Starting March 2026, we will be enforcing changes to our API usage.Server side applications will need an API Key to access our resources.Client-side applications (including userscripts) will require a session cookie, which requires a visit to itemdb.com.br every 24 hours (for non-logged-in users) or every 14 days (for logged-in users). Checking if changes are needed#
During the transition period, our API will accept any requests. If your request is not compliant with the new rules it will be blocked in the future.You can check for the presence of x-itemdb-block header at the response. This indicates that changes are required to prevent future issues.Some endpoints are exempt from any changes (notably the Widget). You will notice the x-itemdb-skip header at thoseClient Side Applications#
You will need to send cookies with your request. If using Fetch, you need to add credentials: "include"Some domains may need to be whitelisted to avoid CORS issues when using fetch. Hit us at lucca[at]itemdb.com.br if that's your case.Userscripts can leverage the GM_xmlhttpRequest function and probably no other changes are required.After the session expires, users will need to visit itemdb.com.br again to get a new session cookie. Until then the api will return status code401
Be mindful when fetching items or you might trigger the Rate Limit. Learn more Server Side Applications#
You will need to generate an API Token using an API Key. This key will be linked to your itemdb account and can be revoked if used against our Terms of UseDo NOT use API Tokens/Keys on client side (especially userscripts...)
/api/auth/token endpoint sending your key using the x-itemdb-key header.You will receive a JSON Web Token (JWT) as response. Send this token using x-itemdb-token header.API Tokens are short lived, you will need to generate a new one every 60 minutes.
Learn more about JWTs lucca[at]itemdb.com.brYou can use a function like this to get your tokens 