[quote]Endpoints that require authentication are not public. This limitation is necessary because Bungie.net does not actually manage or validate the user’s credentials. User credentials are authenticated by Google, Facebook, Microsoft or Sony. We are not able to share the sign in process with third parties.[/quote]The way I currently handle this is to first authenticate with the external provider, make the request to https://www.bungie.net/en/User/SignIn/{provider}, allow the redirects to do the work (where I can see the OpenID flow), then hold on to the cookies bungie.net wants to set. Obviously that method only works if you know the account details, which is what I think you mean by being unable to open up that process (and rightfully so!). However, is/would it be possible in the future for bungie.net to provide its own oAuth interface, where a given account holder grants third party applications the ability to access parts of their account or a subset thereof? Much like how when an application wants to have access to your Google/Facebook/Twitter/GitHub/Play Store apps/etc... account you have to first approve it and the permissions it has, and it continues to have access even when you're not actively using it. Also, how would you suggest we handle use cases where users are making requests to bungie.net directly (such as with a browser extension)? Should we embed our own API keys or ask them to register for one and use it?