I am using the PHP code directly from [url]http://bungienetplatform.wikia.com/wiki/Authentication[/url] to handle the authentication process. It works. '[i]do_webauth()[/i]' returns true, and I get a cookie file filled with all the right things. Then, I search the cookies and find the value for 'bungled'. This works. It looks just like the value in the file. I put it in a variable called $bungled_cookie_val Now, I want to use those cookies. I am trying the GetCharacter endpoint described here: [url]http://bungienetplatform.wikia.com/wiki/GetCharacter[/url]. I am identifying my platform, my bungie account, and one of my characters in the URL. [spoiler] $ch = curl_init(); curl_setopt_array($ch, $default_options); curl_setopt($ch, CURLOPT_URL, "http://www.bungie.net/Platform/Destiny/2/Account/4611686018429112225/Character/2305843009216625690/Complete/"); curl_setopt($ch, CURLOPT_HTTPHEADER, array( 'X-API-Key: ' . BUNGIE_API_KEY, 'X-CSRF: '.$bungled_cookie_val )); curl_setopt($ch, CURLINFO_HEADER_OUT, true); curl_setopt($ch, CURLOPT_HEADER, true); $result = curl_exec($ch); $header_sent = curl_getinfo($ch, CURLINFO_HEADER_OUT ); curl_close($ch); echo "Headers sent to Bungie:<br>"; echo "<pre>$header_sent</pre><hr>"; echo "Bungie's response:"; echo "<pre>$result</pre>"; die; [/spoiler] You can see I am including the same cookie file (it is in $default_options), and I have included both my API key, and the X-CSRF values. The output looks like this: [spoiler] Headers sent to Bungie: GET /Platform/Destiny/2/Account/4611686018429112225/Character/2305843009216625690/Complete/ HTTP/1.1 Host: www.bungie.net Accept: */* Cookie: bungled=[REDACTED]; bungledid=B5S1.......sSaXv8tnTSCAAA; bunglefrogblastventcore=1434288303; bungleloc=lc=en&lcin=true; sto-id-sg_www.bungie.net=JMAKHPAK; __cfduid=da2c71770d916986dca6716c4e559ce6b1434285868 X-API-Key: [REDACTED] X-CSRF: [REDACTED, but same as bungled cookie value above] Bungie's response: HTTP/1.1 200 OK Date: Sun, 14 Jun 2015 13:25:03 GMT Content-Type: application/json; charset=utf-8 Content-Length: 125 Connection: keep-alive Cache-Control: private Expires: -1 X-BungieNext-MID2: 06 X-BungieNext-Renderer: Frog Blast the Ventcore X-UA-Compatible: IE=edge X-Ventcore-Status: 99 Access-Control-Allow-Origin: http://www.bungie.net Set-Cookie: bunglefrogblastventcore=; expires=Mon, 14-Jun-2010 13:25:03 GMT; path=/; HttpOnly X-SelfUrl: http://www.bungie.net/Platform/Destiny/2/Account/4611686018429112225/Character/2305843009216625690/Complete/ X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN Server: cloudflare-nginx CF-RAY: 1f665be8d619086e-IAD {"ErrorCode":99,"ThrottleSeconds":0,"ErrorStatus":"WebAuthRequired","Message":"Please sign-in to continue.","MessageData":{}} [/spoiler] I feel like I am sooooo close to getting this. But hours of tinkering have refused to produce positive results. What am I missing?