Public API

Live Play now

Public JSON API

Read-only HTTP endpoints for the ClanWar ladder. CORS-open, cached for 15s, no auth required. Plugin authors and stream overlays — go nuts.

Open index

Base URL

https://clanwar.luda-ekipa.rs/api/v1/

Both /api/v1/player/123 and /api/v1/?r=player&id=123 work; the pretty form needs Apache's mod_rewrite.

Endpoints

Method & PathReturnsNotes
GET /api/v1/ Endpoint index Echoes the routing table; useful for discovery.
GET /api/v1/player/{id} { player: {...} } Full player profile: rating, peak, tier, K/D/HS, clan, avatar.
GET /api/v1/leaderboard?limit=50 { players: [{ rank, ... }] } Ladder with rank embedded. Default 50, max 200.
GET /api/v1/match/{id} { match: { players: [...] } } Match detail including the full scoreboard.
GET /api/v1/matches?limit=20 { matches: [...] } Recent finished matches, summary only.
GET /api/v1/server/{id} { server: {...} } One server with live players/map.
GET /api/v1/servers { servers: [...] } All CW-flagged servers.
GET /api/v1/clan/{id} { clan: { members: [...] } } Clan with roster.
GET /api/v1/clans?limit=50 { clans: [{ rank, ... }] } Clan ladder.
GET /api/v1/overlay/{matchId} Same as /overlay.json.php Live scoreboard data for OBS browser sources.

Response envelope

{
  "ok": true,
  <resource-specific keys>
}

On error: {"ok": false, "err": "<short message>"} with appropriate HTTP status (400/404).

Examples

Get a player

curl -s https://clanwar.luda-ekipa.rs/api/v1/player/123 | jq .

Top 10 leaderboard

curl -s 'https://clanwar.luda-ekipa.rs/api/v1/leaderboard?limit=10' | jq '.players[] | {rank, name, rating}'

Live OBS overlay JS snippet

setInterval(async () => {
  const r = await fetch('/api/v1/overlay/42');
  const j = await r.json();
  document.querySelector('.score-t').textContent  = j.scoreT;
  document.querySelector('.score-ct').textContent = j.scoreCT;
}, 3000);

Rate limiting & etiquette

  • Responses are cached server-side for 15 seconds (Cache-Control: public, max-age=15). Don't poll faster than that — you'll just get the same body.
  • No auth. Don't build a destructive client; this is read-only by design.
  • CORS is wide open (Access-Control-Allow-Origin: *), so browser JS can fetch directly.
  • Hard 200-row cap on list endpoints to keep MySQL happy.