I am attempting to create a web app to aid my friends and I through a traditional client/server setup where we supply the server with our Bungie.net authentication cookies and it makes the API calls through PHP/cURL. In my test environment, I can make authenticated calls using my cookies, but I cannot make authenticated calls with my friend's cookies. All I can come up with is that Bungie ties authentication to the web browser with an IP address or another identifier. Can anyone confirm or deny this? Does anyone else have a working client/server setup like this? I am sending bungleatk, bungles, bungled and setting the CSRF header. [b]UPDATE[/b] After some more testing, I have determined that my issues were caused by a bung in my own authentication code and were not related to anything on Bungie's end. Apologies.