gw2.me
by gw2treasures.com
Login

Best Practices

These are some best practices you should follow when integrating gw2.me into your application.

Scopes

Always require the minimal scopes your application needs to function. You can use Incremental Authorization to request more optional scopes for advanced workflows later. Do not include scopes your application might need only in the future, instead reauthorize the user once your application includes the feature that require more scopes.

State

Always use the state for User Authorization to prevent Cross-Site Request Forgery (CSRF) attacks.

Invalid Tokens

Access and refresh tokens can become invalid for a number of reasons. Handle errors in your application and either refresh invalid access tokens or restart the authorization flow to get fresh tokens.

Prompt

Do not use prompt=consent for user login (see User Authorization). Without setting the prompt users who have already authorized your application will not be show the consent screen again and the login flow is faster and less disruptive.

If you want to allow users to change the account selection, consider adding a "Manage accounts" button after login that starts the flow with prompt=consent in your application instead.

Security

Make sure your application follows security best practices and does not leak any user data.

Branding

Follow our branding guidelines.

gw2.me by gw2treasures.com © 2024
Developer DocumentationLegal NoticePrivacy Policy

This site is not affiliated with ArenaNet, Guild Wars 2, or any of their partners. All copyrights reserved to their respective owners.

© ArenaNet LLC. All rights reserved. NCSOFT, ArenaNet, Guild Wars, Guild Wars 2, GW2, Guild Wars 2: Heart of Thorns, Guild Wars 2: Path of Fire, Guild Wars 2: End of Dragons, and Guild Wars 2: Secrets of the Obscure and all associated logos, designs, and composite marks are trademarks or registered trademarks of NCSOFT Corporation.