The vast majority of unofficial APIs work just fine anyway.
The first most important step is to read the Term of Use carefully, if any.
If there are no restrictions, you begin to outline the your service, checking what Microsoft offers as a resource for players and thereby outlining their own well-defined URIs.
An API must be as descriptive as possible so that you only have a sense of what will be returned from reading the URI.
Once prepared, you can make your service work with that basic good-by-nowaday routine (MVC, ...).
Time to consider security. An even public API requires security even so you can control the flow of data and prevent someone from having a more successful service at your expense.
The simplest means is with tokens where the consumer programmer registers the desire to use his API and his system returns an authorization key which the programmer sends to each request.
>
Then you begin to study the source code of the pages of the resources, analyzing with some parser (X) (HT) ML or regularly (ER). With the parser , depending on the language, it may be more laborious, but it is more ideal since if the original developer (Microsoft) changes a double quotation mark to its simple API it may not work anymore. p>
Depending on the case, you may even need to cache the requests, per user ID, perhaps to decrease both the number of requests made and the bandwidth consumed by the programmers using your API.
Good studies:)