How to scrape the Vinted API in 2026

27 April 2026 · Andrew Odiit

Vinted is the largest second-hand fashion marketplace in Europe — 100+ million users, 26 markets, €813 million in revenue last year. If you're building price monitoring, arbitrage tools, or seller analytics across Vinted markets, you need reliable access to their product data.

There's no usable public API. The official Vinted Pro API is allowlist-only and doesn't expose search or catalog data. The real data lives in Vinted's internal API — the same endpoints their website and app use.

The problem

Vinted's internal API returns clean JSON — product listings, prices, seller info, images — everything you'd want. But getting to it requires clearing two hurdles.

First: authentication. Every API call requires a session token. No token, no data. Vinted doesn't have a token endpoint — the token is minted by the website when you load the homepage, embedded in cookies via client-side JavaScript. You can't just call an auth endpoint and get a bearer token.

Second: anti-bot protection. Vinted uses DataDome on the website and Cloudflare on the API layer. DataDome fingerprints your TLS handshake, analyzes your browser behavior, and scores your IP reputation. Datacenter IPs are rejected immediately. Even residential IPs get challenged if the request doesn't look like a real browser.

This combination — tokens that require a browser to mint, protected by anti-bot that blocks non-browsers — is what makes Vinted scraping hard. Every DIY approach ends up building a headless browser pipeline with proxy management, cookie persistence, and challenge solving. That's weeks of engineering, and it breaks whenever Vinted or DataDome updates.

The raw API

The endpoint for product search is:

https://www.vinted.fr/api/v2/catalog/items?search_text=nike&per_page=20

This works across all Vinted domains — swap vinted.fr for vinted.de, vinted.es, vinted.co.uk, etc. Same endpoint structure, same response format, different market data. Other useful endpoints include:

/api/v2/catalog/items?search_text={query}     — product search
/api/v2/users/{id}/items                       — seller's listings
/api/v2/items/{id}                             — product details
/api/v2/users/{id}                             — seller profile

Without a session: 401

Hit the API without a session token and you get a clear rejection:

{
  "code": 100,
  "message": "Jeton d'authentification invalide",
  "message_code": "invalid_authentication_token"
}

This is Vinted telling you: no token, no data. Every scraping tool that tries to hit the JSON API directly runs into this wall. The token has to come from a real browser session on the homepage.

With Sessemi: one call to mint, then fast API access

Sessemi handles both problems — the anti-bot challenge and the token minting — in one API call. The approach is two steps:

Step 1: Load the homepage with a named session. This triggers the browser engine, solves any DataDome or Cloudflare challenges, and captures all cookies — including the access_token_web and _vinted_fr_session that Vinted requires.

curl -X POST https://api.sessemi.com/scrape \
  -H "X-API-Key: YOUR_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "url": "https://www.vinted.fr",
    "pool": "residential",
    "country": "FR",
    "session": "my-vinted-fr"
  }'

This takes about 6 seconds on the first call. The session is now alive — cookies are stored, the token is minted, the IP is pinned to France.

Step 2: Hit the API endpoint with the same session. Sessemi replays the cookies automatically.

curl -X POST https://api.sessemi.com/scrape \
  -H "X-API-Key: YOUR_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "url": "https://www.vinted.fr/api/v2/catalog/items?search_text=nike&per_page=20",
    "pool": "residential",
    "country": "FR",
    "session": "my-vinted-fr"
  }'

This returns the JSON response in ~4 seconds. No browser needed for subsequent requests — Sessemi replays the session cookies through its fast path. Every additional API call on the same session reuses the token.

What you get back

The response includes the full Vinted product data as structured JSON:

{
  "items": [
    {
      "id": 8761034138,
      "title": "Zip brésil noir",
      "price": {
        "amount": "30.0",
        "currency_code": "EUR"
      },
      "brand_title": "Nike",
      "size_title": "L / 40 / 12",
      "is_visible": true,
      "path": "/items/8761034138-zip-bresil-noir",
      "url": "https://www.vinted.fr/items/8761034138",
      "photo": { ... },
      "user": {
        "id": 12345,
        "login": "seller_name",
        "feedback_reputation": 1.0
      }
    },
    ...
  ],
  "pagination": { ... },
  "search_tracking_params": { ... }
}

Each item includes ID, title, price, brand, size, condition, photos, seller info, and feedback scores. The pagination object lets you cursor through results. The same structure works across all 26 Vinted markets.

Cross-market scraping

Vinted operates on separate domains per market. Each market has its own token scope — a vinted.fr session token won't work on vinted.de. To scrape across markets, create a session per market:

// French market
{"url": "https://www.vinted.fr", "country": "FR", "session": "vinted-fr", ...}

// German market
{"url": "https://www.vinted.de", "country": "DE", "session": "vinted-de", ...}

// Spanish market
{"url": "https://www.vinted.es", "country": "ES", "session": "vinted-es", ...}

Each session is independent — its own IP, its own cookies, its own locale. The country parameter routes through a residential IP in that market and sets the correct language headers. Once each session is minted, API calls across all markets run in parallel at ~4 seconds each.

Python example

Here's a complete example that scrapes Nike listings from Vinted France and Germany:

import requests, json

API_KEY = "YOUR_KEY"
API_URL = "https://api.sessemi.com/scrape"
headers = {"X-API-Key": API_KEY, "Content-Type": "application/json"}

markets = [("fr", "FR"), ("de", "DE")]

# Step 1: Mint sessions (one per market)
for domain, country in markets:
    requests.post(API_URL, headers=headers, json={
        "url": f"https://www.vinted.{domain}",
        "pool": "residential",
        "country": country,
        "session": f"vinted-{domain}"
    })

# Step 2: Search across markets
for domain, country in markets:
    resp = requests.post(API_URL, headers=headers, json={
        "url": f"https://www.vinted.{domain}/api/v2/catalog/items"
               f"?search_text=nike&per_page=20&order=newest_first",
        "pool": "residential",
        "country": country,
        "session": f"vinted-{domain}"
    })

    data = resp.json()
    items = json.loads(data["content"]).get("items", [])
    for item in items:
        print(f"[{domain.upper()}] {item['title']}"
              f" — {item['price']['amount']} {item['price']['currency_code']}"
              f" — {item.get('brand_title', 'N/A')}")

What it costs

Vinted scraping requires sessions and residential proxies — that means a Basic (€20/mo) or Pro (€100/mo) plan. Sessions are not available on the free tier.

Credit cost per request depends on your plan:

For a production workload scanning 26 markets hourly, you'd use ~52 requests per cycle (26 mints + 26 searches). On the Pro plan, that's 260 credits per cycle — well within the 25,000 monthly allowance. And session tokens persist up to an hour — you only re-mint when they expire, not on every request.

Try it

The free tier lets you test Sessemi against any site — try a single request to vinted.fr to see the anti-bot bypass in action. For the full session workflow (mint + replay), you'll need a Basic (€20/mo) or Pro plan. Sign up, run the curl example above, and you'll have structured product JSON in under 10 seconds.

The docs cover all parameters, including session, country, and the full list of supported markets. If you're building a Vinted seller tool, price monitor, or cross-market arbitrage system, this is the infra layer. You handle the logic — Sessemi handles the anti-bot.