Warning
It is your responsibility that the tokens above are not exposed to the public. All communications to and from the server are encrypted but your application should make sure these are kept safe.
Welcome to World Anvil's API documentation. This documentation is meant to serve as guide on how to use the API in order to access data on World Anvil according to the permissions granted to the owner of the authorization token supplied.
This API is working exclusively using JSON. All requests should be made using content-type application/json. All responses will be returned with application/json.
Boromir has been implemented from a complete clean slate therefore it is sadly not backward compatibile with Aragorn calls.
However while Aragorn will still be supported from the time being, we strongly recommend that you update your code to Boromir. If only because Boromir is way more powerful ;)
If a version of the API is being deprecated you will receive at least 3 months notice.
I am so very excited to give some of the most creative people I know the chance to use the resources of World Anvil in order to create amazing stuff!
You can reach the team through discord in the #api-development channel in the Worldanvil Official Discord
At the moment development of new api consumer applications is reserved to members of the guild above the rank of Grandmaster
In order to make use of the API you will need to have two things.
Both of them should be supplied with each call to the api as header variables under the keys x-application-key and x-auth-token respectively
It is your responsibility that the tokens above are not exposed to the public. All communications to and from the server are encrypted but your application should make sure these are kept safe.
Finally keep in mind that all calls should also include in their header Content type application/json and a User-Agent with the name, url and version of the app.
x-auth-token: 9QxWuGXFsLX8RFyAcNayS7GRgJbU6vwQQQFwvODQdYMcFoPAP8vCuX //your user token
x-application-key: Tt8RbuX7KDwfH4R2Y3 //your application key
Content-type: application/json
User-Agent: $app_name ( $url, $version )
Although it is suggested that you use the headers for authentication, the same tokens with the same names can also be used as parameters to your calls. This is only suggested if for some reason you have issues with CORS while trying to connect.
GET https://www.worldanvil.com/api/external/boromir/user?x-application-key=USER_APPLICATION_KEY_HERE&x-auth-token=USER_AUTH_TOKEN_HERE HTTP/1.1
For the purposes of this documentation all endpoints are assumed to be prefixed by /api/external/boromir under the worldanvil domain. For example to get your identity informations you would use
GET https://www.worldanvil.com/api/external/boromir/identity HTTP/1.1
GET, PUT, POST, PATCH and DEL endpoints request and respond with JSON.
It is suggested that if needed, you use Content-type: application/json.
PUT, POST and PATCH do not use form-data to receive content.
All GET endpoints have a granularity parameter.
This parameter is used to limit the amount of data that is returned by the get endpoints. If the parameter is not set, the default value is -1 in most case.
All GET endpoints have a granularity parameter.
The underlying logic behind it is the following:
This API and all it contents cannot be used for any sort of commercial project without prior authorization by World Anvil. This is a perpetual licence meaning that anything created using the API falls under this licence as well.
We may modify the Terms or any portion to, for example, reflect changes to the law or changes to our APIs. You should look at the Terms regularly. We'll post notice of modifications to the Terms within the documentation of each applicable API, to this website. Changes will not apply retroactively and will become effective no sooner than 30 days after they are posted. But changes addressing new functions for an API or changes made for legal reasons will be effective immediately. If you do not agree to the modified Terms for an API, you should discontinue your use of that API. Your continued use of the API constitutes your acceptance of the modified Terms.
We hold the right at any point to remove access without prior consent. This might be the case if the application is in any way violating World Anvil's terms of service or tries to circumvent feature locks to specific guild membership levels. This is not limited to the above.
EXCEPT AS EXPRESSLY SET OUT IN THE TERMS, NEITHER WORLD ANVIL NOR ITS SUPPLIERS OR DISTRIBUTORS MAKE ANY SPECIFIC PROMISES ABOUT THE APIS. FOR EXAMPLE, WE DON'T MAKE ANY COMMITMENTS ABOUT THE CONTENT ACCESSED THROUGH THE APIS, THE SPECIFIC FUNCTIONS OF THE APIS, OR THEIR RELIABILITY, AVAILABILITY, OR ABILITY TO MEET YOUR NEEDS. WE PROVIDE THE APIS "AS IS".
SOME JURISDICTIONS PROVIDE FOR CERTAIN WARRANTIES, LIKE THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT. EXCEPT AS EXPRESSLY PROVIDED FOR IN THE TERMS, TO THE EXTENT PERMITTED BY LAW, WE EXCLUDE ALL WARRANTIES, GUARANTEES, CONDITIONS, REPRESENTATIONS, AND UNDERTAKINGS.
WHEN PERMITTED BY LAW, WORLD ANVIL, WILL NOT BE RESPONSIBLE FOR LOST PROFITS, REVENUES, OR DATA; FINANCIAL LOSSES; OR INDIRECT, SPECIAL, CONSEQUENTIAL, EXEMPLARY, OR PUNITIVE DAMAGES.
TO THE EXTENT PERMITTED BY LAW, THE TOTAL LIABILITY OF WORLD ANVIL, FOR ANY CLAIM UNDER THE TERMS, INCLUDING FOR ANY IMPLIED WARRANTIES, IS LIMITED TO THE AMOUNT YOU PAID US TO USE THE APPLICABLE APIS (OR, IF WE CHOOSE, TO SUPPLYING YOU THE APIS AGAIN) DURING THE SIX MONTHS PRIOR TO THE EVENT GIVING RISE TO THE LIABILITY.
IN ALL CASES, WORLD ANVIL, WILL NOT BE LIABLE FOR ANY EXPENSE, LOSS, OR DAMAGE THAT IS NOT REASONABLY FORESEEABLE.
Unless prohibited by applicable law, if you are a business, you will defend and indemnify WORLD ANVIL, and its affiliates, directors, officers, employees, and users, against all liabilities, damages, losses, costs, fees (including legal fees), and expenses relating to any allegation or third-party legal proceeding to the extent arising from:
your misuse or your end user's misuse of the APIs;
your violation or your end user's violation of the Terms; or
any content or data routed into or used with the APIs by you, those acting on your behalf, or your end users.