Upcoming Changes to Battle.net’s API Gateway

Korakk-1142 · August 9, 2024, 10:12pm

Hello Blizzard Community Developers!

Blizzard hosts several APIs on api.blizzard.com that our community developers use to access game data and services. We would like to call your attention to two upcoming changes:

First, it will no longer be permissible to pass OAuth Access Tokens via the URL query string. Instead, these tokens must be included in the HTTP header of the request:

e.g. Authorization: Bearer YOUR_CLIENT_TOKEN

Please review your integration with APIs on api.blizzard.com. If you are currently sending OAuth Access Tokens via the query string you will need to update your integration. This must be done by September 30, 2024, from which point these APIs will reject any requests that do not send access tokens via the HTTP Header.

Further details for this change including technical details of how to send the OAuth Access Token via the HTTP Header are available at Blizzard Battle.net Developer Portal.

Second, Battle.net is moving several of its APIs to cloud infrastructure to improve performance, stability, and scalability. The IP addresses of the API gateway are subject to change, including in the future without prior notification, so using IP addresses in outbound allow-listing for interacting with Battle.net is not recommended.

If you need more assistance or have questions, please reply in this thread or reach out in the Blizzard API Community Discord Server.

Devjoe-2759 · September 25, 2024, 4:24pm

Blizzard is updating its API Gateway:

OAuth Tokens: From September 30, 2024, OAuth tokens must be sent in the HTTP header, not in the URL query string.
Cloud Migration: API gateway IPs will change, so avoid using IP addresses for allow-listing.

Check the Blizzard Developer Portal or their Discord for more details.

nomad-14896 · September 26, 2024, 1:33pm

Hi, it looks like the guild endpoints are completely broken now? They were out of date for a long time (not fresh data), and now all my queries come back as forbidden.

xRaY2k13-2495 · September 27, 2024, 11:56pm

off topic i know but you are a developer so i want to tell you, i killed time lost proto drake and its body fell behind a barrier like ice wall in the center hole, its been 3 weeks since i bug report, gm’s say only dev team can help?
any chance you can get it looked into please this should be an urgent fix as it takes agesssss to farm this thing

Nhea-2217 · October 13, 2024, 4:53pm

Classic era guild APIs are returning 403 forbidden for more than two weeks. Is there any fix incoming for this error?

totorock-2135 · October 13, 2024, 9:11pm

+1
Can you give some ETA about Classic Era Guild APIs and other APIs fixes ?
Thank you.

dhottha-11161 · October 21, 2024, 10:26am

com eu removo a API da Minha conta e volto a jogar com jogadores normais. servidores sem bot?

Wain-1779 · October 26, 2024, 5:51am

Is this the reason that API queries are no longer working in your own game data APIs pages?
e.g.: Blizzard Battle.net Developer Portal

Even though I supply a valid Client ID & Secret, it gives a “401 Unauthorized” error for any query I try. The same ID & Secret are working fine with my website queries.

Sigto-11442 · October 26, 2024, 4:31pm

Hearthstone’s Metadata API seems to be broken.

This one works
URL / ttps://us.api.blizzard.com/hearthstone/cards?locale=en_US
Header / Authorization: Bearer {API Token}

This does not work
URL / ttps://us.api.blizzard.com/hearthstone/metadata?locale=en_US
Header / Authorization Bearer {API Token}

昏暗的墨色幽靈-3169 · October 28, 2024, 2:29am

+1
It gives a “401 Unauthorized” error for any query

Amineli-2711 · October 30, 2024, 4:16pm

Is there a more detailed log of API changes anywhere? For instance, two new PvP leaderboards were added to the PvP leaderboards index last Wednesday, which unlike other leaderboards, have no id. This change broke a script of mine, as it expected an id from any leaderboard.

Demo7up-1477 · October 31, 2024, 3:44am

Did a change happen to the ITEM API endpoint this was working a few days ago now I get a 401 Unauthorized, I know the token is good because its being used with a few other end points and working.

https://us.api.blizzard.com/data/wow/item/19019?namespace=static-us&locale=en_US&access_token=xxxxxxx

Its also showing 401 on

https://develop.battle.net/documentation/world-of-warcraft/game-data-apis

PHOENIX-218850 · October 31, 2024, 2:10pm

I’m not sure if I need to change something in my code, but even on the Hearthstone game data API page I get a 401 error when I provide my access token.

WarLeader-1187 · November 4, 2024, 6:31pm

in php exist two common methods or populate the array in the curl.

this one is the one works, and remove the token for the url.

// create curl resource
$ch = curl_init();

curl_setopt($ch, CURLOPT_HTTPHEADER, array(
‘Content-Type: application/json’,
'Authorization: Bearer ’ . $token
));

    // set url
    curl_setopt($ch, CURLOPT_URL, "$url");

and yes, remove the get parameter in the url.