Introducing the Official Bungie.net Platform Application Programming Interface
EDITED: Cross Origin Requests are supported now.
EDITED: Called out iOS and Android platforms explicitly.
EDITED: Added support for User Authentication
We are pleased to introduce official support for the Bungie.net Platform API. These are the same APIs that power the Bungie.net website and the official iOS and Android mobile apps, bringing you many of the services and features you see on Bungie.net. We are making these APIs available to you so you may create custom iOS and Android applications, other platforms, websites, and more.
The public APIs are enumerated here:
Endpoints that require authentication must use the user authentication mechanism documented [url=https://github.com/Bungie-net/api/wiki]here[/url]. You are not permitted to attempt to authenticate using any other mechanism.
This opens a huge amount of functionality including player statistics, game details, user lookup, reading a user's inventory, vault, transferring items, and reading forum posts and comments.
Before using our API we ask for a few simple things:
1. Create a Bungie.net account with a verified email address
2. Request an API key here: [url]https://www.bungie.net/en/Application[/url]
3. Use the API key as described below.
The API key allows us to measure which developers and applications are using the API and how they are using it. Having that linked to a verified email address means we can contact a developer if their application is creating an undue burden on our servers, or we notice the API is being used incorrectly.
The key does not provide any type of security or authorization and will not be used to block or throttle an application except possibly in the most extreme emergency cases.
[b]Using the Key[/b]
Each HTTP request your applications sends our servers should include the “X-API-Key” header. The header should contain your key.
X-API-Key: <your key here>
Cookie: bungledid=B6BGVMQFOKdJsTAWEnsW/ko5xn4glmfRCAAA; bungled=2796665744958383183
[i]Notes about the key:[/i]
The key is mandatory and our servers will reject requests that do not include a valid key.
[b]Cross Origin Requests[/b]
In general, if you use an HTTP stack that correctly handles the Set-Cookie header in responses, you should be good to go. In particular, we ask that you support the bungled and bungledid cookies. These help us with specific diagnostics tasks, and will come in handy if you ever need us to help you troubleshoot an issue on Bungie.net.
There are many things you will need to know. We are providing only very light documentation on the API at this time. We are counting on the community, your ingenuity, and our ability to respond to questions in these forums to cover the rest.