Skip to content
REST service for OAuth authentication with API powered by Fastify
TypeScript JavaScript
Branch: master
Clone or download

Latest commit

Fetching latest commit…
Cannot retrieve the latest commit at this time.


Type Name Latest commit message Commit time
Failed to load latest commit information.


Travis CI Build Status AppVeyor Build status Maintainability Test Coverage Greenkeeper badge

REST API service retrieving and caching OAuth access tokens from Blizzard API.

Under the hood it uses Fastify and BlizzAPI.

This API is not meant to be exposed to the internet as-is. Access tokens are intimate and volatile parts of authentication process and they should not run in the wild. This service is designed to run locally or as a part of a bigger, more secure API architecture.


  • Node.js (LTS preferred)
  • Redis server - recommended, but not required
  • API credentials


The following environment variables must be set up:

  • NODE_ENV - Node environment ('development' or 'production', default: development)
  • BAS_NODE_HOST - hostname (default: 'localhost')
  • BAS_NODE_PORT - port (default: '8080')
  • BAS_REDIS_ENABLE - enable Redis caching (default 'true')
  • BAS_REDIS_HOST - Redis hostname (default: 'localhost')
  • BAS_REDIS_PORT - Redis port (default: '6379')
  • BAS_REDIS_PASSWORD - Redis password (optional)
  • BAS_REDIS_TTL - cache TTL in seconds (Time To Live, time for which objects will be cached). Access tokens issued by API are valid for 24 hours, so it is not advisable to set TTL longer than 86400 seconds (default: 2000).
  • BAS_REDIS_DB - Redis database index to use
  • BAS_REDIS_CACHE_SEGMENT - Redis cache segment used to identify keys in database (default: 'bas')
  • BAS_BATTLENET_REGION - API region to authorize against ('us', 'eu', 'kr' or 'ch', required)
  • BAS_BATTLENET_KEY = API application key
  • BAS_BATTLENET_SECRET = API application secret

To obtain API credentials (key and secret) visit Blizzard Developer Portal.

See also .env.sample for a dotenv template.

When in development mode, the API can load environment variables from .env file in root directory.

Build and install

git clone
cd bnet-auth-service
npm install
npm run build

Start server

npm start

Available endpoints

GET /status

API health status.

Sample response:


GET /accessToken/get

Get access token either (1) from Redis cache if there is cached access token available or (2) directly from API and cache it in Redis store.

Sample response:

{"status":200,"data":{"accessToken":"access token here"}}

GET /accessToken/get?refresh=true

Get access token from API regardless of Redis cache state and cache it.

This method is meant as a fallback for service consumers to use when access token returned from previous request turns out to be invalid or expired.

Sample response:

{"status":200,"data":{"accessToken":"access token here"}}

GET /accessToken/refresh

Get access token from API and store it in Redis cache. Triggering this method will cause next GET /accessToken/get to load access token from Redis cache.

This method is designed to be used by a cron job in order to keep Redis cache warm and minimize number of API requests for a new access token.

{"status":200,"message":"Access token refreshed successfully"}


Code is available under MIT license. See LICENSE for more information.

You can’t perform that action at this time.