403 Forbidden - Guild API

Hey,

I’m attempting to request Guild information from the Defias-Pillager HC Classic server with the intent of sending that information to a Discord server webbook using the follow URL of which I believe is aligned with the Profile API Documentation

“Authorized” CURL request:

curl --dump-header - -H "Authorization: Bearer xxx" https://us.api.blizzard.com/data/wow/guild/defias-pillager/petri-on-god?namespace=profile-classic1x-us&locale=en_US&region=us

As per the documentation, I am providing:

  1. The realmSlug (defias-pillager)
  2. The guildSlug (petri-on-god)
  3. The GET attributes (namespace, locale, region)

but alas I am returned this response:

HTTP/1.1 403 Forbidden
Date: Sun, 17 Nov 2024 06:28:16 GMT
Content-Type: application/json;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
vary: accept-encoding
blizzard-token-expires: 2024-11-18T06:27:21.223Z
x-trace-traceid: 5659f74c-65f7-348b-857c-251eea0e9b7c
x-trace-spanid: 18074245-2328-6490-080f-fa164d7ca64f
x-trace-parentspanid: 18074245-2328-6460-080f-fa164d7ca64f
x-frame-options: SAMEORIGIN
X-Content-Type-Options: nosniff
server: blizzard

What I’ve tried:

Configuring a response to a different endpoint: Retrieving Realm information with the same access token.

curl --dump-header - -H "Authorization: Bearer xxx" https://us.api.blizzard.com/data/wow/realm/defias-pillager?namespace=dynamic-classic1x-us&locale=en_US

and I am returned this response:

HTTP/1.1 200 OK
Date: Sun, 17 Nov 2024 06:41:32 GMT
Content-Type: application/json;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Battlenet-Schema-Revision: 2
Last-Modified: Tue, 12 Nov 2024 15:46:44 GMT
Battlenet-Namespace: dynamic-classic1x-us
vary: accept-encoding
blizzard-token-expires: 2024-11-18T06:41:03.848Z
Cache-Control: public, max-age=86400
Battlenet-Schema: realm
x-trace-traceid: 3dc9a1c7-86d6-3fe7-bae9-ce0adfe6dcdf
x-trace-spanid: 18074245-2061-2740-a7d9-fa164d11b36f
x-trace-parentspanid: 18074245-2061-2710-a7d9-fa164d11b36f
x-frame-options: SAMEORIGIN
X-Content-Type-Options: nosniff
server: blizzard

{"_links":{"self":{"href":"https://us.api.blizzard.com/data/wow/realm/defias-pillager?namespace=dynamic-classic1x-us"}},"id":5126,"region":{"key":{"href":"https://us.api.blizzard.com/data/wow/region/81?namespace=dynamic-classic1x-us"},"name":"VANWOW Era North America","id":81},"connected_realm":{"href":"https://us.api.blizzard.com/data/wow/connected-realm/5126?namespace=dynamic-classic1x-us"},"name":"Defias Pillager","category":"Hardcore","locale":"enUS","timezone":"America/New_York","type":{"type":"NORMAL","name":"PvE"},"is_tournament":false,"slug":"defias-pillager"}

As AOTC seems to be getting Guild information, this seems to either be an incorrectly configured API call, or a token without valid authorization for this type of request (profile over dynamic)

How would I format this request, or how would I get an access token with access to this information?

Thank you!

1 Like

It seems to be broken on era in general (since September at least). I can’t post links but there’s an open discussion on the WoW Classic Bug Report forum.

1 Like

Updating to say that this is still broken. Please see the self contained repro here. Given that this functionality was working before the September 25th update and it is documented on the Battle.net API documentation, I believe this is a bug.

Try:

curl -i -H "Authorization: Bearer YOUR_AUTH_TOKEN" -H "Region: us" -H "Battlenet-Namespace: profile-classic1x-us" -X GET https://us.api.blizzard.com/data/wow/guild/whitemane/not-prepared

Result:

HTTP/1.1 403 Forbidden
Date: Tue, 05 Nov 2024 19:08:05 GMT
Content-Type: application/json;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
vary: accept-encoding
blizzard-token-expires: 2024-11-06T10:01:27.832Z
x-trace-traceid: d309f9e7-1819-3e8d-8c0a-b236243a1253
x-trace-spanid: 1801b703-fe3a-34e6-e6e1-fa164d6d41f5
x-trace-parentspanid: 1801b703-fe3a-34b6-e6e1-fa164d6d41f5
x-frame-options: SAMEORIGIN
X-Content-Type-Options: nosniff
server: blizzard

{"code":403,"type":"BLZWEBAPI00000403","detail":"Forbidden"}

Same problem. Please fix.

1 Like

These APIs are important to classic era. Our rrobin website relies on these APIs.

1 Like