Help getting started with a simple realm type call

API Discussion
Hello! New to the blizzard API and want to do something very specific. I'll take you through what I've learned so far and where I think I am stuck.

I think I have got maybe 75% of the knowledge of what I need to do but just need help connecting the dots :)

I want to get the realm 'type' (which I know is PvE) of the US server 'Medivh' from the wow community API and print it on an HTML page.

To do this I know I will have to make a JSONP request using the following URL:

In that JSONP that is returned, there should be a string called 'type' which specifies Medivh's realm type that looks like this:


I also know that in order to print that string into a <div> node with the ID 'result' on my HTML page I will use jQuery like this:

<script type="text/javascript">
function foo(data) {

url: "",
type: 'GET',
dataType: 'jsonp'

Am I correct up until this point? Do let me know.

Now, this is where I think I'm stuck. I read the documentation and there was lots of mention of Oauth2 - I did a bit of research into it but most of it is total gibberish to me! I know that it is a security protocol which is mandatory if you want to make API calls, but that's about it.

When I type the URL mentioned before into my web browser, I get a 403 denied error. I guess that this is because I'm a user in a web browser and I'm not authorised/haven't configured Oath (because I am a human being not a server).

So that means I will have to get Oauth working on my web server where my website,, is. Then I suppose that if I do manage to get Oauth working, I will successfully be able to make the API call using the jQuery script on my server. Right?

My website has SSL and is running a phpBB installation (v3.2.5). So I guess I could make this Oauth thing work if I could do it through phpBB? I found this guy's phpBB extension in the community resources sticky which looks promising:

But someone in the last reply says that it seems to only be for logging in through bnet, and wouldn't be useful for anything else.

There's also another, much more recent phpBB extension here: but again it seems specifically for logging in using bnet credentials. Will the sort of authorisation stuff included in this extension be enough for me to do my jQuery calls, despite this being designed for log ins?

Question 1: if I installed either of those phpBB extensions, and got Oauth working correctly, is that enough? Like, will the bnet API from then on accept any calls coming from my domain through the jQuery script or do I need to do extra work after that to make requests?

Question 2: there seem to be other ways of getting Oauth 'working' besides this phpBB extension. Can you guys recommend me one and walk me through how to get it working so that I can easily make requests with the jQuery file?

Question 3: Is there anything I've said so far that is utterly and totally wrong? Please do point out my mistakes.

Any help would be greatly appreciated :)
A few things to consider here:

1. Yes, you are correct about how the realms endpoint works, and yes once you get the OAuth2 token you'll get the the json data as you describe.

2. You are also correct that you have to do the request from the server-side and not from the browser side directly. You don't want to have a jQuery or any kind of javascript doing the request to the API directly. You just can't do that without exposing the API token to the user browser. You have to implement some kind of endpoint on your server to proxy those requests.

3. You don't necessarily have to implement user logon with bnet to get realm data (only for endpoints directly related to user profile, like list of characters).

I'm sorry but I can't help you with phpbb extensions, last time I used phpbb was 7 years ago, but you are on the right direction. I would suggest you to create a custom php script just to get this information for you, there are some community maintained PHP libraries to help you with this.
Also, you might wanna join the API discord as there are lots of users there willing to help.

Hope it helps you a little.
Hi Schiller, thanks for your response.

04/21/2019 10:51 AMPosted by Schiller
You don't want to have a jQuery or any kind of javascript doing the request to the API directly. You just can't do that without exposing the API token to the user browser. You have to implement some kind of endpoint on your server to proxy those requests.

I have since learned a bit more about this. I'm currently trying to install this framework which seems very straightforward to use:

Once I have that set up, do I still need to worry about implementing an endpoint on my server to proxy the requests or do you think this js framework will do that for me?

Since most of this conversation continued on the unofficial discord I am posting the partial solution here so it may help more people.

Since all Teeb needed was a way of getting API data using an asynchronous request (ajax/fetch), the easiest way was to proxy calls on a simple one-file script running on the same server.

For anyone in need of a similar script or even some starting point on PHP API calls I leave this snippet:

This script has the OAuth2 Client Credentials implementation, which means you can only perform requests on generic API endpoints that does not require a user authorization (currently about 95% of API endpoints).

This script does not provide any caching capabilities so it may not be a good idea to use this for very frequent calls.

Join the Conversation

Return to Forum