Public API

JSON endpoints for the realm's public-facing data — current online roster, rated PvP leaderboards, character profiles. Open to any origin (CORS *), no auth, modestly cached. Build a Discord bot, a streamer overlay, an external tracker — all welcome.

Endpoints: /api/online · /api/news · /api/leaderboards/<bracket> · /api/character/<name> · /api/search/chars · /api/register · /api/login · /api/balance
GET https://aeterniumclan.de/api/online

Snapshot of all characters currently online. The top-level online_count is the realm-wide total (not the page); characters[] is capped by limit (default 100, max 500), highest level first.

Query parameters
limit — integer, 1..500, default 100
// example response { "online_count": 42, "alliance": 25, "horde": 17, "characters": [ { "name": "Tester", "level": 90, "race": 1, "class": 4, "gender": 0, "guild": "Frost" } ] }
GET https://aeterniumclan.de/api/news

The latest published news. Always returns the most recent 3 posts (newest first) in posts[]; latest is the most recent one.

// example response { "count": 1, "latest": { "id": 12, "slug": "patch-7-3-5", "title": "Patch 7.3.5", "excerpt": "What's new…", "body": "## Patch 7.3.5\nFull post text in Markdown…", "body_html": "<h2>Patch 7.3.5</h2>…", "icon": "bi-megaphone", "author": "Admin", "published_at": "2026-06-03 12:00:00", "url": "https://aeterniumclan.de/news/patch-7-3-5" }, "posts": [ /* … */ ] }
GET https://aeterniumclan.de/api/leaderboards/<bracket>

Top-N rated PvP ladder for the bracket, current season. Bots excluded. Returns the current season number in the response so you can attach it to your output.

Path
bracket2v2 · 3v3 · rbg
Query parameters
limit — integer, 1..100, default 20
// GET /api/leaderboards/3v3?limit=5 { "bracket": "3v3", "season": 14, "top": [ { "rank": 1, "name": "Tester", "level": 90, "race": 1, "class": 4, "gender": 0, "rating": 2400, "wins": 120 } ] }
GET https://aeterniumclan.de/api/character/<name>

Single character profile by name. Returns 404 { "error": "not_found" } for unknown names.

Path
name — character name, 1..12 letters
// GET /api/character/Tester { "name": "Tester", "level": 90, "race": 1, "class": 4, "gender": 0, "online": false, "guild": "Frost", "zone": 5841, "honorable_kills": 1234, "total_playtime_seconds": 98765, "last_logout": 1716000000 }
POST https://aeterniumclan.de/api/register

Registriert einen neuen Account mit E-Mail + Passwort — identisch zur Website-Registrierung (Battle.net-Account + Spielaccount <id>#1). Gibt direkt einen Bearer-Token zurück, sodass der Launcher sofort angemeldet ist. IP-gedrosselt (max. 3/Stunde). Body als JSON oder application/x-www-form-urlencoded.

Body-Felder
email — gültige E-Mail (= Login-Name)
password — 6–16 Zeichen
// POST /api/register (JSON-Body) { "email": "neuer@spieler.de", "password": "********" } // Antwort 201 { "success": true, "account": { "id": 123, "username": "123#1", "email": "neuer@spieler.de" }, "token": "a1b2c3…<64 Hex>", "token_type": "Bearer", "expires_at": "2026-07-07 12:00:00" }

Fehler: 400 missing_fields / invalid_email / invalid_password · 409 email_taken · 429 rate_limited · 405 method_not_allowed.

POST https://aeterniumclan.de/api/login

Anmeldung mit Benutzername (oder E-Mail) + Passwort. Gibt bei Erfolg einen Bearer-Token zurück, mit dem authentifizierte Endpunkte wie /api/balance abgefragt werden. Brute-Force-geschützt; Accounts mit aktiver 2FA müssen twofa_code mitsenden. Body als JSON oder application/x-www-form-urlencoded.

Body-Felder
username — Benutzername oder E-Mail
password — Passwort
twofa_code — optional, nur bei aktiver 2FA
// POST /api/login (JSON-Body) { "username": "deine@email.de", "password": "********" } // Antwort 200 { "success": true, "token": "a1b2c3…<64 Hex>", "token_type": "Bearer", "expires_at": "2026-07-07 12:00:00", "account": { "id": 123, "username": "123#1" } }

Fehler: 400 missing_credentials · 401 invalid_credentials · 401 twofa_required / twofa_invalid · 429 rate_limited · 405 method_not_allowed.

GET https://aeterniumclan.de/api/balance

Battle-Pay-Coins des angemeldeten Accounts. Erfordert den Token aus /api/login im Header Authorization: Bearer <token> (alternativ ?token=… als Fallback).

Authentifizierung
Authorization: Bearer <token>
// GET /api/balance (Header: Authorization: Bearer …) { "success": true, "account": { "id": 123, "username": "123#1" }, "battle_pay": 1500 }

Fehler: 401 missing_token / invalid_token / token_expired · 404 account_not_found.

ID reference

class: 1 Warrior · 2 Paladin · 3 Hunter · 4 Rogue · 5 Priest · 6 DK · 7 Shaman · 8 Mage · 9 Warlock · 10 Monk · 11 Druid

race: 1 Human · 2 Orc · 3 Dwarf · 4 Night Elf · 5 Undead · 6 Tauren · 7 Gnome · 8 Troll · 9 Goblin · 10 Blood Elf · 11 Draenei · 22 Worgen · 25 Pandaren (A) · 26 Pandaren (H)

gender: 0 male · 1 female

Policy

No game-economy mutations. No AH, mail or gold changes via the API — that's a hard locked decision, never coming. The only writes are account creation (/api/register) and token issuance (/api/login).

Public data: no auth, no rate limit, no API keys. Same data the public Armory / Leaderboards / Who's Online pages already render. CORS * so any origin can fetch.

Account endpoints (/api/register, /api/login, /api/balance) are guarded. Register and login are rate-limited; /api/balance needs a Bearer token tied to the account. Keep the token secret — treat it like a password.

Cached. Cache-Control max-age 20–60s on each endpoint. Don't pound it — your bot won't get faster data.

Best-effort, no SLA. Endpoints may return 503 when the characters DB is temporarily unavailable. Always check the HTTP status.

Quick examples

curl

curl -s https://aeterniumclan.de/api/online | jq '.online_count'

JavaScript (Discord.js / browser)

const res = await fetch('https://aeterniumclan.de/api/leaderboards/3v3?limit=5'); const data = await res.json(); data.top.forEach(p => console.log(`#${p.rank} ${p.name} (${p.rating})`));