An exchange code is a one-time code that can be used to generate an access token. The code expires after use or 5 minutes after generation.
Games on the PC such as Fortnite and Battle Breakers use this to identify who is playing the game.
Note: As of 30/05/20, Epic have removed the 'id/api/exchange' endpoint, meaning that it is not possible to get an exchange code through a browser anymore.
- Most clients accept this grant type
- Does not reveal sensitive information such as email or password
- Difficult to get programmatically due to captcha
- Expires after 5 minutes
- Cannot get through browser
-
Send a
GET
request to https://account-public-service-prod.ol.epicgames.com/account/api/oauth/exchange with a validAuthorization
header -
Send a
POST
request to https://account-public-service-prod.ol.epicgames.com/account/api/oauth/token:
Required headers:Content-Type
: application/x-www-form-urlencodedAuthorization
: basicclientId:secret
(encoded in Base64, list of clients here)
Body:
grant_type
: exchange_codeexchange_code
: (the code from before)
If done successfully, you should now have an access_token
that you can use to access everything Epic has to offer!