Authenticating to the Battle.net API with PowerShell

So, let’s finally dive into some code. Let’s start working with the API. The first step when using an API is always authentication. In this case, it is called Bearer Authentication. This means we need to generate an access token. For this, we need a Client ID and a Client Secret. We can get these from https://develop.battle.net by creating a new client there. But first, we need a Battle.Net Account … Yes, a thousand things, so here’s a list to make it clearer:

1. Battle.Net Account
2. API Access Client
3. Client ID
4. Client Secret

The Client Secret is called a secret for a reason, so always keep it safe! That’s why I’m obscuring my data here.

Once we have the Client ID and Client Secret, we can move on to the next part, which is generating the access token. Below is the PowerShell code that will handle this:

$ClientID = 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'
$ClientSecret = 'YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY'

# Combine ClientId and ClientSecret for authorization header
$credPlain = '{0}:{1}' -f $ClientID, $ClientSecret
$base64auth = [Convert]::ToBase64String([Text.Encoding]::UTF8.GetBytes($credPlain))

# Request parameters
$RequestData = @{
  Method      = 'POST'
  Uri         = 'https://oauth.battle.net/token'
  ContentType = 'application/x-www-form-urlencoded'
  Body        = 'grant_type=client_credentials'
  Headers     = @{ Authorization = "Basic $base64auth" }
}

# Perform the request
$result = Invoke-RestMethod @RequestData

This script takes care of generating an access token by sending a POST request to the Battle.net OAuth endpoint. Make sure to replace the placeholders for $ClientID and $ClientSecret with your actual credentials. Remember, keeping your Client Secret safe is crucial, as it grants access to your application.

The result will look something like this:

access_token                       token_type expires_in sub                             
------------                       ---------- ---------- ---                             
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX    bearer          86399 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

As you can see, the access_token is what we need for subsequent API requests. Always keep this token secure and never share it publicly.

In addition to the access_token, you also receive a token_type, which is typically bearer, and an expires_in value, which tells you how long (in seconds) the token will be valid. In this example, the token is valid for 86399 seconds (almost 24 hours). The sub field represents the subject, which is a unique identifier for the user or client making the request.

In the past, it was sufficient to include the token directly in the URL when making a request. For example: ‘https://eu.api.blizzard.com/profile/wow/character/azshara/strandmaus?namespace=profile-eu&locale=de_DE&access_token=ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ‘ However, today it is required to include this token in the header of the request. This ensures better security and avoids exposing sensitive information in the URL.

An example of how to do this in PowerShell is shown below. Here, we will request information about my main character:

$URL = 'https://eu.api.blizzard.com/profile/wow/character/azshara/strandmaus?namespace=profile-eu&locale=de_DE'
$Header = @{
  Authorization = 'Bearer ' + $result.access_token
}

Invoke-RestMethod -Uri $URL -Headers $Header

In this example, we define the URL to access character data and set the Authorization header with the Bearer token we obtained earlier. Then, we use Invoke-RestMethod to make the request while passing the URL and headers.

With that, I wish you all a lot of fun experimenting with this. For more information, you can check out Battle.net’s official documentation.

You can also find the PowerShell modules that I wrote for the API on my GitHub. In the coming weeks, I hope to finally publish these in the PSGallery.