Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Bungie.net Application Portal
The Bungie.net application portal lets you define up to 10 applications that you can name and configure. Use this portal to change your application’s name, scope, Redirect URL, Origin, and provide a link to another website that can provide more detail about your application.
You can find the portal here: https://www.bungie.net/en/Application
API Key Management
An application only needs one API key. One will be assigned to your application upon creation.
However, there are circumstances where you might like to disable an API key. For example, if you have released an application that turns out to have a bug that is causing issues, and you want to prevent it from accessing Bungie.net until you can fix it. Just disable the API key the application is using. You can create a new API key to embed in the fixed version of the application. Similarly if you discover your API key has been co-opted by another application you can disable it and replace it with a new key. Your application may have two active API keys available at the same time so that you can roll out an updated build with the new key while the old application continues to function. Once enough users have your new application, you can disable or even delete the old key.
An Authorization URL is created for each API key assigned to applications that supply a Redirect URL. Use this URL in step 1 of the Authorization flow. The Authorization Code generated is linked to API key associated with the particular Authorization URL, therefore it is necessary to use that same API key in the X-API-Key header when calling the GetAccessTokensFromCode.
An application may be in one of four states: Private, Public, or Disabled, or Blocked. Applications that are either public or private are in a functioning state and can be used with any active API keys that are associated with it. The only difference between public and private applications is discoverability. Public applications are available through search APIs and may be featured or promoted elsewhere on Bungie.net. Keep the application set to Private while it is in development or beta. You might even have two versions of the same application where you keep the yet to be released version in Private state. A disabled application will no longer function on Bungie.net.
Blocked is reserved for applications that have misbehaved in some way and need to be taken out of circulation. Only Bungie can change an application to the Blocked state. Once blocked, an application will no longer work with Bungie.net and the application may not be edited by its originator. Only Bungie may unblock an application. This will be used in exceedingly rare cases and should not be a concern to any well-meaning application developers.
Every write operation your application performs is kept in an activity log that may be inspected by the affected user. This helps the user understand what your application is doing even if it was done without direct user interaction. The activity log is accessible from the user’s profile settings under Accounts & Linking. A user may also revoke access previously granted to your application from this page. This revocation will take place the next time your application attempts to get a new Access Token from a Refresh Token. This can be reversed by taking the user back through the Authorization flow.