I haven't seen any Python specific implementations so I thought I'd share. The only requirement is [url=http://docs.python-requests.org/en/latest/]requests[/url]. If you don't yet have it I highly recommend it. https://gist.github.com/ascendancyy/702db99b626d52d69359 The two links we need are: BUNGIE_SIGNIN_URI = "https://www.bungie.net/en/User/SignIn/Psnid" PSN_OAUTH_URI = "https://auth.api.sonyentertainmentnetwork.com/login.do" 1. GET BUNGIE_SIGNIN_URI (I partly did this because I plan on adding support for Xbox sign-in). Since we allow redirections and we're not using a session we have to look in the history to find the cookie we want. This gets us our first JSESSIONID cookie from PSN. 2. POST PSN_OAUTH_URI We POST with a form-encoded body containing our username/password. We also pass in the JSESSIONID cookie from the first step. This gets us a new JSESSIONID cookie. In the header we'll find a location field. 3. GET the location field from the previous step. Make sure the pass in the JSESSIONID cookie from the second step. In the response header you'll see a field called[i] x-np-grant-code[/i]. 4. GET BUNGIE_SIGNIN_URI with the x-np-grant-code appended as a query string with [i]code[/i] as the field name. It should look something like: https://www.bungie.net/en/User/SignIn/Psnid?code=XXXXXX 5. We create a requests Session. We save the [i]bungled[/i] and [i]bungleatk[/i] cookies to our session. We also add our API key to our headers and add the bungled cookie to the [i]x-csrf[/i] field. Now all future requests from our Session will work. At first I tried doing this over a single session, but it wouldn't work - at least not the private APIs. Only once did I use individual requests did it work. It's most likely due to some cookie issues, but I can't really be bothered to figure out exactly why. Cheers.