{{
`${userDetail.user.displayName}${userDetail.user.cachedBungieGlobalDisplayNameCode ? `#${standardizeBungieGlobalCode(userDetail.user.cachedBungieGlobalDisplayNameCode)}` : ""}`}}
{{getUserClans()}}
originally posted in:BungieNetPlatform
5/13/2015 12:22:10 PM
1
Making non-public API request
Hello,
I have recently started an app and have the PSN authentication procedure set up.
I will be looking to get data from some of the non-public API's but haven't been able to find any info on what needs to be included in the request. Are there specific headers that need to be included? How does it know that the user has been authenticated?
If you need to see my code for the authentication then let me know.
I have put this together using various samples from other posts so am not taking any credit for it.
Regards
Matt
English
-
I meant to reply to this before but forgot to... The best way to "see" what you need to include is just to watch the requests your browser makes as you use bungie.net. Off the top of my head though, you'll need to include these headers when requesting anything from the platform: Cookie* X-csrf* X-API-Key *these are required for the "private" endpoints For the private requests you'll need to have already authenticated with an external provider (Windows LIVE or PSN) and with bungie.net<->provider (which is just a request to the sign in link). The cross site request forgery token (X-csrf header) is the value of the "bungled" cookie which you copy to the header. I have a little bit of it [url=https://github.com/dazarobbo/BNextNotifier/blob/333d3dc498f3ee9642c24fe1ebe43b8f4a234095/scripts/BungieNet.js]here in JavaScript[/url] if that helps.
