The v2 OPSkins API is a successor to our earlier API, which was inconsistent and difficult to maintain. It uses a consistent, unified request and response system, and it supports versioning.
It is not 100% complete yet, so you still need to use the old API for some things. You can find the old API's documentation here.
Much like Steam's WebAPI, requests to our API use the format
https://api.opskins.com/IInterfaceName/MethodName/v1/. Most requests should use the GET method, but some (specially marked) methods require POSTs.
Most requests require authentication. Those that don't are marked. To authenticate, you'll need your API key from your account page. We prefer that you send your key as your username in HTTP Basic authorization, but you can also supply it as a key GET or POST parameter (depending on the request method). If you're currently logged in on opskins.com, then your login cookies will be used to authenticate your requests. All calls to the API should use your API key, however, as cookie authentication is only meant for internal use by us. Your API key will override any login cookies.
All requests MUST be made over HTTPS. HTTP is not supported and will redirect to HTTPS.
The API's response encoding can be controlled by the format input parameter. Currently, these formats are supported:
nullis represented by an empty string. Quotes, backslashes, and newlines in keys or values will be backslash-escaped (e.g. a quote is \", a newline is \n).
Requests which are unauthenticated, malformed, or otherwise incorrect will result in non-200 HTTP response codes. Successful requests (wherein "successful" means that your input was well-formed, not that the requested operation succeeded) will result in 200 status codes. Non-200 responses are not guaranteed to be encoded in your desired format, and will most likely be HTML instead.
Successful requests will return JSON which always contains a status property. That property is an error code, or 1 on success. Successful requests will also return a time property, which is the server's current time, as Unix time. You should not consider this time to be authoritative or correct (i.e. don't use us to sync your clock). The intention behind providing it is to allow you to determine clock skew when decoding timestamps returned in our API.
Some endpoints which return listings are paginated. In this case, they will have a current_page property (containing the current page number) and a total_pages property (containing the total number of available pages). To navigate through pages, supply the desired page number as a page parameter.
In the event of an error, a message property MAY be defined, containing an error message as a string. It may not be present.
All responses, regardless of success, MAY contain balance and response properties. The balance property is not defined in most responses; it's mostly defined in responses to actions which affect your balance. When defined, it contains your account's current wallet balance, in USD cents (divide by 100 to get USD). The response property may be any data type (usually an object), and contains the response of the requested API method.
The X-Queries-Remaining header contains the number of API queries that you're allowed to make with your API key today. This isn't defined if your API key has no daily query limit. This number resets daily at midnight EDT.
Some API methods may be cached for a period of time. For methods which are cached, X-Cache-Status may be either fresh or cached, depending on whether the data is fresh.
API interfaces which are currently available are listed here.