Hello together,
I am consistently receiving a 403 Forbidden error when trying to access the WoW Classic character profile API, even after following all documentation and troubleshooting steps.
Endpoint: GET eu [dot] api [dot] blizzard [dot] com /profile/wow/character/{realm-slug}/{character-name}
Flow Type: Client Credentials Flow
Problem Description: My application successfully obtains an access token from eu [dot] oauth [dot] battle [dot] net / token using the Client Credentials flow and requesting the scope=wow.profile.
However, when this token is used to access a WoW Classic character profile (e.g., namespace=profile-classic-wotlk-eu), the API returns a 403 Forbidden error.
Using the /oauth/check_token endpoint, I can see that the token is being issued with an empty scope array, which is likely the cause of the 403 error. This happens even with a brand new API client.
Steps to Reproduce:
- Create a new API Client in the developer portal for Client Credentials.
- Request an access token from
eu [dot] oauth [dot] battle [dot] net / tokenwith the bodygrant_type=client_credentials&scope=wow.profile. - The request is successful and returns a token.
- Use this token to make a
GETrequest toeu [dot] api [dot] blizzard [dot] com /profile/wow/character/ragnaros/ansraer?namespace=profile-classic-wotlk-eu.
Expected Result: A 200 OK response with the character’s profile data.
Actual Result: A 403 Forbidden response with the body {"code":403,"type":"BLZWEBAPI00000403","detail":"Forbidden"}.
Token Introspection Result (from /oauth/check_token): This is the crucial information from our debugging. It proves the scope is empty.
JSON
{
"scope": [],
"exp": 1756035158,
"authorities": [
{
"authority": "ROLE_CLIENT"
}
],
"client_id": "DEINE-CLIENT-ID"
}
It seems the scope=wow.profile parameter is being ignored when generating a token for the EU region when used against the Classic API. Could someone help me in this?
Thank you!