Use application's access tokens
Send OAuth2 access tokens with Wynncraft API requests
OAuth2 access tokens are sent with the standard bearer token header:
Use the access token returned by POST /oauth/token to make authenticated requests on behalf of the authorized user.
User type
OAuth2-authenticated requests return UserType: OAUTH.
Rate limits
OAuth2 requests count as authenticated requests and use the authenticated rate limits documented on Introduction.
Rate limits apply per application user.
All tokens generated for the same user and the same OAuth2 application share the same rate-limit counters.
Inspecting the token context
Use GET /oauth/me to inspect:
- the authenticated application
- the granted scopes
- the linked player profiles available to the token
Access rules
OAuth2 applications can only bypass access rules when the user granted permission for that behavior.
That bypass only applies to the authorizing user’s own linked profiles. It does not bypass access rules for unrelated players.