Questions regarding API

Assetto Corsa Server Manager v2
1

Environment

  • Server Manager Version: 2.4.10
  • OS: Ubuntu 22.04 (LXC)
  • Setup: 5 Server instances

Goal

I’m building a system that requests data from Server Manager, including live timing.

Currently, I fetch live timing via the REST API endpoint:

  • GET /api/live-timings/leaderboard.json

However, this endpoint is rate limited, which makes it impossible to build a real-time “live map”.

Current Observation

The live map on the web UI (/live-timing) seems to use WebSockets, specifically:

  • WebSocket endpoint: /race-control

I’d like to reuse that WebSocket connection for my own client.

Problem

When trying to connect to /race-control, it appears that authentication is required.

From what I can tell, the WebSocket auth is likely based on cookies / browser session authentication, but I’m missing:

  • documentation of the authentication flow
  • required headers/cookies/tokens
  • how a non-browser client can authenticate properly
  • handshake requirements (query params, CSRF tokens, origin rules, etc.)
  • message protocol / expected events once connected

Question

Is there documentation available for:

  1. The WebSocket endpoint (/race-control)
  2. The authentication mechanism used to access it (cookie/session based?)
  3. How to authenticate from a custom client (not the web UI)

Any pointers, docs, or a short description of the handshake/auth flow would help a lot.

2

Hi,

As far as I am aware, the race control endpoint does not have any authentication specifically set on it, but it does have the same permissions settings as the Live Timings page. You can modify these in the account groups in the Accounts settings in Server Manager.

The server manager instance would likely also need to have “Public Access” enabled in the Accounts settings for this endpoint to work. You may also need to turn off the “Block Cross Origin Live Timings Requests” setting in the Server Options.

The race control endpoint is not a public API so we do not have any documentation available for it, and though unlikely, we can’t provide an API promise that the data and/or structure will not change in the future.