Issue with oauth token and its using for /wow/user/characters

API Discussion
Hi everyone,

I have an issue with oauth 2.0, if someone can help me.

I am making a web app that simply gets all characters' data from the player's profile using Blizzard API and renders it in the browser.

The problem is that a correct token can be generated only using this page
https://develop.battle.net/documentation/api-reference/world-of-warcraft-community-api.

If I use curl, postman or my own script, it gives me wrong token, so i get an object like
{
"access_token": "EUnxxxxxxxxxxxxxxxxxxxxxxxxxxx095",
"token_type": "bearer",
"expires_in": 86399
}


At the same time, if I use the link provided above, I can generate a request URL for POST request like
https://eu.api.blizzard.com/wow/user/characters?access_token=USYxxxxxxxxxxxxxxxxxxxxxxxxxxxVCR/].

As you may notice, I am trying to get data from EU server, where I have my own chars. So develop.battle.net portal gives me correct token (although it starts with US not EU), and I can see my characters info; whereas postman/curl or any other method gives me a 'EU...' token, which does not work.

Could you point me the right direction please? I spent like couple of days on it.

Thanks.
You can't do that. You're trying to use the "Client Credentials" flow which is only for applications to make API requests that don't include user profile data (e.g. Game Data APIs, Community APIs).

To get a user's profile information you have to use the "Authorization Code" flow.

See:

https://develop.battle.net/documentation/guides/using-oauth/authorization-code-flow

In short, you need to direct the user to the battle.net authorization page, the user will then need to authorize your app access to their profile, and then the user will get redirected back to your app with an authorization_code (as a URL query parameter). Your app exchanges the authorization_code for an access_token, which your app can then use to query that user's profile.

Edit:

Also, I believe you will want to use HTTP GET, not HTTP POST for all of the APIs, except the token request.

Join the Conversation

Return to Forum