WoW Token API issue 403

MADO-2379 · July 21, 2020, 4:03pm

Hello,

I’m having issues trying to get the token prize from the API.

I keep getting the 403 forbidden status and I think I’m doing the correct OAuth flow to obtain the access token because I do it on another project and it works just fine.

Trying it in the webpage doesn’t give me any problem.

Here is my code.

getToken().then(token => {
    console.log(token)
    getWowTokenPrize(token)
})
async function getToken() {
    let key = 'clientid'
    let secret = 'clientsecret'
    let response = await fetch('https://eu.battle.net/oauth/token', {
        method: 'POST',
        body: 'grant_type=client_credentials&client_id=' + key + '&client_secret=' + secret,
        headers: {
            'Content-Type': 'application/x-www-form-urlencoded',
            'cache-control': 'no-cache'
        }
    })
    let json = await response.json()
    return json.access_token
}

async function getWowTokenPrize(accessToken){
    let response = await fetch('https://eu.api.blizzard.com/data/wow/token/index', {
        method: 'GET',
        headers: {
            'Content-Type': 'application/x-www-form-urlencoded',
            'cache-control': 'no-cache',
            'Authorization': 'Bearer ' + accessToken,
            'Battlenet-Namespace': 'dynamic-eu' 
        }
    })
    console.log(response)
    let json = await response.json();
    console.log(json)
}

Erorus-11776 · July 21, 2020, 5:56pm

Maybe a CORS thing? The token fetch failed for me when I tried your code in a browser console. The additional request headers are not allowed. Replace your second fetch with this:

let response = await fetch('https://eu.api.blizzard.com/data/wow/token/index?namespace=dynamic-eu', {
    method: 'GET',
    headers: {
        'Authorization': 'Bearer ' + accessToken,
    }
});

MADO-2379 · July 21, 2020, 7:19pm

Maybe it’s a CORS issue… I’ve tried to do it in the web browser(firefox) and I’ve noticed something weird. If I do the fetch in the console in an empty page the response is 403 Forbidden, but if the page is google.com for instance, then the response is 200 OK.

Trying your modified code doesn’t work either…

Talgees-1302 · July 22, 2020, 3:08am

Looks like there might be an issue with using the namespace header rather than the query param. Seems to work fine when using the query param.

.../data/wow/token/index?namespace=dynamic-eu

async function getWowTokenPrize(accessToken){
  let response = await fetch('https://eu.api.blizzard.com/data/wow/token/index?namespace=dynamic-eu', {
      method: 'GET',
      headers: {
          'Authorization': 'Bearer ' + accessToken
      }
  })
  console.log(response);
  let json = await response.json();
  console.log(json);
}

MADO-2379 · July 22, 2020, 12:03pm

Hi guys, finally it was a CORS thing and also the problem with the Battlenet-Namespace header, thank you all!