Xbox Live Services API

Microsoft's Xbox Live Services REST API providing access to Xbox player profiles, gamertags, achievements, friends lists, game history, leaderboards, presence data, and social features for Xbox and Xbox Game Pass titles.

Evaluated Mar 06, 2026 (0d ago) vcurrent

Homepage ↗ Repo ↗ Developer Tools xbox microsoft-gaming xbox-live achievements gamertag gdk playtime friends

⚙ Agent Friendliness

/ 100

Can an agent use this?

🔒 Security

/ 100

Is it safe for agents?

⚡ Reliability

/ 100

Does it work consistently?

Score Breakdown

⚙ Agent Friendliness

MCP Quality

Documentation

Error Messages

Auth Simplicity

Rate Limits

🔒 Security

TLS Enforcement

100

Auth Strength

Scope Granularity

Dep. Hygiene

Secret Handling

HTTPS enforced. OAuth 2.0 with Microsoft Identity Platform is robust. XSTS tokens are user-scoped, limiting blast radius. However, the multi-step token chain increases attack surface. No fine-grained API scopes beyond user-consent-based OAuth.

⚡ Reliability

Uptime/SLA

Version Stability

Breaking Changes

Error Recovery

Best When

Building companion apps, stat trackers, or social tools for Xbox and Game Pass players where Microsoft Account OAuth is feasible to implement.

Avoid When

You need server-side API access without user interaction, or are building outside the Microsoft ecosystem — the OAuth/XSTS token flow is heavyweight for simple integrations.

Use Cases

• Retrieving Xbox player profiles and gamertag data
• Fetching achievement unlock history and completion rates for games
• Building social features using friends lists and presence data
• Displaying game history and playtime statistics
• Leaderboard queries for Xbox-enabled titles

Not For

• Non-Xbox gaming platforms (PlayStation, Steam titles without Xbox Live integration)
• Purchasing games or managing subscriptions (requires separate Commerce API)
• Server-to-server automation without user consent (XSTS tokens are user-scoped)
• Bulk data harvesting or competitive intelligence applications

Interface

REST API

Yes

GraphQL

gRPC

MCP Server

SDK

Yes

Webhooks

Authentication

Methods: oauth2

OAuth: Yes Scopes: Yes

Requires Microsoft Identity Platform (Azure AD) OAuth 2.0 to obtain a Microsoft Account token, which must then be exchanged for an Xbox Live token (XBL3.0) via a two-step process, then optionally exchanged again for a title-specific XSTS token. This three-legged token exchange is significantly more complex than standard OAuth. XBL3.0 authorization header format is non-standard: 'XBL3.0 x={userhash};{XSTSToken}'.

Pricing

Model: freemium

Free tier: Yes

Requires CC: No

Access requires enrollment in the Microsoft Game Developer Program. Free for registered developers, but approval and onboarding take time. General public access to Xbox Live APIs is not available without developer enrollment.

Agent Metadata

Pagination

cursor

Idempotent

Full

Retry Guidance

Not documented

Known Gotchas

⚠ Three-step token exchange (MSA -> XBL -> XSTS) must all succeed before any API call — token expiry at any stage requires full re-authentication
⚠ XSTS tokens are title-specific and user-scoped, meaning agents cannot make cross-user calls without separate auth flows for each user
⚠ The XBL3.0 Authorization header format is non-standard and easy to construct incorrectly
⚠ Many endpoints require the target user to have public or friends-visible privacy settings — private profiles return 403 with minimal explanation
⚠ Documentation is spread across Microsoft Learn, legacy MSDN docs, and GDK references with inconsistent content and versioning

Alternatives

steam-web-api psn-api epic-games-store-api

Full Evaluation Report

Detailed scoring breakdown, competitive positioning, security analysis, and improvement recommendations for Xbox Live Services API.

$99

API endpoint ↗ Agent guide ↗ Report inaccuracy

Scores are editorial opinions as of 2026-03-06.