How to interact with XBox API using PHP and cURL

Question

I am trying to learn how to interact with the unofficial xbox api (xboxapi.com) but I can't seem to figure out how to use it. The documentation is very scarce. This is my most recent (and what i thought best) attempt.

<?php
$gamertag = rawurlencode("Major Nelson");

$ch = curl_init("http://www.xboxapi.com/v2/xuid/" . $gamertag);

$headers = array('X-Auth: InsertAuthCodeHere', 'Content-Type: application/json');

curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1 ); # return into a variable
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers ); # custom headers, see above
$xuid = curl_exec( $ch ); # run!
curl_close($ch);

echo $xuid;


?>

Upon running the above I get "301 Moved Permanently". Can anyone see what i am doing wrong? Thanks.

@RamRaider That was a good observation, but it still doesn't work even after changing it to https. — Tristan, Jul 27 '16 at 05:02
have you tried `https://xboxapi.com/v2/accountXuid/` rather than `http://www.xboxapi.com/v2/xuid/`? seems the closest — Professor Abronsius, Jul 27 '16 at 05:18
@RamRaider accountXuid is used to return the XUID of my personal Xbox account that I have linked to the API. — Tristan, Jul 27 '16 at 05:22
oh yes - I now see in the docs the endpoint. Using `https://xboxapi.com/v2/xuid/Major%20Nelson` gave me an error regarding `No API Key provided or invalid API Key` — Professor Abronsius, Jul 27 '16 at 05:28
@RamRaider Yes.. Which is why I provide the X-Auth key in the header, like the documentation states to do for Messages and Activity Feed. In the code above I have `InsertAuthCodeHere` but when I actually run it, I provide my authentication key. — Tristan, Jul 27 '16 at 05:40
I signed up so I could test but I would need an XBox Live account too - my point though was using the url you initially used gave a 302 but the one I tried last merely required authorisation headers ( which I couldn't give ) so perhaps try using `https://xboxapi.com/v2/xuid/` as the endpoint rather than `http://www.xboxapi.com/v2/xuid/`..... good luck — Professor Abronsius, Jul 27 '16 at 05:42

Will B. · Accepted Answer · 2016-07-27T15:32:32.757

2

You need to replace xuid with your actual xbox profile user id. Additionally replace InsertAuthCodeHere with your API auth code. You can find both on your xboxapi account profile after logging into xbox live.

See: https://xboxapi.com/v2/2533274813081462/xboxonegames

Update - Guzzle

I was able to get it working with Guzzle, works with http or https

require __DIR__ . '/vendor/autoload.php';
require_once __DIR__ . '/config.php'; //defines XboxAPI_Key
$gamertag = isset($_GET['gamertag']) ? urldecode($_GET['gamertag']) : 'Major Nelson';
$url = 'http://xboxapi.com/v2/xuid/' . rawurlencode($gamertag);
$guzzle = new GuzzleHttp\Client();
$response = $guzzle->get($url, [
    'headers' => [
        'X-Auth' => XboxAPI_Key,
        'Content-Type' => 'application/json'
    ],
]);
echo $response->getBody(); //2584878536129841

Update 2 - cURL

The issue is related to validating the SSL certificate via CURLOPT_SSL_VERIFYPEER => false and the redirect from http://www. to https:// occurring which is enabled with CURLOPT_FOLLOWLOCATION => true

require_once __DIR__ . '/config.php';
$gamertag = isset($_GET['gamertag']) ? urldecode($_GET['gamertag']) : 'Major Nelson';
$url = 'http://www.xboxapi.com/v2/xuid/' . rawurlencode($gamertag);
/**
 * proper url for no redirects
 * $url = 'https://xboxapi.com/v2/xuid/' . rawurlencode($gamertag);
 */
$options = [
    CURLOPT_RETURNTRANSFER => true, // return variable
    CURLOPT_FOLLOWLOCATION => true, // follow redirects
    CURLOPT_AUTOREFERER => true, // set referrer on redirect
    CURLOPT_SSL_VERIFYPEER => false, //do not verify SSL cert
    CURLOPT_HTTPHEADER => [
        'X-Auth: ' . XboxAPI_Key
    ]
]; 
$ch = curl_init($url);
curl_setopt_array($ch, $options);
$content = curl_exec($ch);
echo $content;  //2584878536129841

edited Jul 27 '16 at 15:32

answered Jul 27 '16 at 04:55

Will B.

17,883
4
67
69

I am trying to get the XUID of users when I only know their gamertag. – Tristan Jul 27 '16 at 04:57
Got ya, then you'll need to replace `InsertAuthCodeHere` with your API key from your profile. – Will B. Jul 27 '16 at 04:58
I have. I just removed it from the post to keep it private. – Tristan Jul 27 '16 at 05:01
Since this is for a XenForo add-on, on a web host that I have no control of, I do not think I can use Guzzle. Unless I misunderstand. – Tristan Jul 27 '16 at 05:57
Unsure of the scope of XenForo or how you would deploy your application with it. I am looking into the specific issue with your cUrl request, as not much should change beyond `Guzzle` and `cUrl` – Will B. Jul 27 '16 at 06:10
I have no access to install/use guzzle on my shared host. EDIT: Sorry, can you install guzzle and use it through FTP? I really don't know anything about it or how to use it. – Tristan Jul 27 '16 at 06:22
Guzzle is just a 3rd party PHP library, `composer.phar` would be the one that would be difficult to install and update your dependencies. – Will B. Jul 27 '16 at 06:27
I can't recreate this.. Keep getting an error: `E_WARNING : type 2 -- curl_setopt_array(): CURLOPT_FOLLOWLOCATION cannot be activated when an open_basedir is set -- at line 14` – Tristan Jul 27 '16 at 06:42
Change the URL to the one in the commented out code to avoid the redirects. `https://xboxapi.com/v2/xuid/` then remove the `CURLOPT_FOLLOWLOCATION ` line. Otherwise see: http://stackoverflow.com/questions/6918623/curlopt-followlocation-cannot-be-activated – Will B. Jul 27 '16 at 13:04
Additionally you may be able to do `ini_set('open_basedir', null);` before the curl call. since `open_basedir` is changeable via `PHP_INI_ALL` – Will B. Jul 27 '16 at 13:14
I changed the url to `https://www.xboxapi.com/v2/xuid/`, removed the `CURLOPT_FOLLOWLOCATION`, and added `ini_set('open_basedir', null);` before the curl execution. I get the following: `You input disabled function(s) by PhpFiddle : ini_set('open_basedir', null)`. Without setting `open_basedir` I get the same "Moved Permanently" error. – Tristan Jul 27 '16 at 18:18
Look at the comment in my answer and comment I proved earlier, you need to exclude `www.` from the URL The issue with using `CURLOPT_FOLLOWLOCATION` was due to `open_basedir` being defined, which looks like is protected by `PhpFiddle`, so you can't use the `CURLOPT_FOLLOWLOCATION` to fix the redirecting of the API. – Will B. Jul 27 '16 at 21:07
In the other stackoverflow question I linked in my comment, there are answers that provide a solution to hunting for the resulting URL after the redirects, but seems more appropriate to set the correct URL. – Will B. Jul 27 '16 at 21:12

score 0 · Answer 2 · answered Jul 27 '16 at 19:26

0

I got an answer. We were missing required curly braces. Working code:

$gamertag = rawurlencode("Major Nelson");

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,"https://xboxapi.com/v2/xuid/{$gamertag}");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, [
    "X-Auth: InsertAuthCode",
]);

$output = curl_exec($ch);

curl_close ($ch);

print $output;

answered Jul 27 '16 at 19:26

Tristan

1,608
1
20
34

The curly brackets will not affect the result of the url. The URL without `www.`... was your issue, as I noted in my answer. EG: `"a" . $gamertag` is the same as `"a$gamertag"` is the same as `"a{$gamertag}"` See: http://ideone.com/rNeinC – Will B. Jul 27 '16 at 21:20

How to interact with XBox API using PHP and cURL

2 Answers2

Linked