Hello Blizzard Community Developers!
Blizzard hosts several APIs on api.blizzard.com
that our community developers use to access game data and services. We would like to call your attention to two upcoming changes:
First, it will no longer be permissible to pass OAuth Access Tokens via the URL query string. Instead, these tokens must be included in the HTTP header of the request:
e.g. Authorization: Bearer YOUR_CLIENT_TOKEN
Please review your integration with APIs on api.blizzard.com
. If you are currently sending OAuth Access Tokens via the query string you will need to update your integration. This must be done by September 30, 2024, from which point these APIs will reject any requests that do not send access tokens via the HTTP Header.
Further details for this change including technical details of how to send the OAuth Access Token via the HTTP Header are available at Blizzard Battle.net Developer Portal.
Second, Battle.net is moving several of its APIs to cloud infrastructure to improve performance, stability, and scalability. The IP addresses of the API gateway are subject to change, including in the future without prior notification, so using IP addresses in outbound allow-listing for interacting with Battle.net is not recommended.
If you need more assistance or have questions, please reply in this thread or reach out in the Blizzard API Community Discord Server.
2 Likes
Blizzard is updating its API Gateway:
- OAuth Tokens: From September 30, 2024, OAuth tokens must be sent in the HTTP header, not in the URL query string.
- Cloud Migration: API gateway IPs will change, so avoid using IP addresses for allow-listing.
Check the Blizzard Developer Portal or their Discord for more details.
1 Like
Hi, it looks like the guild endpoints are completely broken now? They were out of date for a long time (not fresh data), and now all my queries come back as forbidden.
2 Likes
off topic i know but you are a developer so i want to tell you, i killed time lost proto drake and its body fell behind a barrier like ice wall in the center hole, its been 3 weeks since i bug report, gm’s say only dev team can help?
any chance you can get it looked into please this should be an urgent fix as it takes agesssss to farm this thing
Classic era guild APIs are returning 403 forbidden for more than two weeks. Is there any fix incoming for this error?
1 Like
+1
Can you give some ETA about Classic Era Guild APIs and other APIs fixes ?
Thank you.
com eu removo a API da Minha conta e volto a jogar com jogadores normais. servidores sem bot?
Is this the reason that API queries are no longer working in your own game data APIs pages?
e.g.: Blizzard Battle.net Developer Portal
Even though I supply a valid Client ID & Secret, it gives a “401 Unauthorized” error for any query I try. The same ID & Secret are working fine with my website queries.
3 Likes
Hearthstone’s Metadata API seems to be broken.
This one works
URL / ttps://us.api.blizzard.com/hearthstone/cards?locale=en_US
Header / Authorization: Bearer {API Token}
This does not work
URL / ttps://us.api.blizzard.com/hearthstone/metadata?locale=en_US
Header / Authorization Bearer {API Token}
1 Like
+1
It gives a “401 Unauthorized” error for any query
Is there a more detailed log of API changes anywhere? For instance, two new PvP leaderboards were added to the PvP leaderboards index last Wednesday, which unlike other leaderboards, have no id. This change broke a script of mine, as it expected an id from any leaderboard.
Did a change happen to the ITEM API endpoint this was working a few days ago now I get a 401 Unauthorized, I know the token is good because its being used with a few other end points and working.
https://us.api.blizzard.com/data/wow/item/19019?namespace=static-us&locale=en_US&access_token=xxxxxxx
Its also showing 401 on
https://develop.battle.net/documentation/world-of-warcraft/game-data-apis
I’m not sure if I need to change something in my code, but even on the Hearthstone game data API page I get a 401 error when I provide my access token.
in php exist two common methods or populate the array in the curl.
this one is the one works, and remove the token for the url.
// create curl resource
$ch = curl_init();
curl_setopt($ch, CURLOPT_HTTPHEADER, array(
‘Content-Type: application/json’,
'Authorization: Bearer ’ . $token
));
// set url
curl_setopt($ch, CURLOPT_URL, "$url");
and yes, remove the get parameter in the url.
Maybe, just maybe, you guys should update your website (documentation) for this change so that the “Try It” feature does not fail with “401 Unauthorized”, maybe it is the right time? (3 MONTHS AFTER THIS ANNOUNCEMENT).
Hi, is there any ETA for a fix for Classic APIs? They are returning 403 for more than 2 months.