New method to resolve sessionToken

[kfsboss]

Header：
x-origin: https://studio.youtube.com Authorization: [Replace Your SAPISIDHASH] Content-Type: application/json Cookie: [Replace Your Cookie]

1: POST https://studio.youtube.com/youtubei/v1/security/get_web_reauth_url?alt=json&key=$KEY

Data：
{ "context": { "client": { "clientName": 62, "clientVersion": "1.20220711.03.00", "hl": "en", "gl": "US", }, }, "continueUrl": "https://studio.youtube.com/reauth", "flow": "REAUTH_FLOW_YT_STUDIO_COLD_LOAD", "ivctx": "[Replace Your !!! [ivctx] !!! Required]" }

[encodedReauthProofToken] get the Responses
[sessionRiskCtx] get the Responses

2: POST https://studio.youtube.com/youtubei/v1/ars/grst?alt=json&key=$KEY

Data:
{ "context": { "client": { "clientName": 62, "clientVersion": "1.20220720.01.00", "hl": "en", "gl": "US", }, "request": { "returnLogEntry": true, "internalExperimentFlags": [], "reauthRequestInfo": { "[Replace Your !!! [encodedReauthProofToken] !!! Required]" } }, }, "ctx": "[Replace Your !!! [sessionRiskCtx] !!! Required]" }
[sessionToken] get the Responses

//
**perfect solution,Data information can be filled in completely if necessary **
example：
"user": { "onBehalfOfUser": "[Replace Your UserID]", "delegationContext": { "externalChannelId": "[Replace Your ChannelId@]", "roleType": { "channelRoleType": "CREATOR_CHANNEL_ROLE_TYPE_OWNER" } },

//
sessionToken generally expires in seven days, this scheme can automatically obtain new

[blueveno]

how can i get botguardResponse data?
if i use https://studio.youtube.com/youtubei/v1/att/esr without "botguardResponse", always return wrong ivctx
Or other way to get ivctx?

[adasq]

Thank you both for your input.

That's indeed interesting. I briefly checked it out and it looks like we can generate sessionToken without sending over botGuard details.

The only missing part is ivctx. Need to dig more.

[blueveno]

sessionToken can got from https://studio.youtube.com/youtubei/v1/att/esr response data, so only how you find the way got exactly botguardResponse. Thank you for your help

[adasq]

Generating botguardResponse is a tricky part. AFAIR it's generated on the client-side by executing JavaScript (in conjunction with iframes).

I think it'd be easier to get ivctx

[femtoeu]

Why is this method better? If we receive ivctx after we send botGuard?

[Litedown]

Hi. Creators, can you make something like "auto generating" of sessionToken? I want to use a lot of accounts and I need to get this sessionToken

[whoisbg]

how to get ivctx?

[adasq]

Follow up:
we can get ivctx from /esr. The problem is that this API that requires botGuardResponse.

[whoisbg]

Follow up: we can get ivctx from /esr. The problem is that this API that requires botGuardResponse.

So all that's left is to understand how to generate botGuardResponse?

[ItzmeSwapy]

close to the solution guys... let's crack it