Learn what an “API key” is, how to find yours, how to use it, and safety information regarding your account security.
How do I get my GW2 API key?
Log in to the GuildWars2.com website, then click Applications.
On the Applications page, click New Key. Check the boxes for the permissions you want to allow for the key.
Typically, the app asking for your API key will tell you which permissions it needs. For example, the Hungry cat scavenger hunt page tells you the API key needs to have access to progressions and unlocks.
After you create the key, click the icon to copy it to your clipboard.
You can now paste it in to the app that requested it.
How do I use my GW2 API key?
The best use of the GW2 API key (as far as I’m concerned) is the aforementioned Hungry cat scavenger hunt page on the official wiki. If you’re trying to add cats to your home instance, paste in your API key and the page will tell you which ones you have and which ones you need.
GW2efficiency.com is another site that uses your API key. This site lets you track your stats, simplify crafting, manage your characters, use your dungeon currencies efficiently, and more.
What is an API key?
An API is an interface that lets you access a software installation – for example, a database. You can query an API by hand, but for the most part, APIs are used by other scripts and software packages to communicate with each other.
An “API key” is an authentication token that you use to tell the API who you are, and what access you have. It’s a long string of numbers and letters, and works similar to a username/password combination.
The Guild Wars 2 API provides access to your account information, including items in your storage, which home instance nodes you have unlocked, achievements you have finished, and more. It also provides access to some other assets, like map details.
If you’re interested in working with the Guild Wars 2 API, check out the excellent set of API docs here on the official wiki.
Should I worry about my account security?
The Guild Wars 2 API key is “read only,” and it only provides access to the API, not to the game itself.
This means it can’t make changes to your account. Someone who has your API key can’t steal your gold, log into the game as you, or delete any of your items.
In theory, someone could use your API key to trick support staff into giving them access to your account, by providing information about what you have unlocked. This is why ArenaNet recommends you only provide the minimum required permissions for the API key when you create it.
In practice, as long as you only provide your API key to “known good” sources, and grant the minimum permissions needed, it’s fairly safe.
After you are done with your API key, it’s wise to go back to your guildwars2.com account to delete it. This helps make sure it won’t fall into the wrong hands.
Photo by Samantha Lam on Unsplash