For AI agents: a documentation index is available at the root level at /llms.txt and /llms-full.txt. Append /llms.txt to any URL for a page-level index, or .md for the markdown version of any page.
Create tokenDev Discord
  • Get started
    • Introduction
    • Authentication
    • API Privacy
    • Exceptions
    • Dev Discord
  • Modules
  • Changelog
    • v3.7.2 - OAuth2
    • v3.7.1
    • v3.7
    • v3.6 - Fruma Expansion
    • v3.5.2
    • v3.5.1
    • v3.5 - User System
    • v3.4
    • v3.3.4
    • v3.3.3
    • v3.3.2
    • v3.3.1
    • v3.3 - Rekindled World
    • v3.2.5
    • v3.2.4
    • v3.2.3
    • v3.2.2
    • v3.2.1
    • v3.2
    • v3.1
    • v3.0
LogoLogoWynncraft API - Documentation
Create tokenDev Discord
On this page
  • Access Rules
  • Rule List
  • OAuth2
  • Character Skeleton Customization
  • Leaderboard Visibility
Get started

API Privacy

Player access rules and visibility behavior
Was this page helpful?
Edit this page
Previous

Authentication

Next

Exceptions

Built with

Access Rules

Since the release of the user system in August 2025, players linked to a Wynncraft Account can manage API access with Access Rules.

Access Rules define who can read a player’s stats:

Rule OptionDescription
PublicEveryone can access the data.
FriendsOnly friended players can access the data. Friendship must be mutual.
GuildOnly players sharing the same guild can access the data.
Guild & FriendsOnly players who are both in the same guild and mutual friends can access the data.
PrivateNobody can access the data except the player.

All linked players on the requesting Wynncraft Account are used when checking access. For example, if you request Player A whose rule is set to Friends, access is granted if any player linked to your account is mutual friends with Player A.

Player stat responses include a restrictions dictionary. Each key maps to an access rule used by the endpoint. A value of true means that field group is restricted for the requester.

1{
2  "restrictions": {
3    "mainAccess": true,
4    "characterDataAccess": false
5  }
6}

Rule List

RuleDescriptionDefault
mainAccessControls access to global data and featured stats.Public
characterListAccessControls access to the character list.Public
characterDataAccessControls access to character data.Public
characterBuildAccessControls access to skill points and ability trees.Public
huntedCharacterAccessControls access to characters using the hunted gamemode.Guild & Friends
onlineStatusControls online status and last join visibility.Public
guildHistoryAccessControls the access to your guild history.Public

OAuth2

OAuth2 applications can only bypass access rules when the user explicitly granted permission for it.

That bypass is limited to the authorizing user’s own linked player profiles. It does not let the application bypass another player’s access rules just because one of the user’s profiles would normally be eligible to view that player.

Character Skeleton Customization

Players can customize the skeleton of their character data. Removing a stat hides it from everyone except the player.

Character responses include removedStat, an array of hidden stats.

1{
2  "removedStat": [
3    "contentCompletion",
4    "chestsFound"
5  ]
6}

Leaderboard Visibility

Players can opt out of specific leaderboards. This does not remove their records entirely; instead, the record is anonymized and fields such as username, UUID, and character type can be replaced with redacted.

Leaderboard records expose this with the restricted key.

Using the API to save player stats is allowed, but it must not be used to bypass player access rules.