Register your title in the PlayStation Partners development portal to obtain a client ID and client secret for the PSN OAuth 2.0 authorization server.
Initiate the OAuth 2.0 authorization code flow by directing the player to the PSN authorization endpoint; specify the required scopes (e.g., psn:s2s for server-to-server, openid for identity).
Exchange the returned authorization code for an access token and ID token by calling the PSN token endpoint from your server, keeping the client secret server-side.
Validate the ID token (JWT) by verifying its signature against PSN's published JWKS endpoint and confirming the audience and issuer claims match your title.
Use the access token to call PSN platform APIs (e.g., user profile, friends list) from your server; include the token in the Authorization header as a Bearer token.
Implement token refresh using the refresh token before expiry; PSN access tokens have a limited lifetime and silent re-authentication via refresh avoids disrupting the player.
Known gotchas
PSN developer API access requires an active PlayStation Partners agreement; public documentation describes the OAuth flow, but actual API endpoints require approved partner credentials.
Cross-platform identity linking (PSN account to your title account) must be handled carefully to avoid duplicate accounts; always check for existing links before creating a new association.
PSN token scopes are additive and must be requested explicitly; requesting insufficient scopes results in 403 errors when calling APIs that require scopes not present in the token.
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp