So after a long and tedious process, I've gotten down the basics with public APIs but wanted to start looking at the private ones. Using a modified version of someone's PHP function I'm able to successfully authenticate. I also collect and save the cookies from the bungie sign in request which gives me [spoiler] [__cfduid] [bungled] [bungledid] [bunglecounts] [sto-id-sg_www_bungie_net] [/spoiler] Then I collect the cookies from the PSN auth [spoiler] [npsso] [bunglefrogblastventcore] [bunglecounts] [bunglesony] [bungleatk] [tk] [bungleme] [bungleloc] [lcin] [/spoiler] At this point, my authentication was successful, all of the sessions are closed. The cookies still saved. I now use curl or file_get_contents to make a private request, but i'm required to sign in. I know it has to do with the cookies i have, i just don't know what to pass and to where. I can set the headers using [spoiler]<?php $opts = array( 'http'=>array( 'method'=>"GET", 'header'=>"Accept-language: en\r\n" . "Cookie: foo=bar\r\n" ) ); $context = stream_context_create($opts);[/spoiler] Again, just not sure which cookies to use and what else i'd need to send or append to the url