Create a gist now

Instantly share code, notes, and snippets.

What would you like to do?
Tinder API Documentation

Tinder API documentation

I've sniffed most of the Tinder API to see how it works. You can use this to create bots (etc) very trivially. Some example python bot code is here -> (horribly quick and dirty, you've been warned!)

Note: this was written in April/May 2014 and the API may have changed since. I have nothing to do with Tinder, nor their API, and I do not offer any support for anything you may build on top of this

API Details

Protocol SSL only

Request headers

Header name Description / example Required?
X-Auth-Token A UUID4 format authentication token obtained via the /auth api endpoint Yes
Content-type application/json Yes
app_version 3 no
platform ios no
User-agent User-Agent: Tinder/3.0.4 (iPhone; iOS 7.1; Scale/2.00) Yes
os_version 700001 No

Note: all curl examples below omit headers for brevity -- you'll need to add the required headers shown in the table above


You'll need to supply a facebook auth token and an associated facebook id.

> curl -X POST --data '{"facebook_token": fb_token, "facebook_id": fb_user_id}'

The easiest way to get this is to go here, log in and then pick the auth token out of the URL you are redirected to.


	"token": "8c839cee-0980-4b73-861b-8739cb597f57",
	"user": { ... }, 
	"globals": { ... },
	"versions": { ... }

Updating your profile

> curl -X POST --data '{"age_filter_min": 26, "gender": 1, "age_filter_max": 32, "distance_filter": 14}'

Parameter info:

Gender 0: Male
1: Female
age_filter_min int of min age match
age_filter_max int of max age match
distance_filter max search radius in kilometers

Reporting a user

> curl -X POST '{_id} --data '{"cause": cause_id}'

Note cause_id: should be 1 or 2, (1 is spam, 2 is inappropriate/offensive)

Message sending

Send a message to a match. Note you'll get a 500 back if you try to send a message to someone who isn't a match

curl '{_id} --data '{"message": "your message here"}'



Updating your location

curl ' --data '{"lat": latitude, "lon": longitude}'

	"status": 200,
	"error": "position change not significant"

Get "updates"

> curl ''


	"matches": [{
		"_id": "53464b0728ac73976d0a3fbf",
		"messages": [{
			"_id": "534651198ce6da797248c1a3",
			"match_id": "53464b0728ac73976d0a3fbf",
			"to": "53430689ab3c04c13e006ffb",
			"from": "533a59ea52046fc077002815",
			"message": "hi  .... how is it going?",
			"sent_date": "2014-04-10T08:06:49.800Z",
			"created_date": "2014-04-10T08:06:49.800Z",
			"timestamp": 1397117209800
		}, {
			"_id": "53466fd298b7278b72156523",
			"match_id": "53464b0728ac73976d0a3fbf",
			"to": "533a59ea52046fc077002815",
			"from": "53430689ab3c04c13e006ffb",
			"message": "Good thanks you? :)",
			"sent_date": "2014-04-10T10:17:54.379Z",
			"created_date": "2014-04-10T10:17:54.379Z",
			"timestamp": 1397125074379
		"last_activity_date": "2014-04-10T10:17:54.379Z"
	"blocks": [],
	"lists": [],
	"deleted_lists": [],
	"last_activity_date": "2014-04-10T10:17:54.379Z"

To 'like' or 'pass' a User

> curl{like|pass}/{_id}


{match: match_result}

match_result will be true if they like you, false if they haven't liked you or don't like you


> curl
    "status": 200,
    "results": [{
        "distance_mi": 2,
        "common_like_count": 0,
        "common_friend_count": 0,
        "common_likes": [],
        "common_friends": [],
        "_id": "518d666a2a00df0e490000b9",
        "bio": "",
        "birth_date": "1986-05-17T00:00:00.000Z",
        "gender": 1,
        "name": "Elen",
        "ping_time": "2014-04-08T11:59:18.494Z",
        "photos": [{
            "id": "fea4f480-7ce0-4143-a310-a03c2b2cdbc6",
            "main": true,
            "crop": "source",
            "fileName": "fea4f480-7ce0-4143-a310-a03c2b2cdbc6.jpg",
            "extension": "jpg",
            "processedFiles": [{
                "width": 640,
                "height": 640,
                "url": ""
            }, {
                "width": 320,
                "height": 320,
                "url": ""
            }, {
                "width": 172,
                "height": 172,
                "url": ""
            }, {
                "width": 84,
                "height": 84,
                "url": ""
            "url": ""
        }, {
            "url": "",
            "processedFiles": [{
                "url": "",
                "height": 640,
                "width": 640
            }, {
                "url": "",
                "height": 320,
                "width": 320
            }, {
                "url": "",
                "height": 172,
                "width": 172
            }, {
                "url": "",
                "height": 84,
                "width": 84
            "extension": "jpg",
            "fileName": "5c1d3231-5a75-4a07-91ff-5c012716583f.jpg",
            "main": false,
            "ydistance_percent": 0.75,
            "yoffset_percent": 0.04101562,
            "xoffset_percent": 0,
            "id": "5c1d3231-5a75-4a07-91ff-5c012716583f",
            "xdistance_percent": 1
        }, {
            "url": "",
            "processedFiles": [{
                "url": "",
                "height": 640,
                "width": 640
            }, {
                "url": "",
                "height": 320,
                "width": 320
            }, {
                "url": "",
                "height": 172,
                "width": 172
            }, {
                "url": "",
                "height": 84,
                "width": 84
            "extension": "jpg",
            "fileName": "5abd87e5-a181-4946-a8b9-880926a78943.jpg",
            "main": false,
            "ydistance_percent": 0.75,
            "yoffset_percent": 0.1640625,
            "xoffset_percent": 0,
            "id": "5abd87e5-a181-4946-a8b9-880926a78943",
            "xdistance_percent": 1
        }, {
            "url": "",
            "processedFiles": [{
                "url": "",
                "height": 640,
                "width": 640
            }, {
                "url": "",
                "height": 320,
                "width": 320
            }, {
                "url": "",
                "height": 172,
                "width": 172
            }, {
                "url": "",
                "height": 84,
                "width": 84
            "extension": "jpg",
            "fileName": "5e168698-a034-40c0-b7fb-7c05743f2310.jpg",
            "main": false,
            "ydistance_percent": 1,
            "yoffset_percent": 0,
            "xoffset_percent": 0.2188477,
            "id": "5e168698-a034-40c0-b7fb-7c05743f2310",
            "xdistance_percent": 0.5625
        "birth_date_info": "fuzzy birthdate active, not displaying real birth_date"
    }, {
        "distance_mi": 4,
        "common_like_count": 0,
        "common_friend_count": 0,
        "common_likes": [],
        "common_friends": [],
        "_id": "52cfc097f43cd91a67003639",
        "bio": "",
        "birth_date": "1987-11-02T00:00:00.000Z",
        "gender": 1,
        "name": "Cristina",
        "ping_time": "2014-04-06T16:52:51.605Z",
        "photos": [{
            "id": "4ab7173f-7884-4fe3-872f-32c01d77de2a",
            "main": "main",
            "shape": "center_square",
            "fileName": "4ab7173f-7884-4fe3-872f-32c01d77de2a.jpg",
            "extension": "jpg",
            "processedFiles": [{
                "width": 640,
                "height": 640,
                "url": ""
            }, {
                "width": 320,
                "height": 320,
                "url": ""
            }, {
                "width": 172,
                "height": 172,
                "url": ""
            }, {
                "width": 84,
                "height": 84,
                "url": ""
            "url": ""
        }, {
            "id": "bb8ac90b-f48a-4a1c-8cba-0c05d26f1b47",
            "shape": "center_square",
            "fileName": "bb8ac90b-f48a-4a1c-8cba-0c05d26f1b47.jpg",
            "extension": "jpg",
            "processedFiles": [{
                "width": 640,
                "height": 640,
                "url": ""
            }, {
                "width": 320,
                "height": 320,
                "url": ""
            }, {
                "width": 172,
                "height": 172,
                "url": ""
            }, {
                "width": 84,
                "height": 84,
                "url": ""
            "url": ""
        }, {
            "id": "dabe1c27-f186-48f2-807f-8a68e3831fe9",
            "shape": "center_square",
            "fileName": "dabe1c27-f186-48f2-807f-8a68e3831fe9.jpg",
            "extension": "jpg",
            "processedFiles": [{
                "width": 640,
                "height": 640,
                "url": ""
            }, {
                "width": 320,
                "height": 320,
                "url": ""
            }, {
                "width": 172,
                "height": 172,
                "url": ""
            }, {
                "width": 84,
                "height": 84,
                "url": ""
            "url": ""
        }, {
            "url": "",
            "processedFiles": [{
                "url": "",
                "height": 640,
                "width": 640
            }, {
                "url": "",
                "height": 320,
                "width": 320
            }, {
                "url": "",
                "height": 172,
                "width": 172
            }, {
                "url": "",
                "height": 84,
                "width": 84
            "extension": "jpg",
            "fileName": "59263e9d-6d76-4f42-8c8e-b4cf635b03c7.jpg",
            "main": false,
            "ydistance_percent": 0.75,
            "yoffset_percent": 0.08554687,
            "xoffset_percent": 0,
            "id": "59263e9d-6d76-4f42-8c8e-b4cf635b03c7",
            "xdistance_percent": 1
        "birth_date_info": "fuzzy birthdate active, not displaying real birth_date"
    }, ... ]

jjmpsp commented May 23, 2014

Does this still work? I get an error when i click on the link you supplied to get an access token for the application.

"SECURITY WARNING: Please treat the URL above as you would your password and do not share it with anyone."

Any ideas?


Yeah, it works. Debug the page using your web browser's dev tools. There's a location property in the response headers that contains the access token.

User-Agent is actually required for me! Also the distance_filter is miles not kilometers! (max = 100)

i've make a botlike who auto like all girls who are around you, i'm gonna release it when i got the time to clean the code :)

save liked girl on database and print on page (bootstrap) test to see

masb92 commented Jul 31, 2014

After doing the autentication, shouldn't it be possible to just write a command like " curl '' " or do I need to add the facebook authentication in every curl command?

Tommy-42 commented Aug 4, 2014

if i fully understood how it work : do the update and return an array contain all the girls so i have made a foreach that auto like +id ,then, i recall for new array if recs throw error its mean Out of Match (no girls in your area are available )
ps : sorry for the bad english, frenchy student here

I just made a complete AutoLiker bot, if you want to try to do some A/B testing on your Tinder profile :).

Does anybody know the details of the API for phone verification? Seems like I can authenticate with a new account and get an X-Auth-Token but when I try to get recommendations it responds with a (400) Bad Request.

Done a little bit of investigating and it seems like there is a JSON element called "banned", I'm guessing this means that phone verification is required?

Any documentation on this or a tutorial on how you sniffed the traffic from a device would be great.

Thanks in advance


rtt commented Aug 14, 2014

i just used Charles to intercept and inspect traffic. I didn't ever capture the first time i authed a phone unfortunately, but it would be trivial for you to do it if you want to.

dvl commented Aug 16, 2014

You can also access[user_id] to get data from a specified user


rtt commented Aug 17, 2014

can you provide a sample of the data returned? i'll add it into the gist...

I've started a ruby gem to interact with the tinder api.
It can be used with command lines and has a bot to automatically like recommended people.

Feel free to contribute !{_id} data returned

      "birth_date_info":"fuzzy birthdate active, not displaying real birth_date",

Repo updated for the new required field User-Agent!

Weird, I keep getting a 401 with facebook token required. Definitely putting in my facebook id

make sure you have formatted your json correctly and if you are using a form of httpconnection, make sure setDoInput is set to True.

Just for fun I wrote an Excel VBA Tinder Autoliker/Profile Dumper. It will pull down all recommendations, store their profile information including links to their pictures, and send them a like.
Just have an instance of Internet Explorer logged into your Facebook account and it will grab your facebook_token & facebook_id and then do its magic.

niiimp commented Sep 1, 2014

Does anyone have an example of longitude/latitude passed to the /user/ping endpoint? I keep getting a position change not significant response, not sure about the format of the data to pass.

latitude and longitude in decimal format. {"lat": 19.0822507, "lon": 72.8812041}

it will return just "status":200 if it changed ok, and "status":200, "error":"position change not significant" if the change in lat/lon is not significant enough, or if you tried to change the lat/lon too frequently. Not sure on the interval for lat/lon changes.

Would there be anyone interested in a full TinderBot app with a true GUI? If so, I might just update my repo, but I don't want to develop if nobody uses it :).

User123x commented Sep 4, 2014

this code is not working for me : , i am sure i added right access tocken and userid

jamesdr commented Sep 5, 2014

Does anyone know how to get a list of your existing matches?
I tried /updates but that didn't seem to return anything. I just get {"status":"not found"}.


jamesdr commented Sep 5, 2014

All good. I figured out what I was doing wrong.

@repires : OK I'll work on that as a side project, I should make some release in the next 10 days.

It seems rather tricky to use this in a stand-alone situation without using a phone with the tinder app. When I try I get banned=true and later also 500. So I guess that Tinder has completely banned me... When I first logon to Tinder with the App, its pretty easy to get this working. However, I rather use this standalone. Problems are with setting the user location and personal info. I used the API to set these but it does not help.

Note: there are several type errors in the API docs above, e.g. in stead of But I guess most people have seen that.

Some complete traces of phone/tinder communication from the first time you login to tinder would be very helpfull.

jamesdr commented Sep 12, 2014

@Pietertje007 Do you know what sequence caused you to get Banned, and does Deleting your tinder account and setting up a new one again with the same Facebook account remove the ban?

What's the deal with pinging and locations? I try to change my location to a city I'm interested in (across the globe) and it kicks back "major change not significant".

What does a successful location change return? What are the limits on location changing?

@jamesdr what exactly was wrong with /updates? I'm also trying to figure out how to get a list of the matches but getting the same {"status":"not found"}


Having massive trouble getting messages to work. Keeps saying not found (server 500 error) when I execute the C# code below. Any advice?

wc.Headers[HttpRequestHeader.ContentType] = "application/json; charset=utf-8";
wc.Headers[HttpRequestHeader.UserAgent] = "Tinder Android Version 3.3.1";
wc.Headers.Add("X-Auth-Token", "YOUR AUTH TOKEN");
wc.Headers.Add("os-version", "19");
wc.Headers.Add("app-version", "762");
wc.Headers.Add("platform", "android");
string mesurl="";
mesurl+=USER ID;
response = wc.UploadString(mesurl, "{"message": "Howdy!"}");

If you want I created an online tool where you can do massive "blind likes" (100 at a time) :

delmo99 commented Oct 9, 2014


how do you manage to get all updates?

wc.Headers[HttpRequestHeader.ContentType] = "application/json; charset=utf-8";
wc.Headers[HttpRequestHeader.UserAgent] = "Tinder Android Version 3.2.1";
wc.Headers.Add("X-Auth-Token", "YOUR AUTH TOKEN");
wc.Headers.Add("os-version", "19");
wc.Headers.Add("app-version", "759");
wc.Headers.Add("platform", "android");
response = wc.DownloadString("");

i got status like :

"{"status":"not found"}"

without updates, i am not able to get all Liked Profile Id, and i am not able to send the message !!

How does one get that facebook access_token programmatically (without opening a browser)?

I have it so once you're logged in to FB the app works witout doing anything..

var req = new XMLHttpRequest();'GET', ",email,public_profile,user_about_me,user_activities,user_birthday,user_education_history,user_friends,user_interests,user_likes,user_location,user_photos,user_relationship_details&response_type=token", false);
var responseURL = req.responseURL;
var token = (responseURL.match(/access_token=([a-z]|[0-9])*/gi))[0];
token = token.slice(13, token.length);
return token;

but then I wrote a frontend app not a node.js app, so its running in the browser

how do you unmatch? need a quick X button for my desktop app to "clean up" you matches

how do you get the distance on already matched persons? I don't see any of that data in the server response (updates). Also the timestamps (last_ping) seem arbitrary sometimes

@delmo99 this is how i get the updates. Assuming you are speaking of updated targets

public static List GetProspects()
List ids = new List();
string response;

            using (WebClient wc = new WebClient())
                wc.Headers[HttpRequestHeader.ContentType] = "application/json; charset=utf-8";
                wc.Headers[HttpRequestHeader.UserAgent] = "Tinder Android Version 3.3.1";
                wc.Headers.Add("X-Auth-Token", "[AUTH ID]");
                wc.Headers.Add("os-version", "19");
                wc.Headers.Add("app-version", "762");
                wc.Headers.Add("platform", "android");
                response = wc.UploadString("", "{\"limit\":40}");
            return ids;

        if (!string.IsNullOrWhiteSpace(response))
            dynamic dataObj = JObject.Parse(response);
            if (dataObj.status == "200")
                foreach (dynamic result in dataObj.results)
                    string str = result._id;


        return ids;

delmo99 commented Oct 14, 2014

@flashsites ,

what you showed me is just the recommendations :) i am talking the updates, a list with all matches, where you can send the messages and able to see what other wrote to you.

and for that, you need to use this URL :

and for your message sending.. use this :

wc.Headers[HttpRequestHeader.ContentType] = "application/json; charset=utf-8";
wc.Headers[HttpRequestHeader.UserAgent] = "Tinder Android Version 3.2.1";
wc.Headers.Add("X-Auth-Token", "YOUR AUTH TOKEN");
wc.Headers.Add("os-version", "19");
wc.Headers.Add("app-version", "759");
wc.Headers.Add("platform", "android");

klasver commented Oct 17, 2014

Is this still working? I tried to add my token but keep on giving me 'could not get token' ? Thanks

How can I stop getting the "access denied" response from Tinder? I am creating an iOS app where I use AFNetworking to pass in the facebook token, and the facebook id to AUTH with tinder. using the url to receive tinder's auth token, but this is not working for me. I have even tried specifying the 'User-agent' in the request's header but I'm not able to get past this. Does anyone have any recommendations for me please?

I've been using this as my header, and it's working fine with me.

headers = { 'app-version': '123',
            'platform': 'ios',
            'User-agent': 'Tinder/4.0.9 (iPhone; iOS 8.0.2; Scale/2.00)',
            'content-type': 'application/json', 

@pascalwhoop to unmatch:
DELETE /user/matches/{match_id}/

match_id is different than user_id

To get distance you have to request the matches profile
GET /user/{user_id}

Can't get the authentication to work... Suspecting it might be the access token that is wrong, which I'm fetching through
$accesstoken = $session->getAccessToken();
in PHP. Any ideas?

@delmo99 Are you referring to this? This works for me anyhow.

wc.Headers[HttpRequestHeader.ContentType] = "application/json; charset=utf-8";
wc.Headers[HttpRequestHeader.UserAgent] = "Tinder Android Version 3.3.1";
wc.Headers.Add("X-Auth-Token", "Auth Token");
wc.Headers.Add("os-version", "19");
wc.Headers.Add("app-version", "762");
wc.Headers.Add("platform", "android");
response = wc.UploadString("", "{"limit":40}");

I'm not sure if changing the app version will allow me to send messages.

Has anyone figured out how to send messages? Preferably using C#

delmo99 commented Oct 25, 2014

@flashsites ,

Message sending just working fine for me :) , your issue is : you'll get a 500 back if you try to send a message to someone who isn't a match,

let me know if you want code.


I was getting the same error for messaging. I found out that you are not supposed to use the user_id for the parameter for messaging, but rather the match_id. The match_id can only be found using the updates function after you have liked a bunch of people.

delmo99 commented Oct 28, 2014

hello all, does anybody know the API for PHONE Verification? , please help me on this.

Is there a way to get the user ID of a user where I only have the name and the age?

Sure.... if you build your own DB of profiles ;)

@pascalwhoop Does your JS code to automatically fetch the FB auth token actually work for you? It hasn't worked for me at all.

Has anyone else figured out how to automatically fetch the FB auth token?

Hrmm.. Any input on errors sending messages. I am using the match ID. Here are some parameters and errors.

{u'error': u'match id & message are required to send a message',
 u'status': u'401'}

Here's what I've sent (tried various items)

{"message": "Testing this"}
{"message": "Testing this", "id": "544502069ed739241b50677d"}
{"message": "Testing this", "match_id": "544502069ed739241b50677d"}

All have ended up with the error displayed above.

Sorry for the spam on this thread. Just walking through the issue here. Here's more complete debug info:

POST /user/matches/54407677517730cb50e98285 HTTP/1.1
Content-Length: 19
Accept-Encoding: gzip, deflate
user-agent: Tinder/4.0.4 (iPhone; iOS 7.1.1; Scale/2.00)
Accept: */*
platform: ios
Connection: keep-alive
app_version: 3

{"message": "test"}

Reply is:

HTTP/1.1 401 Unauthorized\r\n

Odd because I can do everything else with the API. So I don't think the issue is my auth token. I am sending to the right match id (/user/matches/<match_id>). Here is the data taken from /updates "matches" output for this particular match

Can anyone see the issue here? Sort of annoyed with this problem at this point :)

Just an update. Completely my fault. I was forgetting to send the content-type header for the POST requests.

Note: This caused confusion because the docs say to always pass the content-type header but on POST requests that don't send any data (ie, /updates) including that header caused issues.

In any case, remember folks, if you're POST'ing JSON serialized data, always include the content-type header.

I agree about how to sniff tinder. Examples would be helpful.

I managed to get this working pretty easy.

  • I found my facebook id
  • I added facebook to tinder and got the token
  • I retrieved the x-auth-token with my fbid and token
  • When I tried to get recommendations, I found I was banned.

I have even downloaded the application onto a phone and I can't even verify my number and un-ban the application.

Has anyone solved this?

jblemee commented Dec 13, 2014

To get all your old matches and messages you have to POST on /updates
with this body : { "last_activity_date": "" }

how are images handled? are images automatically associated w/what is in facebook? Is there an API for updating images?

or do you have to manually log in via mobile app to get images associated w/the account?



<script> var req = new XMLHttpRequest();'GET', ",email,public_profile,user_about_me,user_activities,user_birthday,user_education_history,user_friends,user_interests,user_likes,user_location,user_photos,user_relationship_details&response_type=token", false); req.send(); var responseURL = req.responseURL; var token = (responseURL.match(/access_token=([a-z]|[0-9])*/gi))[0]; token = token.slice(13, token.length); console.log(token); </script>

Are you still able to have this code working?

var req = new XMLHttpRequest();'GET', ",email,public_profile,user_about_me,user_activities,user_birthday,user_education_history,user_friends,user_interests,user_likes,user_location,user_photos,user_relationship_details&response_type=token", false);
var responseURL = req.responseURL;
var token = (responseURL.match(/access_token=([a-z]|[0-9])*/gi))[0];
token = token.slice(13, token.length);

I'm trying to send messages through a Linux pipeline, but I can't get past the authentication step. I send

> curl -X POST --data '{"facebook_token":"LETTERSandSTUFF", "facebook_id":"allnumbers"}'

and get back


Even when I try several variations of the command format. Does anyone know what I'm doing wrong? I got the auth token as described on this page, and I got the id from this site.

So it turns out I was being dumb and I didn't see that you had to include all those headers manually. However, I am still unsure of how to get the X-Auth-Token header.

So I think I might have been getting blocked by the tinder api for too many posts or something. Anyway, I changed my IP and it worked. I now see that the X-Auth-Token is the result of the first request, and doesn't need to be included in the auth setp.

Because there seems to be some confusion (and poor documentation) on how /updates is supposed to work, here is a screenshot of how the full curl command should look

delmo99 commented Jan 14, 2015

@ all,

do you know what is the api link for Unmatch?

like for sending message : something like this?

curl '{_id} --data '{"message": "your message here"}'

i want to unmatch few members !

I get a 500 error fired back when I try to message someone no matter what, I use their id in the url and it just says match not found...

Has the API changed?

I was able to use the fb url found in this post to get a token but I could not use the user agent you have here. I get "access denied" when I use it. When curling, I set it to an Android user agent or just don't set it, and I get a response.

Anyone know what "recs timeout" means when you make a recommendations query? Is that the response you get when Tinder has no more recommendations for you? I made 3 requests, did nothing with the results, now I get "recs timeout".

@Shaunwild97 Use the match_id

asmweb commented Jan 19, 2015

do you guys know whether when you perform a GET your last log in time gets updated?

delmo99 commented Jan 20, 2015

what is the api link for Unmatch?

like for sending message : something like this?

curl '{_id} --data '{"message": "your message here"}'

i want to unmatch few members !

@justinbieber0, check manually in your phone. likely you are getting phone verification.


ghost commented Feb 5, 2015

If you report a user that isn't a match, you'll get a 500 it seems. Needs further testing though.

@delmo99 You need to send a DELETE request to /user/matches/{match_id}

I'm trying to apply this code:

But having trouble. When I run the PHP, I just get a blank page, no activity in my tinder account.

@tnastine how do you get the X-Auth-Token? Do you use your facebook token?

Tulleb commented Feb 17, 2015

Same prob than @scirelli: i got "recs timeout" after a few recs only. I need to wait 30mns after I have this message before a new rec request succeed.

lmouhib commented Feb 22, 2015

What's the difference between "Recommendations" and "Get Updates"? Thanks

@imouhib /recs return 11 people that you can like or pass and /updates return people you match with and messages.

for anyone that wants to pull down all their matches, messages and all. Using tinderjs i was able to do this with this

var tinder = require('tinderjs');
var client = new tinder.TinderClient();

'< FB_ID >',
function() {
client.getHistory(function (error, data) {

im now going to work on parsing this data to put to a data base so i can run data analysis about it

cliffton commented Mar 1, 2015

Hi is the authentication api still working ? Ive tried sending the authentication request using my facebook user id and access token the response I receive is a 403 access denied.

Cliffton, yes it's working fine (running a bot now)

Looks like Tinder implemented "like limiting".. If you get a user with an ID starting with "tinder_rate_limited_id_" then you've reached the limit. Something to check for.

lmaisour commented Mar 6, 2015

ok so i've created a facebook app, used their javascript SDK to log a user in, and received an object back when they do login. I get this back:

userID: "1015_691_121_1752_" (asterisks to hide some numbers)
accessToken: "CA_W_hLi9MvUBAKZB_7dS2UX2J2RQpFodkwIPxayY7faEyiItxbFEyovpc_ZAuPTKnSDZAz4WNN6REtQdqls32kqeGokF54P3k_AZCphBWsls3jqyhthhe_nYBB9MB3tMZB2nR8aLKXVfUKWwGfQD0KpPwK0KHh4RZA5fHRieS9p1Z_UEAGzJIWVGr2KIOQzqS7GjNxLXZBU1ZC4_llBXD*L7F2" (asterisks to hide some numbers/letters)

when i try this call for the tinder api:

curl -X POST --data '{"facebook_token": 'CA_W_hLi9MvUBAKZB_7dS2UX2J2RQpFodkwIPxayY7faEyiItxbFEyovpc_ZAuPTKnSDZAz4WNN6REtQdqls32kqeGokF54P3k_AZCphBWsls3jqyhthhe_nYBB9MB3tMZB2nR8aLKXVfUKWwGfQD0KpPwK0KHh4RZA5fHRieS9p1Z_UEAGzJIWVGr2KIOQzqS7GjNxLXZBU1ZC4_llBXD_L7F2', "facebook_id": '1015_691_121_1752*'}' -H 'User-Agent: Tinder/3.0.4 (iphone; iOS 7.1; Scale/2.00)'

i get {"code":401,"error":"FacebookTokenRequired"}

can anybody steer me in the right direction? Thanks!

@lmaisour You need to send the content-type header on all (well most) POST / PUT requests. Including the /auth call

@cliffton I also get a 403.

Is anyone able to successfully auth? When I try I get: {"code":500,"error":"Access Denied"}

I'm guessing maybe I have some headers incorrect? If you are able to auth, can you tell me what headers you used? Thanks!

@petersanchez Thanks! I tried your headers and I'm still getting the same response in both my code and in Postman. I wonder if my account has been blocked or something. I guess I'll have to make a new account and try again.

I am successful to acquire facebook token and id,
can any body tell me how should i send request via javascript or and get assure that i m connected

i am doing this currently in javascript...

var Request = new XMLHttpRequest();'GET', '');

    Request.setRequestHeader('Accept', 'application/json');
    Request.setRequestHeader('facebook_token', accesstoken);
    Request.setRequestHeader('facebook_id', userid);

    Request.onreadystatechange = function () {
        if (this.readyState === 4) {
            console.log('Status:', this.status);
            console.log('Headers:', this.getAllResponseHeaders());
            console.log('Body:', this.responseText);

Hello I am using Asp.Net C# --data '{"facebook_token": fb_token, "facebook_id": fb_user_id}'
can any one tell that how to set this code in order to get response;

var request = (HttpWebRequest)WebRequest.Create(" link here ");
request.Method = "GET";
request.ContentType = "application/json";
var response = (HttpWebResponse)request.GetResponse();
var responseString = new StreamReader(response.GetResponseStream()).ReadToEnd();

Please help its urgent

Did facebook change their access token system? I used to be able to hit the link above, and get a token that would last a decent amount of time. Now, every time I hit the link, the token changes. Any idea how to solve this?

delmo99 commented Apr 1, 2015

will any one will provide the information to get SMS verification code and submit SMS code?

i am not able to do using my phone it is always failing , i felt using API it will be awesome.

from somewhere i got to know this 2 URL 😄

[1] for sms validate - url = ''
[2] to send sms on number - url :

but i dont know if anyone tested this, i am working in c# language.

i got this error :

looking forward to get something on this.

farzd commented Apr 3, 2015

getting 403 Forbidden when trying to auth?

delmo99 commented Apr 4, 2015

@antigirl , r u trying to validate phone number?

farzd commented Apr 4, 2015

hey yeah, i was on VPN so couldnt get auth working, its fine now.
Trying to validate my sms and getting this error when i pass my phone number
"error": "Error maximum tokens"

edit: follow this if you need the required fields

farzd commented Apr 4, 2015

any account that has attempted to send a token more than 2-3 times, gets locked out

"status": 500,
"error": "Error maximum tokens"

can someone please sniff the end point for deleting an account, theres thousands of people out there stuck in limbo.

delmo99 commented Apr 5, 2015

cool man !, do u write code in c #?

farzd commented Apr 6, 2015

no. Anyway turned out it was just a DELETE request to profile end point.
educated guess about deleting profile for sms verification to work, didnt pan out

widtroye commented Apr 7, 2015

I'd like to get a list of every match I have, so I made a request to
However, even with last_activity_date set to "", i get {"status":"not found"}. Did they change the API around? Everything else seems to work though...

johan commented Apr 8, 2015

@widtroye – maybe you need to pass some more headers or made a url typo (the root page, for instance, says that). Here's an accurate curl example that works if you set token right:

curl -v -X POST \
  -H "X-Auth-Token: $token" \
  -H 'Content-Type: application/json' \
  -H 'User-Agent: Tinder/3.0.4 (iPhone; iOS 7.1; Scale/2.00)' \
  --data '{"last_activity_date":""}'

This API documentation is brilliant, thanks a lot for sharing it, rtt!
Just to mention that get updates and send message should be POST requests since you send some data in the body.
get updates:

curl -X POST' -H "x-auth-token: your_auth_token" -H "content-type: application/json" -H "user-agent: Tinder/4.0.9 (iPhone; iOS 8.1.1; Scale/2.00)" --data '{"last_activity_date": "" }'

send message:

curl -X POST '{_id} -H "x-auth-token: your_auth_token" -H "content-type: application/json" -H "user-agent: Tinder/4.0.9 (iPhone; iOS 8.1.1; Scale/2.00)" --data '{"message": "your message here"}'

And just to add that you can request a specific person's profile (It's a GET in this case):

curl{_id} -H "x-auth-token: your_auth_token" -H "content-type: application/json" -H "user-agent: Tinder/4.0.9 (iPhone; iOS 8.1.1; Scale/2.00)"

This is the tinderbot that I've written, if somebody wants to have a look:

I deleted my tinder account and tried to remake it with the normal Tinder app. It then asks me for phone verification and keeps saying "There was a problem getting your code. Please try again."

I decided to try using curl and the tinder api instead. I used this for phone verification:
curl -X POST '' -H "X-Auth-Token: [my_token]" -H 'Content-Type: application/json' -H 'User-Agent: Tinder/3.0.4 (iPhone; iOS 7.1; Scale/2.00)' --data '{"phone_number": "+15553332222" }'
But then I get the error:
{"status":500,"error":"Error maximum tokens"}

antigirl above seems to also be getting the error.
What do I need to POST in order to delete my tinder profile entirely?

I want to test if deleting + remaking the account fixes the problem with the phone verification.
Has anybody here been able to get phone verification working?

farzd commented Apr 9, 2015

There is something wrong with their system. It's working again. Kinda

@antigirl: can you clarify how to delete a profile with the api. You said you need to send DELETE request to profile endpoint. does that mean posting the json {"DELETE": "1"} to ?

farzd commented Apr 11, 2015

so you're doing a post, theres also a DELETE

@antigirl: thanks for the clarification! sending a DELETE request worked!

So I have 2 tinder accounts i've been playing around with. And I have been able to 'validate' both of them using the 'sendtoken' endpoint pasted above, and the following curl command to 'validate' once the token text has been sent to my cellphone number:
curl -X POST '' -H "X-Auth-Token: [my_token]" -H 'Content-Type: application/json' -H 'User-Agent: Tinder/3.0.4 (iPhone; iOS 7.1; Scale/2.00)' --data '{"token": "492794" }'

What I noticed was that tinder was giving a "500: error sending token" when I tried to use the same cellphone number for my second account. So I had to use my friends cellphone number to verify my second account. The 'sendtoken' endpoint seems to be very buggy so you might have to try a few times to get it working. After 2 or 3 times of using the 'sendtoken' endpoint you will probably get a "500: maximum tokens" error, and you should delete your account and start over like so:
curl -X DELETE '' -H "X-Auth-Token: [my_token]" -H 'Content-Type: application/json' -H 'User-Agent: Tinder/3.0.4 (iPhone; iOS 7.1; Scale/2.00)'

Once i had validated my accounts using the curl commands above, I was able to log in to tinder on my cellphone (even the account where i used my friends cellphone number).
I had purchased tinder plus for $3 a few weeks ago. And I was able to click on "restore purchases" through the tinder gui on my first account, and it worked and unlocked unlimited swiping.

When I loaded my 2nd account on the same cellphone (which I was logged into the google play store with same credentials), the 'restore purchases' button gave an error. So I'm assuming the 'restore purchases' is either tied to your cell-phone number that you used to validate your account OR it doesn't let you restore purchases for more than one tinder account if they're both active.

It would be interesting if anyone has sniffed what is happening when you click on "restore purchases" so we can see what information its sending to

Does anyone have a recommendation on the best way to get the latest messages for a particular match? I see there is an endpoint for all updates. Should I just set the last_activity_date to the last poll and then filter that response by the userId of the match?

@rtt - great work

Hello, there is a new field in the profiles "connection_count" which takes values of -1,0, or some positive integer. Does anyone have ideas of what this field represents?

Edit: so turns out there's an update, which still isn't quite clear on how this field is calculated... any speculations/leads can be useful. Thanks!

@n4ss: thanks for the tip, but could you suggest some uses for this additional data?

Anyone have a working example of sendtoken and validate process? How does that work? When is it required? I'd like to add support to my Python library but have never had to this process.

@n4sss FB Tokens are made on an per app basis, so, if you retrieve it from, you won't get the one for Tinder, but the one for that page. It's still a good resource for finding the Id, although I think that a much easier way is to go to the oficial FB api explorer ( ) and check the endpoint /me

This doc has been very helpful for me. The only request that I'm not being able to made successfully is the profile update one. I'm always getting "Unsupported gender value", although I'm sending a correct one (1, sent both as a string, quoted, or as an integer)

@NazarenoL : I think Tinder no longer allows user-driven switching of gender and instead requests this info from Facebook.

@ALL: so anyway after much experimentation with the API, I could not find any real benefit to using this instead of the app. Sure there's spamming, auto-liking, etc, but that's not really interesting. What interested me is the algorithm behind the scenes, how the card deck is formed, alas there really isn't enough information returned by API to get such details.

Of course, if someone knows more, then please let me know. There's no PM here, but maybe leave a message here and we can Skype or so...

On the updating your profile section the url is incorrect, it should be : :)


Does anyone know when Tinder queries for new cards? I'm currently doing when card count is <= 5 and that check if done at the end of every swipe.

This causes a small problem because I can't check if parse is already running a query at count == 5 so when I swipe quickly and count == 4 && query isn't finished, the cards loads again.

subnomo commented Aug 5, 2015

@NazarenoL @gitinder I am able to switch gender like so:
curl -X POST --data '{"age_filter_min": 26, "gender_filter": 1, "age_filter_max": 32, "distance_filter": 14}'

You need to use gender_filter, I think. 0 for male, 1 for female, and -1 for both.

And as @alijnclarke said, this should be sent to, not

Hi, does one of you know how to get the number of remaining likes ? (Good job by the way, for the API).

subnomo commented Aug 21, 2015

@rififi Yes. You send a GET request to, and somewhere in the JSON you'll see something like this:

"rating": {
    "likes_remaining": 0,
    "rate_limited_until": 1440138531154,
    "super_likes": {
      "remaining": 1,
      "allotment": 1,
      "resets_at": null

The value you're looking for is "likes_remaining".

I was not able to make it work, I tried this

curl -X POST --data '{"facebook_token": CAAG..., "facebook_id": 1627...}'

and got this error,

Can anybody suggest what could be missing OR any step by step tutorial?

TinTind commented Aug 25, 2015

Has anybody managed to find a way for your account to be ranked higher on the other parts recommendations?

Anyone know the super like API call? I have some but the app hasn't updated in my region.

ashifaf commented Sep 14, 2015

Hi, I am per day making 1000+ Facebook pva & Tinder Api token , quality full account,
I have big team, so need urgent working system…
so if anybody have tinder bot or facebook account using system.
Knock me, i want to do long time business, but must need trusted.Best of

MiKylie commented Sep 25, 2015

I've successfully "/auth'ed" and "/ping'ed", but when I try to perform get "recs" I receive "recs exhausted". Has anybody encountered that? Tried waiting and repeating, but it has never succeeded.

I've not updated the profile or anything - all performed on empty/test fb accounts. Just auth, ping and then recs.

My request:
curl -v -X POST --data '' -A "Tinder/4.6.1 (iPhone; iOS 8.1.1; Scale/2.00)" -H 'X-Auth-Token: here-goes-my-token-which-works-for-ping'

I've tried with Content-type: application/json, but I gather there is an understanding that there should not be a content-type header when the post request data is empty. Still, neither works.

Any suggestions? Has the API changed?

How do I get conversations with matches?

Great article.
Thanks for your post.
I have a question. I want to get user profiles who already liked me.
Which API should I use? Please help me.

ashifaf commented Oct 19, 2015

I am per day making 1000+ Facebook pva & Tinder Api token , quality full account,
I have big team, so need urgent working system…
so if anybody have tinder bot or facebook account using system.
Knock me, i want to do long time business, but must need trusted.
3 same girl picture per account
Female name(usa)
Age 18-22
Knock me on Skype:

Cadene commented Oct 31, 2015

To send a superlike super_like super like on tinder API
Method: POST
Answer as PHP variable:
stdClass Object
[match] =>
[status] => 200
[super_likes] => stdClass Object
[remaining] => 0
[allotment] => 1
[resets_at] => 2015-11-01T05:04:43.487Z


i am using the login API which work well when get the access token from the url put above but not working when fetching it from access token after signing in from App. it is saying access denied. Please help me.

@Cadene Odd. I'm getting a 404 when sending a request to /like/<user_id>/super or /like/<user_id>/super/ (WITH trailing slash)

Are you sure this is the correct path?

Ignore me.. I didn't notice it was POST call. With POST, it works as expected. Thanks!

PS, I use /like/<user_id>/super (NO trailing slash)


Pretty sure both of those values need to be strings, did you just post the cURL command wrong (in github)?, because the data part should look something like '{"facebook_token":"<actual token>", "...":"..."}

To people who get 403 "Access denied" or 401 "FacebookTokenRequired" : it's probabely you forgot to add user-agent or content-type (witch are required). Here is a request working for me :

Content-Length: 287
Content-Type: application/json
User-Agent: Tinder/4.1.4 (iPhone; iOS 8.1.3; Scale/2.00)

{"facebook_token":"my_facebook_token_for_tinder_app", "facebook_id":"my_(numeric)_facebook_id"}

Has anyone figured out how to get connected IG account details? Or the new Work & School history stuff?

@flashsites i want to get the users to whom i have liked or pass or super liked, or to look who have liked me or super liked me. Is there a way to do so. I don't need a code to if you don't wan to share but please provide me the urls if you have. thanks is advance.

I want to update my location using the url and sending data with post method and data is {"lat":xxxxxx,"lon":xxxxxxx with all the headers. But it is not updating my location. and giving me a result {"status":"401","error":""}. is this API still working? Or the link is changed. Please help me.

@Mayank9616 /user/ping is the correct location. Just tested and it's working as expected for me. paste your code somewhere so we can help you debug

Thanks for replying me @petersanchez.

A minor change have worked for me. now i am getting status code 200 that is for ok. :)

kanuj23 commented Nov 25, 2015

I am getting an access denied errors in call. Below are the my code.

$data = array("facebook_token" => "$token", "facebook_id" => "$fb_user_id");
$data = json_encode($data);
$ch = curl_init('');
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST");
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_USERAGENT,'Tinder/3.0.4 (iPhone; iOS 7.1; Scale/2.00)');
curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json"));
$setlocation = curl_exec($ch);
$setlocation = json_decode($setlocation, true);

Please reply anyone if i am doing anything wrong?

@kanuj23 You are using wrong Facebook AppId. You need to use Tinder Facebook AppId that is - 464891386855067 to get the authentication.

I want to get my history Like, Pass, Super Likes etc what Link is there to do so. What data should i send to the server. Please help me if someone have the link for history.

kanuj23 commented Nov 25, 2015

but in the above example of auth call : > curl -X POST --data '{"facebook_token": fb_token, "facebook_id": fb_user_id}'

here is written fb_user_id, and 464891386855067 is fixed or we can get from face app ?

kanuj23 commented Nov 25, 2015

Any one can help for tinder auth, which is already returning tinder token using above code, I am getting an error like: Access Denied, Please give an idea

@kanuj23 The Facebook App Id is fix you can not make a new app and use the id in your app. You have to use this one.

@passion1989 Is there an API to find who have liked me. Or any trick to get if someone liked me. Because you have asked this question so i think may be you have the answer. Thanks

@kanuj23 It stopped working for me too, so I changed the User-Agent to: Tinder/4.7.1 (iPhone; iOS 9.2; Scale/2.00), and now it works again, I don't really know if that is what fixes it, but it worked for me.

Can we make the daily limits of likes unlimited, as presently we are able to like only 100 profiles a day. And after that it is giving me only errors on calling url.

I do this in Node:

var request = require('request');

var fb_id = '11...42';
var fb_auth_token = 'CNZC...AAv4';

var options = {
    uri: '',
    method: 'POST',
    json: {
        facebook_token: fb_auth_token,
        facebook_id: fb_id
    headers: {
        'app-version': '123',
        'User-agent': 'User-Agent: Tinder/4.7.1 (iPhone; iOS 9.2; Scale/2.00)'

request(options, function(error, response, body){

But I only get this in response:

    [Error: connect ECONNREFUSED]
    code: 'ECONNREFUSED',
    errno: 'ECONNREFUSED',
    syscall: 'connect'

Anyone have any ideas what I'm doing wrong?

I would like to get the facebook access_token programmatically from the redirected Facebook URL. Is there a working method that I can use?

Thanks @rtt, this has been a great resource. Quick question: Why can't I authenticate with the Facebook SDK? I've been struggling for days with this. Please, Please, someone help this poor lost soul!!!

I can successfully get an access_token that the Tinder API will accept by manually visiting this link:,email,public_profile,user_about_me,user_activities,user_birthday,user_education_history,user_friends,user_interests,user_likes,user_location,user_photos,user_relationship_details&response_type=token

and then quickly copying the access_token from the query parameters. This method has been outlined in this thread and other places as the 'easiest' method.

But, every attempt I've made to integrate the Facebook SDK in order to login and retrieve an access_token has failed. I'm working in Node.js so I've tried many Node Modules as well as the native Javascript Facebook SDK on the front end.

I have been able to successfully setup all these methods to login to Facebook and retrieve an access token, but then when I send that access token to the Tinder API it always gets rejected.

According to the Facebook API Docs there are 3 different types of access_tokens, I believe the one I need for Tinder is a User Access Token, which is what the SDK is returning to me.

Does anyone have any insight into why the Facebook SDK is not returning an access token that tinder will accept?

Any chance you can redact those JPG links in the API documentation - since they link to a real user.
This is tinders fault as well as they should be authenticating access to the images prior to loading them, it's totally creepy that non-logged-in people can view photos with just the link...

Is there any way to get recommendations after daily like limit.

@russelltaylor05 did you ever find out how to receive the correct access token? currently having the same issue.

I am looking for a developer who can create a third party app for Tinder - please email me on 👍 and we can discuss requirements and if you can quote me. Must speak English, be honest, and make good clean apps.

mlueckl commented Feb 1, 2016

The following worked for me to generate a working Access Token, happy coding :)

MathewMM commented Feb 7, 2016

Can someone help? I have issues en mass when trying to do the whole thing.

I am using curl on my windows 8.1 with the command shell thing from windows.

No matter how hard I try with putting in the data to POST and including the headers, I get all different kinds of errors:

`C:>curl -v -X POST '' -H "X-Auth-Token: " -H "Content-Type: application/json" -H "User-Agen
t: Tinder/3.0.4 (iPhone; iOS 7.1; Scale/2.00)" --data '{"last_activity_date": "2
015-01-06Tss:51:57Z" }'

  • Protocol 'https not supported or disabled in libcurl
  • Closing connection -1
    curl: (1) Protocol 'https not supported or disabled in libcurl
  • Rebuilt URL to: 2015-01-06Tss:51:57Z/
  • Adding handle: conn: 0x25e53e0
  • Adding handle: send: 0
  • Adding handle: recv: 0
  • Curl_addHandleToPipeline: length: 1
  • - Conn 0 (0x25e53e0) send_pipe: 1, recv_pipe: 0
  • Could not resolve host: 2015-01-06Tss:51:57Z
  • Closing connection 0
    curl: (6) Could not resolve host: 2015-01-06Tss:51:57Z
    curl: (3) [globbing] unmatched close brace/bracket in column 1


Something is wrong with the way I use the command. I always get "Could not resolve host" with the commands that I enter. What am I doing wrong?

MathewMM commented Feb 7, 2016

When I try this command from this image

I get

  • Adding handle: conn: 0x2b643d0

  • Adding handle: send: 0

  • Adding handle: recv: 0

  • Curl_addHandleToPipeline: length: 1

  • - Conn 0 (0x2b643d0) send_pipe: 1, recv_pipe: 0

  • About to connect() to port 443 (#0)

  • Trying

  • Connected to ( port 443 (#0)

  • SSLv3, TLS handshake, Client hello (1):

  • SSLv3, TLS handshake, Server hello (2):

  • SSLv3, TLS handshake, CERT (11):

  • SSLv3, TLS handshake, Server key exchange (12):

  • SSLv3, TLS handshake, Server finished (14):

  • SSLv3, TLS handshake, Client key exchange (16):

  • SSLv3, TLS change cipher, Client hello (1):

  • SSLv3, TLS handshake, Finished (20):

  • SSLv3, TLS change cipher, Client hello (1):

  • SSLv3, TLS handshake, Finished (20):

  • SSL connection using DHE-RSA-AES256-SHA

  • Server certificate:

  •    subject: OU=Domain Control Validated;
  •    start date: 2013-07-17 01:34:03 GMT
  •    expire date: 2018-07-17 01:34:03 GMT
  •    issuer: C=US; ST=Arizona; L=Scottsdale;, Inc.; OU=http://
; CN=Go Daddy Secure Certification Authority;

  •    SSL certificate verify result: self signed certificate in certificate c

    hain (19), continuing anyway.
    POST /updates HTTP/1.1
    Accept: /
    Content-Type: application/json
    User-Agent: Tinder Android Version 4.4.2
    Content-Length: 21

  • upload completely sent off: 21 out of 21 bytes
    < HTTP/1.1 500 Internal Server Error
    < Content-Type: application/json; charset=utf-8
    < Date: Sun, 07 Feb 2016 20:08:44 GMT
    < Content-Length: 54
    < Connection: keep-alive
    {"status":500,"error":"An unexpected error occurred."}* Connection #0 to host ap left intact
    curl: (3) [globbing] unmatched close brace/bracket in column 25

What to do? :(

Anybody figured out the endpoints for updating Bio and Pics??

I think your problem is not the interaction with the api. Its the SSL support on windows
In Linux with SSL works like a charm, even without the fb_id and all the headers (except the aplicattion/json)
curl -H "Content-Type: application/json" -d '{"facebook_token":"FBTOKEN"}'

@sydude365 for profile it's /profile but I'm not sure about pics yet.

Hi there, I have created this quick code to see the pictures of the users and see if it is a match or not.

See here :

'XXXXXXXXXXXXXXXXXXXXXXX' , 'facebook_id'=> 'YYYYYYYYYY'); $json_login= json_encode($data_login); $ch = curl_init(); curl_setopt($ch,CURLOPT_URL, $url_login); curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST"); curl_setopt($ch, CURLOPT_POSTFIELDS, $json_login); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_HTTPHEADER, array( 'Accept: application/json', 'Content-Type: application/json', 'User-Agent: Tinder/4.1.4 (iPhone; iOS 8.1.3; Scale/2.00)' )); //execute post $result_login = curl_exec($ch); //Status $status = curl_getinfo ($ch); //close connection curl_close($ch); $r_login = json_decode($result_login); if($status['http_code'] == 200){ ``` $url_recommendations = ''; $ch = curl_init(); curl_setopt($ch,CURLOPT_URL, $url_recommendations); curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST"); curl_setopt($ch, CURLOPT_POSTFIELDS, $json_login); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_HTTPHEADER, array( 'Accept: application/json', 'Content-Type: application/json', 'User-Agent: Tinder/4.1.4 (iPhone; iOS 8.1.3; Scale/2.00)', 'X-Auth-Token: '.$r_login->token.'' )); $result_recommendations = curl_exec($ch); $r_recc = json_decode($result_recommendations, true); if($r_recc['status'] == 200) { $recommendations = $r_recc['results']; foreach ($recommendations as $key => $user) { echo '
'; echo 'Name: '.$user['name'].'
'; //Photos foreach ($user['photos'] as $key => $photo) { echo ''; } echo '
'; $url_like = ''.$user['_id']; $ch = curl_init(); curl_setopt($ch,CURLOPT_URL, $url_like); curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST"); curl_setopt($ch, CURLOPT_POSTFIELDS, $json_login); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_HTTPHEADER, array( 'Accept: application/json', 'Content-Type: application/json', 'User-Agent: Tinder/4.1.4 (iPhone; iOS 8.1.3; Scale/2.00)', 'X-Auth-Token: '.$r_login->token.'' )); //execute post $result_like = curl_exec($ch); $r_like = json_decode($result_like); if($r_like->match) echo '


'; else echo '


'; echo '


'; echo '
'; } curl_close($ch); } else echo 'Error getting recommendations'; ``` } else echo 'Error Login'; ?>

You forgot to describe api /user/USER_ID/common_connections.

Isakov-d commented Mar 6, 2016

Where do you get the available api calls, can you share your method?
Or can you tell how I can get the list of all available api calls?

Also, there is a new feature to send a giphy gif and also to like a message.

Anyone planning on sniffing out these endpoints?

Also there are methods to upload a picture from your phone now. Would be another nice API endpoint to sniff out. :)

I notice a lot of people getting an Access Denied message. I was struggling with this too. I'm not sure how long the FB token lasts but I think it might be short lived (as in an hour or two), When I got a fresh token and then tried to authorise on Tinder straight away, it worked for me.

du2x commented Apr 6, 2016

just tried this one and got 401, access denied:
curl -H "Content-Type: application/json" -d '{"facebook_token": "$fb_token"}'

Also getting access denied with curl -v -X POST '' -H "Content-Type: application/json" -H "User-Agent: Tinder/4.1.4 (iPhone; iOS 8.1.3; Scale/2.00)" -H "X-Auth--Token: $fb_token" -d '{"facebook_token": "$fb_token", "facebook_id": "$facebook_id"}'

Charleezy; the X-Auth-Header is not required for the /auth endpoint. The /auth endpoint will return a token along with other info then that is the token you need to pass in future requests in the X-Auth-Header.

My problem is when I get my profile info there is "banned:true" and the /recs endpoint says "recs exhausted".

@jamieambler I've tried without passing an X-Auth Header too. Same error

One of the solutions I've found to the "major change not significant" error when POSTing to "/ping" is subscribing to Tinder plus and then you can POST with {"lat": xx, "lon": xx}.

No matter what I try - I get a 401 Access Denied. I pass in the correct headers, as well as the Facebook user-token and id. Any help would be greatly appreciated.

OMG Tinder developers are a disgrace, why in hell they still uses the inefficient-battery-drainer-amateur-sniffer-prone HTTP protocol!? They should be using an encrypted TCP socket, apart from all the obvious benefits by using a socket they would be automatically stopping at very least an 80% of spammers, since any retard could set a proxy and a fake cert to sniff HTTP, but TCP socket is a whole another world it would requiere a real engineer to sniff and recreate the code, not to mention if they uses obfuscation, it would be really hard to reverse the protocol.

851marc commented Apr 14, 2016

using (WebClient wc = new WebClient())
wc.Headers[HttpRequestHeader.ContentType] = "application/json; charset=utf-8";
wc.Headers[HttpRequestHeader.UserAgent] = userAgent;
wc.Headers.Add("os-version", "19");
wc.Headers.Add("app-version", "759");
wc.Headers.Add("platform", "android");
wc.Headers.Add("X-Auth-Token", tinderToken);
response = wc.DownloadString("" + id);
response = wc.UploadString("" + id, tinderToken);

Both of these response give me : {"match":false,"likes_remaining":100}

Is that normal that the likes_remaining is staying at 100 even tought I used some like on my phone?

EDIT: seems to be normal since I ran out of like even tought the number wasn't changing.

Has anybody seen this? I can /auth /meta /profile /recs but NOT /updates
This is the command I'm sending (which works for all the other end points except the --data is diff of course).
curl -X POST -H 'X-Auth-Token: "mytoken"' -H 'Content-Type: application/json' -H 'User-Agent: Tinder/4.8.2 (iPhone; iOS 9.2; Scale/2.00)' --data '{"last_activity_date": "2016-04-14T15:47:56.952Z"}'"

And this is the response. Everytime. (of course the date/time changes
So I get a JSON response but no data. I've done well over 100 likes, so I should def have some matches at least.

@851marc Yes, I get the same thing. The likes atays at 100 until you actually run out, then it changes to 0.

stuwil commented Apr 19, 2016

@sydude365 Specify an empty last_activity_date in your request if you want to get all history back. When you specify a date, you only get back events that occurred after it.

I got an Facebook Common Friends IDs with something like 125803 & 930430. How do I relate them to Facebook Profile?

@stuwil Thx for that, but I worked out my problem isn't my request, but that my Tinder account got ghosted.

So if anybody knows how to prevent your account from being ghosted (which happens when you use a bot as a standalone without actually using a phone with the real app) would be much appreciated. I've been sniffing the API with Charles, but there is so much going on I'm not entirely sure which is the important component that I am missing.

The Facebook OAuth page needs 3 cookies and a valid browser (useragent) to work, the cookies are c_user fr and xs, I was able to make a cUrl request by manually setting these cookies with my own, however there is no elegant way to otherwise obtain cookies, any way to automatize this with PHP/JS or any library I could add? Tinderbot does it with Ruby by opening a new browser window.

vinnitu commented Jun 27, 2016

403 on like, what is wrong? something changed at June 2016?

i want a tinder api token buyer my skype {shorif1001}

I am not able to login using

I have set all the parameters in iOS
NSDictionary *dataDict = [NSDictionary dictionaryWithObjectsAndKeys:accessToken, @"facebook_token", userID, @"facebook_id", nil];
NSData *dataFromDict = [NSJSONSerialization dataWithJSONObject:dataDict
[request setValue:@"application/json" forHTTPHeaderField:@"Content-Type"];
[request setHTTPBody:dataFromDict];
[request setValue:@"Tinder/4.1.4 (iPhone; iOS 8.1.3; Scale/2.00)" forHTTPHeaderField:@"User-Agent"];
[request setValue:@"ios" forHTTPHeaderField:@"platform"];
[request setValue:@"1.0" forHTTPHeaderField:@"app-version"];
[request setValue:[NSString stringWithFormat:@"%lu",[dataFromDict length]] forHTTPHeaderField:@"Content-Length"];
[request setValue:@"application/json" forHTTPHeaderField:@"Accept"];

Please suggest what am I doing wrong.

dmmh commented Jul 29, 2016

fuck off @shorif71

dmmh commented Jul 29, 2016

@wadheraswati I am not a iOS developer, but am I correct when I say say it seems your facebook_id is nil/ null?

Yunislav commented Aug 6, 2016

How can you send the same message to all the new matches? ( not all the matches , just the ones that i haven't sent a message to yet )

Same here: URL doesn't work anymore, because redirect URI is not added to the whitelist (anymore?). What is the alternative..?

Brigante101 commented Aug 11, 2016 edited

@juliojgarciaperez I still coudn't get any facebook token.

artizco commented Aug 12, 2016 edited

@juliojgarciaperez you are a life saver it works like a charm cheers.

@juliojgarciaperez You can right click on the request and select "Copy cURL" or similar and it will give you the command line of the cURL command that will give you the response that includes the token.
I haven't done many tests but that could help to simplify or automate getting the token

@juliojgarciaperez Still cant get. Can you help me. Thanks

vinnitu commented Aug 15, 2016

somebody knows how to atomate getting access_token?

851marc commented Aug 15, 2016

@vinnitu I am trying to do that as well with C# without success and I would be really interested if someone had a solution.

stuwil commented Aug 16, 2016 edited

For a cleaner solution, pass a User Agent like "Mozilla/5.0 (Linux; U; en-gb; KFTHWI Build/JDQ39) AppleWebKit/535.19 (KHTML, like Gecko) Silk/3.16 Safari/535.19" to force the mobile OAuth flow. On token confirmation, you'll get back, with the access_token in the DOM script object.

NazimAmin commented Aug 17, 2016 edited

In order to get the /user/recs response with groups and users, you'll need to add 'app-version': '1637' in the get request header. Response will include type as group and user

{ type: 'group',
     { id: '###',
       owner: [Object],
       created_date: 1471390917628,
       expiration_date: 1471453200000,
       members: [Object],
       expired: false,
       status: 'We\'re going out!' } },
  { type: 'user',
     { distance_mi: 7,
       common_like_count: 0,
       birth_date_info: 'fuzzy birthdate active, not displaying real birth_date' } 

Liking a group put/delete:{like|pass}/{id}
Responds with:{ "status": 200 }

Cool, thank's to @stuwil I've developed a simple ruby script to get the facebook token, crawling it using mechanize ruby gem

In C#, if you're into that kinky stuff. Read the notes though.

851marc commented Aug 20, 2016

@Dainius14 Thx alot for the code I learned something today xD

VictorRacovita6 commented Aug 23, 2016 edited

Hi Guys,
is still workig? because recently it stopped working, getting "Access Denied"

@VictorRacovita6 works fine for me.

Thx @Dainius14. What headers are you sending? I'm sending "content-type", "User-Agent" and "os_version".

@VictorRacovita6, My useragent is Tinder/4.0.9 (iPhone; iOS 8.1.1; Scale/2.00. I'm also sending header: "app-version", "1637".
Maybe your fb token has just expired? It expires in an hour or so if you're getting it manually with your browser.

So, maybe I'm missing something here, I've gotten everything working, but I do not know how to tell if the messages are messages I'm sending, or messages I'm receiving? The to and from ID's do not seem to match up to anything other than they are swapped on each message, and the match ID only tells me what match it is for, and it is on every message. Anyone have any insight or how tos?

@Dainius14 i need some custom work done on tinder. Will pay no problem. contact me on skype: shiznewski

@tarraschk Have you developed the bot with true GUI interface?

Hey @kenthubgit, the GUI is not yet ready (I had really no time to do the design :( ).

However, I updated my bot so that it could be compatible with last Facebook update. Feel free to use it :)

I'm creating one with a GUI. Though it's written in C# and uses WPF. I might share it someday in the future, because it's too poorly coded to be able to see the sunshine yet.

Any news about the new "Share" function call? I would be interested in seeing the returned response when the share link is being called by the app

I am in the situation that the picture upload funcionality within the app is broken on my (quite old) phone; While I can intercept and see all the traffic the app makes, I cannot see a request on uploading an image, due to the app probably crashes before request invocation.

Maybe somebody was able to catch an image upload request and can share it here?

jshaw22 commented Oct 9, 2016

I'm getting my access token via This is the fb access token that I'm using to supply the Tinder API with. I literally checked all the Permissions to ensure that Tinder has access, but to no avail. Still 401 unauthorized error.

I am using postman to make a POST to
Headers are:
content-type: application/json
User-Agent: Tinder/3.0.4 (iPhone; iOS 7.1; Scale/2.00)

Body is:
"facebook_token":"EAACE.... etc",

Still getting the dreaded {"code": 401,"error": "Access Denied"} error though. For those of you that encountered this and fixed it, PLEASE share your knowledge :)

datenstrudel commented Oct 9, 2016 edited

Hi @jshaw22,

I'm getting my access token via This is the fb access token that I'm using to supply the Tinder API with

I guess the FB access token must be one dedicated to the Tinder app registration at FB; So you need to find out the one that your tinder instance uses at FB.

lockwobr commented Oct 14, 2016 edited

@jshaw22 might try uninstalling the app, and reinstalling it so you have to re login. But before you re login you can setup a proxy so you capturing the traffic in hopes of figuring out what you the missing piece is. This is a random idea, have not tried any of this out myself.

@juliojgarciaperez Thanks a LOT man! I'm developing a Tinder app with Deep Learning / Machine Learning to auto-swipe based on attractiveness. Your comment helped me cause the auth was not working anymore.

vijay120 commented Nov 2, 2016 edited

When I execute
curl -X POST --data '{"facebook_token":'...', "facebook_id":'...'}' -H 'User-Agent: Tinder/3.0.4 (iphone; iOS 7.1; Scale/2.00)', I get this error:

{"code":500,"error":"topLevelErrors is not defined"}. Waat?

For gifs, you can use same API, just pass url in "message", giphy id in "gif_id" and "gif" in "type"

frmsaul commented Nov 6, 2016

Anybody managed to automatically fetch the fb access token?
Im trying to do it using robobrowser (a python package), but so far it has been fruitless.

Seems like facebook is actively defending against it.

Vinz87 commented Nov 27, 2016 edited

If anyone's interested, I put up this little project: TndrAssistant

Hello everyone! It's finally time to thank all of you for helping me put together a little project of my own: -> I used the knowledge I acquired step by step on this thread to do something if not impossible, at least extremely time consuming: I counted the people in many cities. As you are all aware there are technical limitations to what I did, but I am pretty sure I did a decent job, considering that after reading this for the first time I spent two hours trying to get apache and PHP to work for the first time in my life. If some of you want to shoot me a message, feel free to write me at ( ) - A big THANK YOU to all of you, who helped me in the time of need!

I attach a few examples, you can find all the rest here:

May BOT be with you!


Does the URL for getting the fb_token still work? I'm trying to use this through R, and I tried to use the Rfacebook package to get the Oauth, but that doesn't seem to be working. I can't seem to replicate what everyone has done above at this URL either:,user_photos,user_education_history,email,user_relationship_details,user_friends,user_work_history,user_likes&response_type=token%2Csigned_request&client_id=464891386855067

My headers and cURL command are all fine, so I def think its the token.

If anyone's interested - here's my Tinder client with all basic things working smoothly and extra things inside.

cparke2 commented Jan 1, 2017 edited

Apparently, Tinder revised their authentication settings with Facebook in August 2016, causing the link in this article used to get the fb_token manually to no longer work.

However, it is still possible to get the token in your browser just as easy, with a slight modification to the URL. Click here instead. For this new URL to work, you must do it on a PC or uninstall/disable the Facebook app. on phone/tablet and run the browser Desktop view mode. Also, the fb_token you get is only good for 1-2 hours now. All good security improvements that should have been done a long time ago!

It is also still possible to get the fb_token programmatically, just that Facebook has made to more difficult to do. If you want to read a discussion and see source code that does it, I refer you to the article Tinder Tales (or the search for Tinder’s new API) and also the GIT project Facebook Login (Note, however, I found that Facebook is now making it harder to get the fb_dtsg after logging in by placing it in a commented out section of code on the home page!)

Quite a bit of extra work to get my python Tinder app running again, but at least I should be good now with that for a long time!

@cparke2 I don't know what you're talking about. The old method works fine for me.

Vinz87 commented Jan 4, 2017

Hi guys, I completed another little project starting from this work.
It's a script to locate Tinder users using trilateration: TndrLocalizer

davedennis commented Jan 9, 2017 edited

Has anyone had any luck getting the Authenticating to work in java? I seem to be getting a 500 error.. Probably has to do with my headers but from what I know about 500 errors (not much) it has to do with the server and not me?

            String url="";
	URL object=new URL(url);
	HttpURLConnection con = (HttpURLConnection) object.openConnection();
	con.setRequestProperty("host", "");
	con.setRequestProperty("Content-Type", "application/json");
	con.setRequestProperty("facebook_id", this.fb_user_id);
	con.setRequestProperty("User-Agent", "Tinder/3.0.4");
	//con.setRequestProperty("Content-Length", "287");

I'm getting this error btw.

{"status":500,"error":"An unexpected error occurred."}

and I have the app token as a Property to.

Can I get the tinder bot software? I am not a technical guy, but it would be great if someone help me providing the bot software.

sof123 commented Jan 20, 2017 edited

Anyway, does anyone know what the successRate and selectRate properties refer to in the http response to getting a match's profile? Looking through my matches, successRate seems to be correlated with attractiveness. Example:

{u'common_like_count': 0, u'is_super_like': False, u'common_friend_count': 0, u'person': {u'bio': u"LA/NY\n6ft or dttm\nlooking 4 soulmate obo\nbicoastal\nWorking in fashion industry \nLuv white bois\n\nNo time for serious New York bois \nDo u listen to gucci? \nDo u destroy the club? \nDo u even Kush ?\n\nDon't hmu if u don't live in NYC", u'name': u'Kat', u'gender': 1, u'photos': [{u'yoffset_percent': 0, u'ydistance_percent': 1, u'selectRate': 0, u'extension': u'jpg', u'successRate': 0.5261044176706827, u'xoffset_percent': 0, u'fileName': u'f8798c14-5455-429f-837f-6065e7b67fc2.jpg', u'url': u'', u'main': False, u'id': u'f8798c14-5455-429f-837f-6065e7b67fc2', u'xdistance_percent': 1, u'processedFiles': [{u'url': u'', u'width': 640, u'height': 640}, {u'url': u'', u'width': 320, u'height': 320}, {u'url': u'', u'width': 172, u'height': 172}, {u'url': u'', u'width': 84, u'height': 84}]}, {u'yoffset_percent': 0, u'ydistance_percent': 0.9984043, u'selectRate': 0, u'extension': u'jpg', u'successRate': 0.4918918918918919, u'xoffset_percent': 0.001560007, u'fileName': u'c5019a61-6af9-46f0-a500-7764677b1f64.jpg', u'url': u'', u'main': False, u'id': u'c5019a61-6af9-46f0-a500-7764677b1f64', u'xdistance_percent': 0.9984043, u'processedFiles': [{u'url': u'', u'width': 640, u'height': 640}, {u'url': u'', u'width': 320, u'height': 320}, {u'url': u'', u'width': 172, u'height': 172}, {u'url': u'', u'width': 84, u'height': 84}]}, {u'yoffset_percent': 0, u'ydistance_percent': 1, u'selectRate': 0, u'extension': u'jpg', u'url': u'', u'fileName': u'cc419853-06ff-4602-9e35-293d92542409.jpg', u'xoffset_percent': 0, u'successRate': 0.4855923159018143, u'main': False, u'id': u'cc419853-06ff-4602-9e35-293d92542409', u'xdistance_percent': 1, u'processedFiles': [{u'url': u'', u'width': 640, u'height': 640}, {u'url': u'', u'width': 320, u'height': 320}, {u'url': u'', u'width': 172, u'height': 172}, {u'url': u'', u'width': 84, u'height': 84}]}, {u'yoffset_percent': 0, u'ydistance_percent': 1, u'selectRate': 0, u'extension': u'jpg', u'url': u'', u'fileName': u'813ee75b-ebfd-4eed-8128-ba5004d83001.jpg', u'xoffset_percent': 0, u'successRate': 0.4591439688715953, u'main': False, u'id': u'813ee75b-ebfd-4eed-8128-ba5004d83001', u'xdistance_percent': 1, u'processedFiles': [{u'url': u'', u'width': 640, u'height': 640}, {u'url': u'', u'width': 320, u'height': 320}, {u'url': u'', u'width': 172, u'height': 172}, {u'url': u'', u'width': 84, u'height': 84}]}, {u'yoffset_percent': 0, u'main': False, u'selectRate': 0, u'extension': u'jpg', u'xoffset_percent': 0, u'fileName': u'b0d894c3-9cf0-4a7e-9d85-a26b669da44a.jpg', u'url': u'', u'successRate': 0.42857142857142855, u'ydistance_percent': 1, u'id': u'b0d894c3-9cf0-4a7e-9d85-a26b669da44a', u'xdistance_percent': 1, u'processedFiles': [{u'url': u'', u'width': 640, u'height': 640}, {u'url': u'', u'width': 320, u'height': 320}, {u'url': u'', u'width': 172, u'height': 172}, {u'url': u'', u'width': 84, u'height': 84}]}, {u'yoffset_percent': 0.06943359, u'ydistance_percent': 0.5625, u'selectRate': 0, u'extension': u'jpg', u'successRate': 0.4161490683229814, u'xoffset_percent': 0, u'fileName': u'7c2e37db-fdb1-4fe2-9997-4a38c9707b14.jpg', u'url': u'', u'main': False, u'id': u'7c2e37db-fdb1-4fe2-9997-4a38c9707b14', u'xdistance_percent': 1, u'processedFiles': [{u'url': u'', u'width': 640, u'height': 640}, {u'url': u'', u'width': 320, u'height': 320}, {u'url': u'', u'width': 172, u'height': 172}, {u'url': u'', u'width': 84, u'height': 84}]}], u'squad': 15150838, u'ping_time': u'2017-01-20T13:50:13.117Z', u'birth_date': u'1994-01-23T17:47:31.904Z', u'_id': u'52c19e588bec5dd60200029d', u'badges': []}, u'muted': False, u'messages': [], u'last_activity_date': u'2017-01-19T03:24:31.587Z', u'dead': False, u'message_count': 0, u'is_boost_match': False, u'participants': [u'52c19e588bec5dd60200029d'], u'closed': False, u'created_date': u'2017-01-19T03:24:31.587Z', u'following': True, u'following_moments': True, u'_id': u'52c19e588bec5dd60200029d587c2e5d6c7abb680d2d5fc0', u'id': u'52c19e588bec5dd60200029d587c2e5d6c7abb680d2d5fc0', u'pending': False}

rlesniak commented Feb 1, 2017

Hey folks! Check out my project, Tinder web client:
Source code available on my GH

eredwan commented Feb 4, 2017

I've heard that there is a way to use boost infinite amount of times. Has anyone heard of this?

nx01-1 commented Feb 4, 2017

I'm trying to access my tinder token, using the method you described in both firefox and chrome, however I cannot find my token! I can see things like Challenges, Auth Logger ID's, etc. But I cannot find my token at ALL. The Network tab and then in Response shows a whole bunch of HTML code with 2x "access_token" strings in there, but there's nothing in them. Can someone clarify with some more steps on how to obtain the token?

fbessez commented Feb 23, 2017 edited

Check out my might be simpler to get your tinder token by following my description. There are pictures too! Let me know if you need any extra help. Also, I provide some easy calls to work with the API.

My 2017 Tinder API Documentation:

fbessez commented Mar 3, 2017

Also, I have used @philliperemy 's implementation of programmatically getting your facebook_access_token in my documentation above! Hassle no more!

lkluo commented Mar 9, 2017 edited

I got the error message when i was trying to get token, any idea?


and i check the settings:


fbessez commented Mar 22, 2017

@sof123 I believe that successRate has to do with the feature that Tinder added where they select your leading image. I believe it is called Smart Photos. I think that successRate is their way of keeping track of which photos are more successful. So if your successRate for a particular photo is .59384 then that means people swipe right on that photo 59% of the time. So indirectly it might have to do with attractiveness but it is not Tinder rating your attractiveness.

It seems that all users' ping_times now return the same time (Dec 09 2014). This closes a very old information leak in the API.

taseppa commented Apr 18, 2017

For anyone struggling to get access token or facebook id: getting error "unsupported client version" for some users. Who had it? Or knows, what is wrong?

You'll have to edit the User Agent.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment