All API requests must be accompanied by a developer key. This key is a unique identifier to an individual developer and you should not share it with anyone else.

Authenticated Requests

You must authenticate your requests using custom headers. Add a key named auth with value <token> to your header when you make your requests.

Additionally, we support Bearer Token authorization. Bearer tokens use a field named Authorization with value Bearer <token> in the header.


Set your token as an environment variable or save it as part of the Authorization setting in your Postman Collection settings so you don’t need to ever type it again.

Key Management

  1. Once issued, your key will be active.
  2. Your developer key will remain active as long as you remain a user on our Discord server. Your key will be automatically disabled once you have left the server.
  3. We reserve the right to permanently blacklist keys / developers who have been shown to abuse the API with requests.

Generating new keys

You can obtain and manage your developer key on our discord serveropen in new window.

  1. Ensure you have the Allow Direct Messages from server members option in Privacy Settings checked.
  2. Go to the #developer-key channel.
  3. Type ?crapikey get
  4. The bot will send you a DM (direct message) with your key.

Forgotten keys

To get a reminder of your developer key, visit the Discord channel above and type ?crapikey get again and the bot will remind you with a DM again.

Removing keys

Simply generate a new one and it will invalidate all existing keys.

Code examples

Here are some code snippets on how to add custom headers in different languages.



curl --header "auth: a1234.567.890"
curl -X GET \ \
  -H 'Authorization: Bearer a1234.567.890' \


public string Get(string url)
    WebHeaderCollection headers = new WebHeaderCollection();
    headers.Add($"auth: {AuthToken}");
    HttpWebRequest getRequest = (HttpWebRequest)WebRequest.Create(url);
    getRequest.Method = "GET";
    getRequest.Headers = headers;
    WebResponse apiResponse = getRequest.GetResponse();
    StreamReader reader = new StreamReader(apiResponse.GetResponseStream(), Encoding.UTF8);
    string responseString = reader.ReadToEnd();

    return responseString;

C# RestSharp

var client = new RestClient("");
var request = new RestRequest(Method.GET);
request.AddHeader("auth", "a1234.567.890");
IRestResponse response = client.Execute(request);


OkHttpClient client = new OkHttpClient();

Request request = new Request.Builder()
  .addHeader("auth", "a1234.567.890")

Response response = client.newCall(request).execute();

Java Unirest

HttpResponse<String> response = Unirest.get("")
  .header("auth", "a1234.567.890")

Javascript jQuery AJAX

We don’t recommend that you access the API on the client side as you will be exposing your token publicly. However, this is how you would do it with jQueryopen in new window:

var settings = {
  "async": true,
  "crossDomain": true,
  "url": "",
  "method": "GET",
  "headers": {
    "auth": "a1234.567.890"

$.ajax(settings).done(function (response) {


const request = require("request");
request('', {headers: {auth: 'a1234.567.890'}})

Detailed example:

var request = require("request");

var options = { method: 'GET',
  url: '',
  headers: { auth: 'a1234.567.890' }

request(options, function (error, response, body) {
  if (error) throw new Error(error);



$token = "a1234.567.890";
$opts = [
    "http" => [
        "header" => "auth:" . $token

$context = stream_context_create($opts);

$test = file_get_contents("",true, $context);

PHP HttpRequest


$request = new HttpRequest();

  'auth' => 'a1234.567.890'

try {
  $response = $request->send();

  echo $response->getBody();
} catch (HttpException $ex) {
  echo $ex;

PHP pecl_http


$client = new http\Client;
$request = new http\Client\Request;

  'auth' => 'a1234.567.890'

$response = $client->getResponse();

echo $response->getBody();

Python http.client (Python 3)

import http.client

conn = http.client.HTTPConnection("")

headers = {
    'auth': "a1234.567.890",

conn.request("GET", "/clan/2CCCP", headers=headers)

res = conn.getresponse()
data =


Python (aiohttp)

Asynchronous python using the aiohttpopen in new window library.

import aiohttp
headers = {"auth": "a1234.567.890"}
url = ""
async with aiohttp.ClientSession() as session:
    async with session.get(url, headers=headers) as resp:
        data = await resp.json()

Python (requests)

Synchronous (blocking) Python using the requestsopen in new window library.

import requests

url = ""

headers = {
    'auth': "a1234.567.890"

response = requests.request("GET", url, headers=headers)

data = response.json()

Ruby (NET::Http)

require 'uri'
require 'net/http'

url = URI("")

http =, url.port)

request =
request["auth"] = 'a1234.567.890'

response = http.request(request)
puts response.read_body

Swift (NSURL)

import Foundation

let headers = [
  "auth": "a1234.567.890",
  "Cache-Control": "no-cache",

let request = NSMutableURLRequest(url: NSURL(string: "")! as URL,
                                        cachePolicy: .useProtocolCachePolicy,
                                    timeoutInterval: 10.0)
request.httpMethod = "GET"
request.allHTTPHeaderFields = headers

let session = URLSession.shared
let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in
  if (error != nil) {
  } else {
    let httpResponse = response as? HTTPURLResponse

Last Updated:
Contributors: SML, fourjr, fourjr, abin-raj, smlbiobot, unknown