Blue Tracker
World of Warcraft Blue Posts
Diablo II: Resurrected Blue Posts
Diablo III Blue Posts
Hearthstone Blue Posts
Overwatch Blue Posts
Heroes of the Storm Blue Posts
Diablo IV Blue Posts
BlizzCon Blue Posts
Warcraft Rumble Blue Posts

Authenticating Key Issues

Forum Avatar
Mature
#1 - July 30, 2011, 10:03 p.m.
Blizzard Post
Wondering if any developers of other libraries that have received a public/private key to test with have many any verifiable progress? The process of building the authenticated header is pretty straight-forward, and I see a number of other libraries have built it in (C#, PHP, Java, etc.)...but I'm curious if any of those libraries have actually verified that their authenticated header works.

I've been working with a public/private key that Straton sent over and have been trying several dozen techniques on putting the authenticated request together and sending it over--all of which result in a "Invalid Application Signature". I have set up a test bed for him to help troubleshoot but as you might imagine, he's bogged down with his own work at present, and has little time to assist.

If you have a verified authenticated request working, shoot me a msg please...thanks!
Forum Avatar
Straton
Web & Mobile Team
#12 - Aug. 2, 2011, 4:38 p.m.
Blizzard Post
If you're not sure your authentication code is working, try this tester:

http://everynothing.net/bnetauthtest.php

Make an authenticated request using the keys and URL supplied on that page and it'll return some debug information on whether your implementation is correct.


Just a quick disclaimer that Blizzard can't ensure that third party authentication test services are accurate.

The quickest way to verify that an authenticated request works is to make an authenticated request and see if an error is returned.
Forum Avatar
Straton
Web & Mobile Team
#16 - Aug. 4, 2011, 1:44 a.m.
Blizzard Post
08/03/2011 05:26 PMPosted by Mature
And, with all do respect to Blizzard, I fully support the notion that we should be testing against Blizzard's servers--the only downside is that if it fails, there's no mechanism in place to describe why: (missing headers? date incorrectly formatted? signature incorrect? invalid keys, etc...), so any additional tools the community provides is of tremendous value.


The API does indicate the difference between

  • Invalid or broken "Authorization" header
  • An invalid application key
  • An invalid signature