The Companion API, explained
Frontier API is the documented set of REST endpoints for Elite Dangerous.
Notes on oAuth2 flow, available CAPI endpoints (/profile, /market, /shipyard, /fleetcarrier, /journal), rate limiting, User-Agent requirements, and other Frontier Developer APIs for Community Goals and GalNet.
Source
EDCD / FDevIDs
Auth
oAuth2 + PKCE
Rate limit
~2 req/s
Primary source
The EDCD/FDevIDs repo spells out the endpoints, the oAuth2 flow, and the rules that govern CAPI access.
Core mechanic
Authenticate via oAuth2, set Authorization: Bearer <token>, and query endpoints for live Commander data.
Overview
What makes the Frontier CAPI different from a simple game data feed
Authenticated per-commander data
Every CAPI request requires an oAuth2 Access Token. The data is tied to the authenticated Commander’s game state—their current ship, location, ranks, and credits.
Not a real-time service
The CAPI data can lag behind the game client. Rate limiting may kick in above 2 queries per second. The /journal endpoint should ideally be queried only once per gameplay session.
Community-governed documentation
The EDCD community maintains the FDevIDs repo with endpoint notes, field definitions, and FDev ID lookups. Frontier does not provide an official public API spec.
Live / Legacy galaxy split
Since Odyssey Update 14, use companion.orerve.net for Live galaxy data and legacy-companion.orerve.net for Legacy galaxy data.
Authentication
The oAuth2 flow that governs all CAPI access
Since early 2019, Frontier Developments requires oAuth2 for CAPI access. Developers must apply at user.frontierstore.net and use PKCE for non-browser applications.
Apply for access
Navigate to user.frontierstore.net and apply for developer access. Once approved, you’ll receive a Client ID and Shared Key under the Developer Zone.
Generate PKCE challenge
Generate a 32-byte code verifier, then SHA-256 hash it and URL-safe Base64-encode it (stripping trailing =) to produce the code challenge.
Authorization Request
Send the user to auth.frontierstore.net/auth with audience=frontier, scope=auth capi, response_type=code, and your PKCE challenge.
Token Request
POST to auth.frontierstore.net/token with grant_type=authorization_code, the code, and code verifier. Receive an access_token, refresh_token, and expires_in.
The CAPI turns game state into something a developer can query.
Most games expose nothing. Frontier exposes Commander profiles, market data, shipyard inventory, fleet carrier finances, and journal streams—all through a structured, authenticated API.
oAuth2 security
Every request requires a valid access token with properly scoped permissions.
Rate-limited
The CAPI is not designed for real-time polling. Stay under 2 queries/second.
User-Agent required
Use EDCD-[App]-[version] so Frontier can track issues.
Deep dive
What Is the Frontier CAPI? How oAuth2 and REST Power Elite Dangerous Integrations
A clear explanation of the Companion API, how authentication works, which endpoints are available, and how to build tools that use live Commander data.
Endpoints
Available CAPI endpoints and what they return
The root of any CAPI host (companion.orerve.net) responds with a links array listing available endpoints. Below is what each one provides.
Commander Profile
Commander name, ID, credits, debt, current ship, ranks (combat, trade, explore, CQC, empire, federation), docked status, last starport, last system, and full ship module data with engineering details.
Commodity Market
Last docked station market data: commodities with buy/sell prices, stock/demand brackets, mean prices, import/export lists, prohibited goods, and service status.
Shipyard & Outfitting
Available ships with base cost, SKU, and stock. Outfitting modules with ID, category, cost, SKU, and stock. Station services and economy breakdown.
Fleet Carrier
Carrier callsign, name, current system, fuel, balance, state, docking access, capacity, itinerary, market finances, cargo, orders (buy/sell), crew, and module data.
Commander Journal
Log lines from the Commander journal file, combining all sessions. Supports date filtering via /journal/year/month/day. Returns 200 (full), 204 (no data), or 206 (partial).
Community Goals
All currently active Community Goals and any contributions from this Commander. Supports ?language=en|fr|de|ru|es|pt for localized descriptions.
Visited Stars
Downloads a ZIP archive of the player’s VisitedStarsCache.dat. Status 102 indicates the file is being generated—try again in a couple of minutes.
Quick start
How to go from reading about the Frontier API to making your first request
The EDCD/FDevIDs repo assumes you have a Frontier account and an approved application. Here’s the condensed flow.
Get your credentials
Apply at user.frontierstore.net and wait for approval. Your Client ID and Shared Key appear in the Developer Zone under “AUTH” and “CAPI” scopes.
Run the PKCE flow
Generate a verifier, derive a challenge, send the user to authorize, then exchange the code for tokens. See the EDCD oAuth2 notes for a step-by-step guide.
grant_type=authorization_code
&code_verifier=VERIFIER
&client_id=CLIENTID
Set the headers
Use the access token in an HTTP header. Also set the User-Agent to match EDCD-[A-Za-z]+-[.0-9]+ as Frontier requests.
Authorization: Bearer <token>
User-Agent: EDCD-MyApp-1.0.0
Query an endpoint
Send a GET request to the Live CAPI host. For Legacy galaxy data, use legacy-companion.orerve.net instead.
GET https://companion.orerve.net/profile
FAQ
The fastest answers to the questions developers ask first
Start here if you want to know about the CAPI, its authentication, the endpoints, and best practices for using the Frontier API.
The Companion API (CAPI) is Frontier Developments’ REST API for Elite Dangerous. It provides authenticated access to Commander profile, market data, shipyard inventory, fleet carrier information, and journal entries. It was originally created for an iOS Companion app, but Frontier continues to support it for third-party developers.
Apply for access at user.frontierstore.net, get approved, then use the oAuth2 flow with PKCE (for non-browser apps) to obtain an Access Token. Include it as Authorization: Bearer <access_token> in every CAPI request. The token_type from the response should be stored and repeated verbatim.
The main CAPI endpoints are: /profile (Commander data), /market (station market), /shipyard (station shipyard/outfitting), /fleetcarrier (fleet carrier info), /journal (Commander journal), /communitygoals (active CGs), and /visitedstars (visited stars cache). Send a bare GET to the CAPI host to see the full list.
Frontier has stated that rate limiting may kick in above 2 queries per second. For general use, try not to issue more than one query a minute. The /journal endpoint should not be polled in realtime—ideally query it once per gameplay session. EDMarketConnector gets away with issuing multiple requests in rapid succession upon docking, but Frontier reserves the right to throttle.
Frontier Developments requests that all CAPI and Authorization service access use a custom User-Agent header matching EDCD-[A-Za-z]+-[.0-9]+, e.g. EDCD-YourApp-0.0.1. The middle part should align with your application name as registered during Authorization access.
Since Odyssey Update 14, companion.orerve.net only returns data for the Live galaxy. For Legacy galaxy data, use legacy-companion.orerve.net. In the past, Frontier sometimes provided a beta-specific host (pts-companion.orerve.net) before major updates.
Primary sources
Every claim on this page is grounded in the EDCD/FDevIDs repo and the Frontier Developments developer docs.
GitHub Repo
The source for CAPI endpoint notes, FDev ID lookups, and community-maintained documentation.
Frontier Developer Docs
Official oAuth2 documentation from Frontier Developments for their AUTH and CAPI scopes.
Community Research
Additional investigation notes on GalNet, Community Goals, and other unofficial Frontier APIs.