Welcome to the GunBroker.com REST API!

To see a full list of URLs that are available, use the top menu Available URLs.

To see the common objects that get returned from some of our URLs, use the top menu Objects.

Certain URLs have limited access. Entering your DevKey above will allow you to see the help for all URLs permitted from your DevKey.


To use our REST API, you must sign up for a DevKey.

NOTE: If you are a GunBroker.com SOAP user, your SOAP DevKey will not work on our REST site.

Please read the Terms and Conditions before signing up.

To request updates to your DevKey, please email [email protected]. Please allow up to 3 days for DevKey activation.

If you are unfamiliar with the website, please use www.sandbox.GunBroker.com to familiarize yourself with the functionality of GunBroker.com. You may also visit the GunBroker.com Help Center.

Request Rules

X-DevKey Header

A DevKey is a unique indentifying value that GunBroker.com provides for developing applications that make calls to the REST API. It is required for all calls and provides GunBroker.com a way of managing who is developing against the REST API to better protect user data.

example: X-DevKey:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

X-AccessToken Header

The X-AccessToken Header is used to verify that the end user making the request has the rights to do so. The client application can acquire a token by making a POST to the Users/AccessToken endpoint with the username and password of the GunBroker.com user. The token should then be passed in the X-AccessToken header of each subsequent request that requires authorization.

The token is a string with an arbitrary length. The token will expire after a period of inactivity or based on other criteria defined by GunBroker.com. The client application should be prepared for a 401 Unauthorized response code. When a 401 response is received, the token is no longer valid and the client application must POST to the Users/AccessToken endpoint again in order to acquire a new token. A token can be manually deactivated by making a DELETE request to the Users/AccessToken endpoint.

example: X-AccessToken: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

URL Versioning

Use the root URL with the version segment https://api.gunbroker.com/v1/ when accessing the REST API from your aplications. The currently available version is "v1". If breaking changes are made in the future, a "v2" version will be released. When that happens, the "v1" version of the API will remain available for a limited period of time to allow for refactoring of applications to use "v2".

For example, to get a list of items matching a keyword, use this URL:
https://api.gunbroker.com/v1/Items?Keywords=ruger

NOTE: As a user of the REST API, we strongly suggest you make the URL to the GunBroker.com REST API easily configurable in whatever program you create.

REST Tools

There are many third party products on the market that help you make REST API request. Here is a list of a few.

Support

Please note that GunBroker.com does not provide technical assistance unless it is believed to be a defect in the REST API.

For additional information and resources, you can visit our REST content area.