How SkinsRestorer stores data
SkinsRestorer stores skin data in a file or database (depending on your configuration).
Why does SR need to store skins?
SkinsRestorer stores skin data to keep a cached version of the skin on your server. It contains the same data that Mojang would send to your server when you are in online mode. We cache the information in a file/the database for you, so we need to make fewer requests to the Mojang API and can provide skins even when Mojang servers are down.
What type of data is stored?
If you run /skin Dinnerbone
, SkinsRestorer will keep the skin data of Dinnerbone in a file/the database.
When Dinnerbone changes his skin, SkinsRestorer will automatically update the skin data in the file/the database.
If you run /sr createcustom
,
SkinsRestorer will generate a skin that will never change and store it in a file/the database.
How are skins PNGs stored?
When you apply a skin via the launcher or SkinsRestorer, they are stored on the Minecraft CDN. The skin is signed with the yggdrasil private key. This is a mechanism Mojang introduced to be able to regulate what skins can be used in the game. A signature is like Mojang saying “yes, I approve this skin”, and the game will only display skins that are signed by Mojang. Signatures never expire and cannot be revoked by Mojang unless they remove the skin manually from the CDN. Mojang has introduced a skin banning feature, which is used to report players with inappropriate skins. Mojang will then review the report, and if the skin is inappropriate, they will remove it from the CDN and ban the player for a certain amount of time from Multiplayer. Then no player can use the skin anymore, even if they have the skin file on their computer because Mojang prevents the game from displaying the skin by having it removed from the CDN. The Minecraft CDN is a secure place to store skins, and it is not possible to upload skins to the CDN without Mojang’s approval. While yes, Mojang does not review every skin, they review reported skins.
You do not get banned for having an inappropriate skin set using SkinsRestorer. Only if you manually upload the skin via the launcher. The way SkinsRestorer works is that it takes the skin from an existing player and applies it to you. This way you wear the skin of a different player and not the skin set in your launcher. If you get reported for having an inappropriate skin, the player you got the skin (the other player manually put that skin in their launcher) from will be banned, not you.
Fun fact: URL skins use a pool of community-provided Minecraft accounts to generate skins. So you also won’t get banned for using an inappropriate URL skin.
What is skin data?
Skin data is a Base64 encoded string that contains information about the skin/cape textures. We can get player skin data from the Mojang API using their UUID. Skin data is signed by Mojang, which allows the Minecraft client to verify that the skin data is approved by Mojang. Skin data is initially Base64 encoded as it’s transported as a profile property. You can use a Base64 decoder on the skin data to read it.
The decoded data should look like this:
{
"timestamp" : 1705586820658,
"profileId" : "61699b2ed3274a019f1e0ea8c3f06bc6",
"profileName" : "Dinnerbone",
"signatureRequired" : true,
"textures" : {
"SKIN" : {
"url" : "http://textures.minecraft.net/texture/50c410fad8d9d8825ad56b0e443e2777a6b46bfa20dacd1d2f55edc71fbeb06d"
},
"CAPE" : {
"url" : "http://textures.minecraft.net/texture/5786fe99be377dfb6858859f926c4dbc995751e91cee373468c5fbf4865e7151"
}
}
}
timestamp
→ shows the generation date in epoch time see epochconverterprofileId
→ The unique player Mojang UUID see Mojang APIprofileName
→ shows the player name that this skin belongs tosignatureRequired
→ this MUST be true (as Mojang signs the skin data)url
→ the URL to the skin/cape texture
How we request the skin data
We use two Mojang APIs to request the skin data. Firstly we need to get the unique player id from the player name. Using the player name endpoint After we retrieve the unique player id we can use it to get the profile properties, which include the Base64 encoded skin data.
Ratelimits
Mojang has an API ratelimit, so we can’t request skin data too often. For that, we use third-party APIs that cache the skin data for us as well as use a set of proxies to bypass the ratelimit.