Querying the API
Web Browser
PlayStation web services store their authentication token within a cookie in the browser, so once you have authenticated to one of the services such as the PlayStation Store you can then access any of the endpoint URLs documented here and your browser will automatically use the stored auth token. The API responds with a JSON object, so for a more friendly view you can use a web browser such as FireFox which includes a JSON parser.
In your web browser access https://store.playstation.com and log in with a PSN account.
In the same browser access one of the URLs documented here, for example: view a specific collectible
The JSON response will be displayed in the browser.
Example with FireFox which automatically parses the JSON response
Powershell 7
Powershell includes the Invoke-RestMethod cmdlet which enables you to to make a request to a URL and process the response - in this case JSON - into a Powershell object.
First configure the authentication token which you will use. See obtaining an authentication token for more detail.
Now make a request to one of the API URLs using Invoke-RestMethod. This will output the response to the screen, but you could instead store the response in a variable or pipe it elsewhere for further processing.
An example to request the PlayStation Stars profile summary for the authenticating account and output the original JSON response to the screen. Additional examples are included within the documentation for each API endpoint.
Invoke-RestMethod -Uri 'https://m.np.playstation.com/api/graphql/v1/op?operationName=metGetAccount&variables={"accountId":"me"}&extensions={"persistedQuery":{"version":1,"sha256Hash":"743c32289cdd6fbdead3b34ea80b48d63f8ddab34581469c4dda4ea412e6cf6b"}}' -Authentication Bearer -Token $token | ConvertTo-Json -Depth 5
Obtaining an Authentication Token
These instructions require PowerShell 7. Download it for Windows/Linux/Mac from https://github.com/PowerShell/PowerShell
- Open a Powershell session and paste in the following function
function Get-AuthenticationToken {
param(
[Parameter(Mandatory=$true)]
[string]$npsso
)
if ($PSVersionTable.PSVersion.Major -lt 7) {
Write-Host "This function requires PowerShell 7. Download it from https://github.com/PowerShell/PowerShell"
return
}
$body = @{
token_format="jwt"
grant_type="sso_token"
npsso=$npsso
scope="psn:mobile.v2.core psn:clientapp"
}
$contentType = "application/x-www-form-urlencoded"
$url = "https://ca.account.sony.com/api/authz/v3/oauth/token"
try {
$result = Invoke-RestMethod -Uri $url -Method Post -Body $body -ContentType $contentType -Headers @{
"Authorization"="Basic MDk1MTUxNTktNzIzNy00MzcwLTliNDAtMzgwNmU2N2MwODkxOnVjUGprYTV0bnRCMktxc1A="
}
$token = ConvertTo-SecureString $result.access_token -AsPlainText
if ($token) {
Write-Host "Authentication Token successfully granted"
return $token
}
else { Write-Host "Error: Unable to obtain Authentication Token" }
}
catch { Write-Host "Error: Unable to obtain Authentication Token (check npsso)" }
}
- In your web browser access https://store.playstation.com and log in with a PSN account.
- In the same browser access https://ca.account.sony.com/api/v1/ssocookie
You should see a response withnpssofollowed by a string of letters and numbers. Highlight and copy this.
Never share your npsso token with anyone. This code acts as authorisation to Sony's servers to enable access to information relating to your PlayStation Network account. In addition to permitting access to view information such as your PlayStation Stars membership, your trophies and your purchase and entitlement history, it may also enable personal information disclosure (ie. your real name, your date of birth). In short, if the information is visible in the PlayStation App, then it is accessible via this code. It may also, in certain circumstances, aid a sophisticated attacker in compromising your account.
Should you ever accidentally share this code, you can attempt to invalidate it by using the option to sign out of all devices.
Access and log in to the PlayStation Store web site, click your profile picture followed by Account Settings. A new page will load, under the Account section click Security. On the Security page, scroll to the bottom and click Sign Out of All Devices.
- In the PowerShell session run the following command, substituting in your npsso token copied in the previous step
$token = Get-AuthenticationToken -npsso "Hwl9Vq%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%"
The $token variable is now ready to be used in combination with Invoke-RestMethod to authenticate your requests to the API.
This will be valid for ~60 minutes after which you will need to repeat these steps to obtain an updated token.