format § Formatting codes Key codes ? Random sequence Structure file format Schematic file format World Heightmap Seed Spawn chunk Data version Level format Anvil file format Chunk format Player format Point of Interest format raids.dat format Command storage format Scoreboard format Legacy Classic level format Classic server protocol Indev level format Alpha level format Infdev 20100624 level format Region file format server_level.dat villages.dat format Generated structures format .minecraft client.jar version.json client.json command_history.txt launcher_profiles.json options.txt version_manifest.json hotbar.nbt format Server list format Tools F3 Debug screen hotkey Developer Tools GameTest Obfuscation map Sound Block sound type sounds.json Subtitles Commands Brigadier Functions More information about commands Launching Mojang API Microsoft authentication Quick Play Legacy Legacy Minecraft authentication Yggdrasil Protocol Protocol version Protocol data types Protocol encryption Server server.jar server.properties Server requirements Whitelist Operator list Query RCON Legacy al_version Item format
Data pack Components pack.mcmeta Pack format Advancements Functions Item modifier Loot tables Predicate Recipe Damage type Chat type Enchantment Enchantment provider Painting variant Goat horn instrument Jukebox song Trial spawner configuration Mob variants Tag Block Item Function Fluid Entity type Game event Biome Flat level generator preset World preset Structure Point of interest type Painting variant Banner pattern Instrument Damage type Enchantment GameTest Test environment Test instance World generation Dimension Dimension type World preset Biomes Carver Configured feature Placed feature Noise settings Noise router Density function Noises Surface rule Structures Structure set Template pool Processor list Structure templates Data packs Caves & Cliffs Prototype Data Pack Tutorials Installing Creating Optimizing Command blocks and functions Repairing a world corrupted by a data pack Content Custom enchantments Custom paintings Custom trims World generation New dimension Custom structures
Resource pack Components pack.mcmeta Pack format Language Models Blockstates Items Sounds (sounds.json) Shaders Textures Atlases Aa Fonts Colormaps Texts regional_compliancies.json Equipment Tutorials Creating a resource pack

This article is licensed under a Creative Commons Attribution-ShareAlike 3.0 license.

 

This article has been imported from wiki.vg or is a derivative of such a page. Thus, the wiki's usual license does not apply.
Derivative works must be licensed using the same or a compatible license.