JavaScript is required to use

Group Avatar


"Updates, discussions, and documentation of the BungieNetPlatform API."

Request Join
originally posted in:BungieNetPlatform
Edited by Tetron: 10/31/2017 4:50:00 PM

Introducing the Official Platform Application Programming Interface

EDITED: Cross Origin Requests are supported now. EDITED: Called out iOS and Android platforms explicitly. EDITED: Added support for User Authentication We are pleased to introduce official support for the Platform API. These are the same APIs that power the website and the official iOS and Android mobile apps, bringing you many of the services and features you see on We are making these APIs available to you so you may create custom iOS and Android applications, other platforms, websites, and more. [b]Supported APIs [/b] The public APIs are enumerated here: Endpoints that require authentication must use the user authentication mechanism documented [url=]here[/url]. You are not permitted to attempt to authenticate using any other mechanism. This opens a huge amount of functionality including player statistics, game details, user lookup, reading a user's inventory, vault, transferring items, and reading forum posts and comments. [b]Getting Started[/b] Before using our API we ask for a few simple things: 1. Create a account with a verified email address 2. Read the [url=]Terms of Use[/url], pay special attention to the BUNGIE.NET API TERMS AND CONDITIONS section near the end. 2. Request an API key here: [url][/url] 3. Use the API key as described below. The API key allows us to measure which developers and applications are using the API and how they are using it. Having that linked to a verified email address means we can contact a developer if their application is creating an undue burden on our servers, or we notice the API is being used incorrectly. The key does not provide any type of security or authorization and will not be used to block or throttle an application except possibly in the most extreme emergency cases. [b]Using the Key[/b] Each HTTP request your applications sends our servers should include the “X-API-Key” header. The header should contain your key. X-API-Key: <your key here> For example: GET Host: Connection: keep-alive X-API-Key: 17E792624C2A43E29356B8A79EEDA64A Cookie: bungledid=B6BGVMQFOKdJsTAWEnsW/ko5xn4glmfRCAAA; bungled=2796665744958383183 [i]Notes about the key:[/i] The key is mandatory and our servers will reject requests that do not include a valid key. [b]Cross Origin Requests[/b] Requests from JavaScript hosted by another web site is permitted, but you will need to configure your application with the value of your Origin header. [b]Cookies[/b] In general, if you use an HTTP stack that correctly handles the Set-Cookie header in responses, you should be good to go. In particular, we ask that you support the bungled and bungledid cookies. These help us with specific diagnostics tasks, and will come in handy if you ever need us to help you troubleshoot an issue on [b]Further Documentation[/b] There are many things you will need to know. We are providing only very light documentation on the API at this time. We are counting on the community, your ingenuity, and our ability to respond to questions in these forums to cover the rest.

Posting in language:


Play nice. Take a minute to review our Code of Conduct before submitting your post. Cancel Edit Create Fireteam Post

View Entire Topic
You are not allowed to view this content.
preload icon
preload icon
preload icon