Compartilhar via

POST (/batch)

POST method that functions as a GET method for complex batch requests for multiple player statistics across multiple titles. The domain for these URIs is


Title developers can mark statistics as open or restricted with Partner Center. Leaderboards are open statistics. Open statistics can be accessed by Smartglass, as well as iOS, Android, Windows, Windows Phone, and web applications, as long as the user is authorized to the sandbox. User authorization to a sandbox is managed through Partner Center.


The caller provides a message body with an array of users, service configuration IDs (SCIDs) and a list of statistic names per SCIDs for which to retrieve those statistics.

You may find it more useful to review the simple, single-statistic GET method before you read this more complex, batch-mode page.


There is authorization logic implemented for content-isolation and access-control scenarios.

  • Both leaderboards and user statistics can be read from clients on any platform, provided that the caller submits a valid XSTS token with the request. Writes are obviously limited to clients supported by the .
  • Title developers can mark statistics as open or restricted with Partner Center. Leaderboards are open statistics. Open statistics can be accessed by Smartglass, as well as iOS, Android, Windows, Windows Phone, and web applications, as long as the user is authorized to the sandbox. User authorization to a sandbox is managed through Partner Center.

The following example is pseudo-code for the check:

If (!checkAccess(serviceConfigId, resource, CLAIM[userid, deviceid, titleid]))
        Reject request as Unauthorized

// else accept request.

Required Request Headers

Header Type Description
Authorization string Authentication credentials for HTTP authentication. Example value: "XBL3.0 x=<userhash>;<token>".

Optional Request Headers

Header Type Description
X-RequestedServiceVersion Build name/number of the service to which this request should be directed. The request will only be routed to that service after verifying the validity of the header, the claims in the authentication token, and so on. Default value: 1.

Request body

Sample request

the following POST body informs the service that four statistics are being requested from two different SCIDs for two different users.

"requestedusers": [
            "requestedscids": [
                    "scid": "c402ff50-3e76-11e2-a25f-0800200c1212",
                    "requestedstats": [
                    "scid": "c402ff50-3e76-11e2-a25f-0800200c0343",
                    "requestedstats": [

HTTP status codes

The service returns one of the status codes in this section in response to a request made with this method on this resource. For a complete list of standard HTTP status codes used with Xbox Live Services, see Standard HTTP status codes.

Code Reason phrase Description
200 OK The session was successfully retrieved.
304 Not Modified Resource not been modified since last requested.
400 Bad Request Service could not understand malformed request. Typically an invalid parameter.
401 Unauthorized The request requires user authentication.
403 Forbidden The request is not allowed for the user or service.
404 Not Found The specified resource could not be found.
406 Not Acceptable Resource version is not supported.
408 Request Timeout Resource version is not supported; should be rejected by the MVC layer.

Response body

Sample response

	  "xuid": "123456789"
        "gamertag": "WarriorSaint",
             "stats":  [
             "stats":  [
             "stats":  [
             "stats":  [

See also

