The goal of the Torn API is to provide a fully supported and read-only method for players to pull useful information from Torn about their player, faction, or company. This can be used individually to retrieve information about your account, or you can build a website that the entire community can use to do interesting things with the data exposed via the API.
Whether you're making a browser extension to aid factions during wartime, a mobile application to offer instant notifications, or a website to track data for graphing - the possibilities are endless - simply using the 16 character API keys. We encourage you to be creative, building features and tools that expand Torn's gameplay and enjoyment.
This system has been developed so that you should only ever need to request an API key from the user. All of the user's information can be obtained with just their key, there shouldn't be any requirement to ask for a name or user ID. Torn passwords should never be requested from any users, ever.
You must keep keys, and the data obtained from them, securely protected and confidential unless permitted by the key owner. By accepting other user's keys, they are placing their trust in you - do not exploit this. We will permanently ban offending applications from accessing the API at a moment's notice.
We respectfully request that you follow Torn's no-advertising policy when building websites or applications that use our API system to ensure optimal user experience, however, exceptions can be made. Please contact us if you would like to advertise, accept voluntary real-money donations or charge users for usage.
Please make sure your scripts are optimised to retrieve only the information required for the specific request they're making. They should be retrieving as little information as possible; this will improve loading time and reduce stress on Torn's servers.
All scripts or tools must be compliant with the API Terms of Service Guidelines defined below.
When creating a script, userscript, sheet, extension, API service, bot, 3rd party website or any other API tool (collectively "service"), the end user must be aware of how will their API key be used.
Here's a table with the information that is important to the end user - giving them a good idea of what to expect from the API service they're using:
| Data Storage | Data Sharing | Purpose of Use | Key Storage & Sharing | Key Access Level |
| Will the data be stored for any purpose? | Who can access the data besides the end user? | What is the stored data being used for? | Will the API key be stored securely and who can access it? | What key access level or specific selections are required? |
No / Only locallyTemporary - less than a minuteTemporary - less than a dayPersistent - until account deletionPersistent - forever |
NobodyFactionFriends & factionGeneral publicService ownersService owners & their customers |
Optimization/MaintenanceAnalysis Public amusementPublic community toolsCompetitive advantagePersonal gain
|
Not stored / Not sharedStored / Used only for automationStored / Shared with the faction Stored / Shared with other services |
PublicMinimalLimitedFullCustom - specify selections |
If the service is not storing or sharing the data or the key anywhere, it's enough to state so, otherwise ToS with the information above needs to be clearly and visibly stated in any place where user is providing their API key.
When integrating your service with another service (opt-in), make sure there's at least a link to ToS of the service you're allowing the user to integrate with.
When integrating your service with another service (automatically), your ToS need to cover the usage of the service you're integrating with.
Using keys for purposes other than the ones described in the ToS or deceiving the end user into believing that the key is being used for a purpose other than described is prohibited and is a punishable offense.
These rules also apply to those who purchase API keys from other players.
If you're unsure how to describe your service, feel free to contact Torn staff.
If you suspect your key was misused, you can use 'key' -> 'log' selection to view & monitor API key usage history.
All services must be compliant with Torn's scripting rules.
ToS examples can be found at the bottom of this page.
We understand that crafting an API system for Torn could give some users an unfair advantage. We want the system to expand & enhance gameplay rather than giving users an advantage which makes it easier to compete against others. We have taken this into account during development, but we will be listening to feedback and making any appropriate changes that are required.
Please be aware, we log all details and inputs of requests and make routine checks. If misuse occurs, we will permanently ban IP addresses, keys, and users from accessing the system without notice.
Each user can make up to 100 individual requests per minute across all of their keys, this should be more than enough for almost anything to be achievable. Multiple requests using invalid keys may result in a temporary IP ban - you must account for this by removing disabled or invalid keys upon error.
These limits may change without notice to ensure the Torn servers remain stable.
API keys have can have one of four different access levels, this will limit which selections they're able to access. We've assigned access level requirements to every selection, these are visible in the table below.
| Access Levels |
| Public |
| Minimal Access |
| Limited Access |
| Full Access |
Example No. 1
Description: a 3rd party website utilizing 'user' -> 'log' selection to show detailed statistics for certain gameplay areas which stores key or data only in the user's browser.
ToS: You maintain full control of your data; everything is stored in your browser. No data is sent anywhere.
For such websites, ToS in the table format is not necessary, but might be useful to end users and could look something like this:
| Data Storage | Data Sharing | Purpose of Use | Key Storage & Sharing | Key Access Level |
| Will the data be stored for any purpose? | Who can access the data besides the end user? | What is the stored data being used for? | Will the API key be stored securely and who can access it? | What key access level or specific selections are required? |
Only locally |
Nobody |
Not eligible - only end user has access |
Stored locally / Not shared |
Full Access |
Example No. 2
Description: a 3rd party website sharing personal data between faction members. The website stores API key and private user information in its own database.
ToS:
| Data Storage | Data Sharing | Purpose of Use | Key Storage & Sharing | Key Access Level |
| Will the data be stored for any purpose? | Who can access the data besides the end user? | What is the stored data being used for? | Will the API key be stored securely and who can access it? | What key access level or specific selections are required? |
Persistent - until account deletion or faction change |
Faction |
Optimization/MaintenanceShow information to faction other members |
Stored remotely securely / Used only for automation |
Limited Access |
Example No. 3
Description: a browser extension providing notifications based on cooldowns and other user's activity which allows fully opt-in integration with other services.
ToS: You maintain full control of your data; everything is stored in your browser. No data is sent anywhere. You can view our detailed API usage here : link_to_api_usage_page
[] Service XYZ: Check the checkbox to integrate Service XYZ. Terms of Service for XYZ can be found here: link_to_XYZ_tos
[] Service ZZZ: Check the checkbox to integrate Service ZZZ. Terms of Service for ZZZ can be found here: link_to_ZZZ_tos
For such extension, ToS in the table format is not necessary, but might be useful to end users and could look something like this:
| Data Storage | Data Sharing | Purpose of Use | Key Storage & Sharing | Key Access Level |
| Will the data be stored for any purpose? | Who can access the data besides the end user? | What is the stored data being used for? | Will the API key be stored securely and who can access it? | What key access level or specific selections are required? |
Only locally |
Nobody |
Not eligible - only end user has access |
Stored locally / Not shared |
Limited Access |
Example No. 4
Description: a google sheet pulling current plushie/flower prices.
ToS:
| Data Storage | Data Sharing | Purpose of Use | Key Storage & Sharing | Key Access Level |
| Will the data be stored for any purpose? | Who can access the data besides the end user? | What is the stored data being used for? | Will the API key be stored securely and who can access it? | What key access level or specific selections are required? |
Persistent - Until sheet deletion |
Everyone with a sheet access |
Competitive Advantage |
Stored in code details / Everyone with sheet access |
Custom : 'market' -> 'itemmarket' |
Example No. 5
Description: a discord faction bot where submitted API key is used to fetch data for other services.
ToS:
| Data Storage | Data Sharing | Purpose of Use | Key Storage & Sharing | Key Access Level |
| Will the data be stored for any purpose? | Who can access the data besides the end user? | What is the stored data being used for? | Will the API key be stored securely and who can access it? | What key access level or specific selections are required? |
Persistent - data is forever visible on faction discordPersistent - data is forever visible on other discord serversPersistent - data is saved to server DB |
Friends & factionService owners & their customers |
Optimization/MaintenanceAnalysis Competitive advantagePersonal gain |
Stored securely / Shared with other services : XYZ Mug Bot, XYZ Cache Bot |
Limited Access |