API Access & Token Management

API Authentication

If you want to get a lot of data or need to unblock your IP after being rate-limited, you can authenticate your API requests with a Premium+ subscription.

Your Token & Blacklist Status

API Access Status

Your API Token

Not logged in. Log in first to see your token and manage API access.

IP Blacklist Status

How to get your token manually

Go to sky.coflnet.com and log in with Google
Open your browser's developer console (F12)
Run: localStorage.getItem('googleId')
Copy the returned string — this is your Account token

Passing the token

Add the Authorization header to your API requests:

cURL:

curl -H "Authorization: Bearer YOUR_TOKEN" https://sky.coflnet.com/api/bazaar/BOOSTER_COOKIE/snapshot

Python:

import requests

headers = {"Authorization": "Bearer YOUR_TOKEN"}
response = requests.get(
    "https://sky.coflnet.com/api/bazaar/BOOSTER_COOKIE/snapshot",
    headers=headers
)
print(response.json())

JavaScript:

const response = await fetch(
  "https://sky.coflnet.com/api/bazaar/BOOSTER_COOKIE/snapshot",
  { headers: { "Authorization": "Bearer YOUR_TOKEN" } }
);
const data = await response.json();
console.log(data);

Account token vs. player API key

There are currently two different authentication mechanisms depending if you want to access general API endpoints or player-specific data:

Account token
Generated by logging in on the website and reading localStorage.getItem('googleId') (or the same value from session storage).
Use this for Premium / Premium+ gated endpoints, bazaar exports, archive access, lowball management, and automatic IP unblocking.
Preferred transport: Authorization: Bearer YOUR_TOKEN.
Player API key
Generated in-game with /cofl api and meant for /api/player/* endpoints such as /api/player/extracted, /api/player/bazaar/orders, and /api/player/bazaar/flips.
These keys currently expire after 180 days.
Accepted forms:

X-Api-Key: YOUR_PLAYER_API_KEY
x-api-key: YOUR_PLAYER_API_KEY
?apiKey=YOUR_PLAYER_API_KEY
?apikey=YOUR_PLAYER_API_KEY
?key=YOUR_PLAYER_API_KEY

Legacy header: GoogleToken: YOUR_TOKEN is still accepted by the backend for account-token authentication, but new integrations should prefer Authorization: Bearer ....

Player data example:

curl -H "X-Api-Key: YOUR_PLAYER_API_KEY" https://sky.coflnet.com/api/player/extracted

Terms of use

Free access: The API is provided free of charge.
Personal use / no redistribution (non-Premium+): For non-Premium+ users, data obtained via the API is intended for personal use only and may not be redistributed, republished, or resold in any form without explicit permission.
Premium+ — expanded usage rights: Premium+ subscribers are permitted to analyze and use data obtained from any API endpoints (including for commercial purposes) provided that the use does not create a product or service that directly competes with SkyCofl features and an active Premium+ subscription is maintained.
Prohibited uses: Providing the API data as a service, bulk redistribution, or using the data to directly compete with SkyCofl is prohibited unless agreed otherwise.

IP Blacklist & Unblocking

If you exceed the API rate limits continuously, your IP may be automatically blocked. This can happen from:

Accumulating too many rate-limit (429) violations — after 500 violations your IP is banned
Changing IPs frequently to bypass rate limits will get you banned faster
Please identify yourself in the user-agents, not doing so can get you banned quicker

How to unblock your IP

Get Premium+ at sky.coflnet.com/premium
Pass your token with API requests using the Authorization: Bearer header
Your IP will be automatically unblocked when the API sees a valid Premium+ token
Alternatively, use the unblock button above if you're logged in

Staying unblocked

Always include your Authorization: Bearer header in requests
Premium+ users are exempt from IP bans and can just download data directly so don't need to send lots of requests.
Respect the rate limit headers (X-RateLimit-Remaining, X-RateLimit-Reset) even with premium

Rate Limit Summary by Tier

Feature	Free	Premium	Premium+
General API	100 req/min, 30 req/10s	Same	Same (account-based, IP ban exempt)
Bazaar export	❌	5 units/5 min, 180 days	5 units/5 min, data since Oct 2019
Auction archive overview	❌	❌	2s delay per request
Auction archive export	❌	❌	Max 4 queued jobs, data since Oct 2019
Archive pagination	❌	❌	Available
IP ban recovery	❌	❌	Auto-unblock with token

Export cost units: A standard bazaar export costs 1 unit. A full order book export costs 3 units. You can make up to 5 units per 5-minute window.

For custom rate limits for your application, contact us on Discord.