X CSRF

What is X-CSRF?

X-CSRF is a HTTP header you must provide to make use of private endpoints. It is a security measure to prevent Cross Site Request Forgeries (CSRF attacks).

What value do I put in it?

The exact value of the bungled cookie.

X-CSRF: bungled-cookie-value

ErrorCode 99

If you try to make use of a private endpoint without including a valid X-CSRF header and token, you will receive a "Please sign-in to continue." response.

{
   "ErrorCode":99,
   "ThrottleSeconds":0,
   "ErrorStatus":"WebAuthRequired",
   "Message":"Please sign-in to continue.",
   "MessageData":{

   }
}

A community run wiki for the Bungie.net Platform APIs.

What is X-CSRF?

What value do I put in it?

ErrorCode 99