KicksDB

KicksDB

Login Register
StockX Scraping API Guide

Scraping StockX in 2025 - Full Guide

Victor Lourme avatar
Victor Lourme
Cover for Scraping StockX in 2025 - Full Guide

StockX is an online marketplace for sneakers, apparel, and collectible items. They use an auction-style system for all their sales, allowing people to sell and buy at prices set by supply and demand. Every item on StockX has its price tracked, along with sale history, asks, and bids, all publicly available, making it an ideal target for scraping.

In this article, we will explore some methods we use at KicksDB to collect StockX data. If you’re not familiar with us, KicksDB is an e-commerce database and API that gathers and shares data from leading e-commerce websites like StockX, GOAT, Kicks Crew, Shopify, and more. We’ve been specializing in bypassing anti-bot protections, so let’s dive in.

A look at protections used by StockX

StockX uses two types of protection for their website and API:

  • Cloudflare: Primarily used as a cache and CDN, it doesn’t play a major role in anti-bot protection, but occasionally, you might encounter it.
  • HUMAN Security (formerly PerimeterX): Specializing in anti-fraud and anti-bot measures, they use various criteria to determine if your computer is a bot. This security can be challenging to bypass.

HUMAN/PerimeterX uses several data points to identify your browser or program:

  • IP: A residential IP is often more trusted than a datacenter IP.
  • Browser headers: Web browsers send multiple headers in a specific order, which is part of their assessment.
  • TLS fingerprint: This is heavily used, so ensure your fingerprint matches a real browser or device. Tools like Charles Proxy can help.
  • Pattern matching: PerimeterX likely uses machine learning to detect repeated patterns and block them. Sending the same payload and headers repeatedly will likely lead to a ban.

The first requests you’ll send to StockX might not get banned instantly, but if you don’t respect, often change and randomize these parameters you’ll likely get banned and challenged with the Hold Captcha protection.

StockX uses PerimeterX on most of their endpoints:

  • https://stockx.com → The frontend website, built with React and NextJS, is protected by PX.
  • https://gateway.stockx.com/api/graphql → The GraphQL API is also protected.
  • https://stockx.com/api/p/e → A reverse proxy to gateway.stockx.com, which is protected too.

In February 2025, we discovered some unprotected endpoints:

  • https://gateway.stockx.io/api/graphql → Direct access to the AWS backend
  • https://edge-gateway.stockx.io/api/graphql → Cloudflare to AWS backend

Unfortunately, these endpoints were patched recently. They do not use PerimeterX but are protected by Authorization headers, which might be an AWS IAM.

Using the Official API Approach

StockX provides an official API, mainly for sellers, but it allows limited access to listings and the catalog. You can find it here: StockX Developers. We won’t focus much on this approach because it has many restrictions:

  • StockX reviews and approves each request individually.
  • The official API offers much less data than the GraphQL API (Private API).
  • It has bugs and is rarely updated; the market data endpoint didn’t work in our tests.
  • It is heavily rate-limited to 25,000 requests per day and 1 request per second.

At KicksDB, we tried this approach and got approved, but we quickly abandoned it because it was very inefficient for our needs.

Automated-browser approach

The easiest approach for beginners is definitely using an automated browser, like SeleniumBase or Pydoll. You can easily load StockX inside an automated Chrome instance, even without proxies. This script is a simple way to get started:

from seleniumbase import SB, BaseCase

with SB(
    uc=True,
    test=True,
    locale="en",
) as sb:
    sb: BaseCase
    url = "https://stockx.com/nike-dunk-low-retro-white-black-2021"
    sb.activate_cdp_mode(url)
    json_data = sb.find_element('script[data-testid="product-schema"]').text
    print("SEO data: ", json_data)
    title = sb.find_element('h1[data-component="primary-product-title"]').text
    print("Product title: ", title)

    sb.sleep(1)
    sb.click('button#menu-button-pdp-size-selector')
    sb.sleep(1)
    sizes = sb.find_elements('div#pdp-sizes-wrapper button.chakra-menu__menuitem-option span.chakra-text')
    prices = sb.find_elements('div#pdp-sizes-wrapper button.chakra-menu__menuitem-option span.secondary-label')
    for size, price in zip(sizes, prices):
        print("Size: ", size.text)
        print("Price: ", price.text)
        print("--------------------------------")

This method works well but has several drawbacks:

  • Hard to scale: If you plan to scrape many products, this can be challenging.
  • Slow: Starting a browser, loading pages, clicking buttons, and extracting content can be time-consuming.
  • IP-localized: By default, StockX loads pricing data based on your IP location.

For the rest of this guide, we will use proxies from our partner, Evomi. They offer good quality at a great value.

To wrap up this section, we have two recommendations:

  • Focus on the JSON data. Google now recommends websites use JSON+LD for their SEO, which you can easily scrape. This means you only need to load and extract this data, with no more clicking or waiting. This could be a first step in scaling.
  • Unfortunately, using the CDP (Chrome DevTools Protocol) to intercept and modify GraphQL requests will result in the request being flagged instantly. However, using SeleniumBase to intercept valid PerimeterX cookies might be a low-cost solution.

Resolving the PerimeterX Approach

A scalable but costly solution is to handle PerimeterX challenges. There are two types:

  • Init challenge: PerimeterX creates a valid cookie by passively checking your session. It examines your browser, headers, IP, fingerprint, and more.
  • HoldCaptcha challenge: PerimeterX blocks all requests and generates a new cookie if you complete this captcha.

If you’re interested in learning how to bypass this on your own, I recommend this insightful read: Reverse Engineering PerimeterX SDK. That being said, bypassing PerimeterX can be very challenging. At KicksDB, we use this method along with others. To use this method, we rely on third parties to provide us with PerimeterX solving services. You might want to check out the services offered by ParallaxAPI or Takion.

However, having a valid PerimeterX cookie doesn’t guarantee easy access to the StockX GraphQL API. You still need a strong TLS fingerprint that matches either Chrome (for a browser-generated PX cookie) or iOS/Android (for a mobile PX cookie). Tools like Charles Proxy and cURL-CFFI can help you replicate this behavior.

Here is an example of the kind of request you’ll end up with:

Request Example

As we mentioned, this is the most scalable approach, but it also requires the most effort and regular maintenance to keep it functioning. StockX frequently updates their protection.

Leveraging KicksDB

You might be interested in our database, KicksDB. It lists every product and its prices, updated daily from StockX. We have tested and scaled all the methods mentioned above, making our service more reliable. Most of our users report saving a lot of time by using KicksDB instead of having to bypass protections and maintain this code themselves.

Requesting a product is very easy, like the following request:

 curl --request GET \
  --url "https://api.kicks.dev/v3/stockx/products/71fe981f-f575-4d16-a85e-277411b05878/sales/daily?limit=2" \
  --header 'Authorization: $YOUR_API_KEY' | jq
{
	"status": "success",
	"data": [
		{
			"product_id": "71fe981f-f575-4d16-a85e-277411b05878",
			"avg_amount": 144.1999969482422,
			"orders": 5,
			"date": "2025-06-21T00:00:00+02:00"
		},
		{
			"product_id": "71fe981f-f575-4d16-a85e-277411b05878",
			"avg_amount": 160.55555725097656,
			"orders": 9,
			"date": "2025-06-20T00:00:00+02:00"
		}
	],
	"meta": {
		"page": 1,
		"per_page": 2,
		"total": 238
	}
}

Our services start for free, providing 50,000 requests monthly, or you can upgrade to enjoy more features and a monthly quota of 10 million requests. Learn more about our offering here.

Frequently Asked Questions

The legality of scraping StockX can vary depending on where you live, but it is generally legal. Collecting data that is publicly available on the web is allowed. Recent legal cases involving Bright Data against Meta, Twitter, and LinkedIn, which Bright Data won, show that scraping is legal as long as it doesn’t harm the website. Read more about Bright Data vs Meta.

Can StockX be scraped?

Yes, it can be done. StockX uses SEO techniques like sitemaps, JSON-LD, and meta tags, which means search engines can easily access StockX to optimize SEO. While it’s more complicated for regular users like us to access this data, it’s not impossible.

Conclusion

In this guide, we learned how to scrape StockX data to collect e-commerce information, helping businesses make data-driven decisions. We believe this data should be public and easier to access, which is why KicksDB exists today!

Thank you for following our guide.

Back to all posts