I have successfully acquired an access_token with the `profile:me` and `game:view:ownership` scopes enabled using the OAuth flow with API key, but I don't know how to use this endpoint to check if a user owns my game. The documentation on the itch.io website doesn't seem to cover this endpoint:

game:view:ownership – Check if the user owns a specific game. Grants access to https://api.itch.io/games/:game_id/ownership. This endpoint only works for games owned by the OAuth application creator.

When I tried using the url with the correct `game_id` like so (https://api.itch.io/games/3014960/ownership), it gives me the following error:

{"errors":["this endpoint requires an OAuth application API key"]}

Does anyone know how to use this?

Oh! I actually found the answer here:
https://github.com/itchio/itch.io/issues/1498

You have to make a GET request with the following structure:

GET /games/12345/ownership

Authorization: Bearer <user's oauth token>

Response: { "owns": true, "game_id": 12345 }

In a curl command it would look like this:

curl -X GET "https://api.itch.io/games/GAME_ID/ownership" -H "Authorization: Bearer OAUTH_ACCESS_TOKEN"

Replacing GAME_ID with the id of your game, and OAUTH_ACCESS_TOKEN with the token your user got after authenticating.

I've actually confirmed that it works for the other endpoints as well:

- `profile:me`

    - `curl -X GET "https://api.itch.io/profile" -H "Authorization: Bearer ACCESS_TOKEN"`

- `profile:games`

    - `curl -X GET "https://api.itch.io/profile/games" -H "Authorization: Bearer ACCESS_TOKEN"`

- `profile:collections`

    - `curl -X GET "https://api.itch.io/profile/collections" -H "Authorization: Bearer ACCESS_TOKEN"`

- `profile:owned`

    - `curl -X GET "https://api.itch.io/profile/owned-keys" -H "Authorization: Bearer ACCESS_TOKEN"`    

- `game:view:ownership`

    - `curl -X GET "https://api.itch.io/games/GAME_ID/ownership" -H "Authorization: Bearer ACCESS_TOKEN"`

- `game:view:rewards`

    - `curl -X GET "https://api.itch.io/games/GAME_ID/claimed-rewards" -H "Authorization: Bearer ACCESS_TOKEN"`

Thank you @Ikkengoya, I was having a hard time finding these in the docs!

Unfortunately, it seems that the `game:*` scopes only apply to the developer, so when you publish your game it probably won't work for other users. Can anyone verify this?

Do you mean this one?

game:view:ownership

curl -X GET "https://api.itch.io/games/GAME_ID/ownership" -H "Authorization: Bearer ACCESS_TOKEN"

Yeah the way I understand it, it only shows ownership of the game with GAME_ID, and the user needs to have authenticated with the oauth flow, because they need the ACCESS_TOKEN.

But it does show you if the given authenticated user owns the game that is specified with the GAME_ID.