What is it?

One unique feature we've developed on the site is the ability to link your Hi-Rez account to our system. This gives us the ability to link a Paladins profile to your Ninja profile. You just log in with your Hi-Rez info and we take care of the rest!

Do I need to link my account?

Short answer. Yes. This feature is required by the system as many features of the site require this link.

What information is stored?

  • Paladins player id
  • Hi-Rez account id
  • A timestamp (we generate this to tell us when you linked your account)

For Developers / Further Reading

This is the code that is migrated into the database.

    public function up()
        Schema::table('users', function (Blueprint $table) {


Why do I need to disable 2FA?

Hi-Rez's 2 factor is, in a word, wonky. When tinkering with this system, one of our developers almost lost his account completely trying to get it to work right. It's just easier to disable it for a few minutes, link the account, and then re-enable it.


Where do the username/passwords go?

Nowhere. Well, technically we send the information to their servers and wait for a response. After the account is linked (or fails), we have no knowledge of your username and password. 

The full process goes like such:

  1. You type in your username/password
  2. You hit submit
  3. It sends that information to our servers
  4. Our servers send that information to the Hi-Rez servers
  5. Hi-Rez servers tell us if it's valid or not
  6. If it's valid, we save the player id and account id. If it's not, we tell you

For Developers / Further Reading

The following code is the actual code running behind the scenes, besides the initial Guzzle requests and form setup. As you can see, at one point we tried the 2FA, but ended up just disabling the front end for it. It still technically exists, just not fully functional.

        $body = json_decode($response->getBody());

        if (isset($body->statusCode) && $body->statusCode == 403) {
            $form = array_add($form, 'need2fa', true);
            return response()->json($form);

        if ($body->userInfo->banned) {
            return response()->json([
                'errors' => ['The Hi-Rez account you are attempting log in to has been banned.']

        $paladinsGame = array_first($body->userInfo->games, function($value, $key) {
            return $value->game == 'Paladins';
        }, null);

        if ($paladinsGame == null) {
            return response()->json([
                'errors' => ['The Hi-Rez account you are attempting to log in to does not have a Paladins account.']

        if (\PaladinsNinja\Models\User::where([
            ['hirez_account_id', $body->userInfo->accountId],
            ['paladins_player_id', $paladinsGame->playerId]
        ])->exists()) {
            return response()->json([
                'errors' => ['The account you are trying to link has already been attached to another account.']

        \PaladinsNinja\Models\User::where('email', $request->user()->email)->firstOrFail()->update([
            'hirez_account_id' => $body->userInfo->accountId,
            'paladins_player_id' => $paladinsGame->playerId,
            'linked_hirez_at' => now(),

        return response()->json([
            'connected' => true,