How to send requests to Xbox Live Restful API?

Question

I want to send request to Profiles URIs and People URIs of Xbox Live Restful API. I can't understand the Authorization part of these two interfaces.

• POST (/users/batch/profile/settings) page said only a normal auth token and claims are needed. How to generate the auth token and what's the claims are?

I use follow command to send request to POST (/users/batch/profile/settings):

curl -X POST \
  https://profile.xboxlive.com/users/batch/profile/settings \
  -H 'Signature: xxxx' \
  -H 'Authorization: XBL3.0 x=xxxx' \
  -H 'Content-Type: application/json' \
  -H 'x-xbl-contract-version: 2' \
  -d '{
    "userIds": [
        "xxxx"
    ],
    "settings": [
        "AppDisplayName",
        "GameDisplayName",
        "Gametag",
        "AppDisplayPicRaw",
        "GameDisplayPicRaw",
        "AccountTier",
        "TenureLevel",
        "Gamescore"
    ]   
}'

The Xbox Live Restful API return 403.

• GET (/users/{ownerId}/people) page said XUID authorization is needed and also have a Authorization Header. Where to place the XUID?

I use follow command to send request to GET (/users/{ownerId}/people):

curl -X GET \
  'https://social.xboxlive.com/users/xuid(xxxx)/people' \
  -H 'Signature: xxxx' \
  -H 'Authorization: XBL3.0 x=xxxx'

It also return 403.

Are there some demos to show how to call the Xbox Live Restful API?

After some search, We should pass Signature and Authorization in the headers of requests. We can get Signature and Authorization from GetTokenAndSignatureAsync and the claims and XUID encoded in the Authorization, But it's still return 403.

Answer 1

I have follow the authenticate of xbox-webapi-python to get the Authorization header(XBL3.0 x=<uhs>,<xsts>). Just add Authorization to each Xbox Live API request beside other required headers, You can get correcttly response.

The value of Authorization also can get by getTokenAndSignatureAsync. This value is apply to all Xbox API endpoint.