Potential Way to Redeem Capes

[Trixter]

To begin with, I'm looking for somebody who owns an unredeemed cape code to try and redeem it through the mojang api following these steps:

1. Go here: xorbin.com/tools/sha256-hash-calculator (or any other SHA256 encryptor) to encrypt your cape code (not the entire url) into a 32 byte hash.
2. Through the mojang api, authenticated with your access token through any http request service, goto api.mojang.com/user/profile/<profileuuid>/capetokens/code/<encrypted cape code>

I haven't seen any other trace of this on the internet other than one source, so I was curious to see if this was a valid way to redeem cape codes.

Also do note that the instructions to use this endpoint are vague to say the least, and since I can't exactly test with any cape codes it may take some guesswork to figure out how it works exactly (if it does at all).

Source: github.com/discoli/gominecraft/blob/master/gominecraft.go

 

[one two three]

this was literally the method everyone used, visiting the endpoint now returns a 404, it's been patched for a while now. if ur curious, it returned a 204 when the cape was redeemed, somewhere in the json there'd be "Cape token already redeemed." when it was used, and somewhere in the json there'd be "Invalid code." when the code was invalid/not the right format.

[DOUBLEPOST=1592528853][/DOUBLEPOST]

Go here: xorbin.com/tools/sha256-hash-calculator (or any other SHA256 encryptor) to encrypt your cape code (not the entire url) into a 32 byte hash.

also, no, this isn't what this is nope nope nope nope nope nope NOPE

cape codes either came already in a 32 char hexadecimal format or in base64, all you need to do is decode the base64 and you'll get the 32 char hexadecimal code which is the cape token you insert into the url