Wow Account profile returns 403

Account Profile APIs are not working.
It always returns 403 error in console.

I followed the “Authorization Code Flow” and my process is as below.

  1. Get ‘code’.
  2. Using the ‘code’ with scope value of ‘wow.profile’ to get ‘access_token’.
  3. I could get ‘access_token’ without any problem.
  4. Using the ‘access_token’ for ‘Account Profile API’ such as ‘/profile/user/wow’ --> returns 403.

kr api blizzard com/profile/user/wow

**Parameter values I used
namespace: profile-kr
locale: ko_KR
access_token: $access_token

Authorization: Bearer $access_token

Any problem in my process? please help me!
Also “Try it” in the document of Profile APIs returns same 403 error.


Can you please confirm that you are including the wow.profile scope in the request when you exchange the Authorization Code for the Access Token, and that the response for the Access Token includes the expected scopes?

I’m glad there is an active thread on this…

I am trying to hit the same endpoints on the US api. I’m using passport.js to handle the auth flow using the strategy provided from the Blizzard github, passport-bnet.

I am passing scope alongside region through the strategy - is that valid or does the strategy not support scope?

Trying this endpoint: /profile/user/wow/collections/mounts

Here is my setup of the strategy:

new BnetStrategy(
  clientID: keys.blizz_key,
  clientSecret: keys.blizz_secret,
  callbackURL: '/auth/bnet/callback',
  region: 'us',
  scope: 'wow.profile',

I am getting a 404, not a 403 like OP stated. My error comes back on the server side as data: { code: 404, type: 'BLZWEBAPI00000404', detail: 'Not Found' }

Probably also worth mentioning, the same error happens in the test call on the bnet website as well.

The official passport-bnet example needs to be updated, but in the meantime for a NodeJS example using passport you can check out this project (node-wow-oauth-example) on GitHub. Or for a NodeJS example that doesn’t use passport or other libraries you can check out this project (vanilla-node-blizzard-oauth-example) on GitHub.

I also recommend reviewing this thread, which details some intricacies with mounts and other collection data.

Hey, thanks for the reply. Those are helpful examples and I did just read that thread you linked right before looking back at this one.

I just realized that I wasn’t really doing anything wrong after looking through the examples. I forgot I created a second battle net account for testing and like a moron, was searching for mounts on an account that has played no games, let alone wow…

The node example is actually using the same passport strategy, so that led me to think about other potential issues. The vanilla approach is quite a nice way to do it and keep it simple.

Anyways, I have working tokens for the endpoint now! Thanks again.

1 Like

Thank you for your help. Finally I got solution!
The problem was " AUTHORIZED APPLICATIONS" in account setting.
I got hint from your advice that token response includes “scope”, but mine was not.

  1. Remove existing app in AUTHORIZED APPLICATIONS in account setting.
  2. Reconnect & log-in via OAuth process

solved the 403 problem.
Thank you for your help and blizzard team again.

1 Like