How to Scrape Vinted in 2026 (Without Getting Blocked)

If you have ever typed requests.get("https://www.vinted.fr/api/v2/catalog/items") into a Python REPL and watched it return 403 inside two seconds, you already know the problem with how to scrape Vinted in 2026. The catalog is publicly visible in any browser, but every datacenter IP gets flagged by Datadome before the second request finishes. This guide is the real walkthrough — what works, what doesn't, what's legal, and the no-code path for the 80% of you who don't actually want to babysit a residential proxy pool.

Everything below is what I run in production for the Vinted Smart Scraper on Apify, which has logged 97,900+ runs across 26 EU markets without my pager going off in three months.

TL;DR: Vinted has no public API for indie devs. Scraping the public catalog is the only realistic option. You need residential or mobile IPs, a real browser fingerprint, and patience. If you don't want to maintain that stack, use a managed scraper. Below is the complete playbook for both paths.

🤔 Can you scrape Vinted at all?

Yes. The Vinted catalog at vinted.fr, vinted.de, vinted.it, etc. is publicly browsable by anyone with a browser. The HTTP responses contain product listings, seller meta, photos, and prices. None of this is gated behind authentication for read access. Scraping it is technically feasible.

The hard part is staying in the air for more than a few hundred requests. Vinted runs Datadome, an industrial-grade bot detector that fingerprints your TLS handshake (JA3), checks your IP reputation, watches your timing patterns, and ramps detection if you misbehave. A naive Python requests script gets 403'd within 1-2 calls. Even a real browser through a datacenter IP rarely gets past 50 requests.

So can you scrape Vinted? Yes. Will the script you wrote at midnight last week survive 24 hours? Almost certainly not. The rest of this article is how to actually keep it running.

🔌 Does Vinted have an API I can use instead?

Yes — but not for you, probably. The official Vinted Pro API lives at pro-docs.svc.vinted.com. To get a token you need:

1. A Vinted Pro account (€30/month, sellers only)
2. Manual approval from Vinted onto an internal allowlist that nobody outside enterprise reaches

If neither of those describes you, the official API is closed. For everyone else — indie devs, resellers, market researchers, students, AI engineers — scraping the public catalog is the only realistic option.

This is the gap that makes managed scrapers like Vinted Smart Scraper on Apify commercially viable. The platform's Vinted scraper API mode acts as a Vinted API wrapper for the people who can't reach the official one.

⚖️ Is scraping Vinted legal?

Short answer: scraping publicly available data is generally legal in the EU and the US, but it violates Vinted's Terms of Service. Two precedents matter here:

• hiQ Labs v. LinkedIn (US Ninth Circuit, 2022) — courts ruled that scraping public data does not violate the CFAA. LinkedIn's terms-of-service breach claim was treated as a contract issue, not a criminal one.
• EU GDPR — applies the moment you store personally identifiable information. Seller usernames + locations may qualify. Storing emails or building shadow profiles definitely does.

Practical rules for scraping Vinted without getting yourself in trouble:

• Personal-use only. Aggregate prices, find arbitrage, build research tools. Don't resell raw data.
• No PII storage. Never scrape email addresses, phone numbers, or private profile fields. Public usernames are fine.
• Respect rate. Don't DDoS the platform. 1-2 requests/second from a single IP is reasonable; 50 requests/second is hostile.
• Read the ToS. Vinted's terms forbid automated access. You are technically in breach of contract. Vinted's remedy is to ban the offending account, not pursue legal action against indie devs.

If you're a business that resells Vinted data at scale, get a lawyer. If you're an indie dev or a reseller, you're fine.

🛠️ Two paths: DIY or managed

There are basically two roads. Pick based on how much of your time you want to spend on infrastructure.

Path A: build it yourself

Realistic stack in 2026:

pip install curl-cffi playwright camoufox
playwright install chromium

Three pieces matter:

1. Residential proxies — Bright Data, Smartproxy, Oxylabs. Budget €50-200/month minimum for usable volume. Datacenter IPs (AWS, GCP, Hetzner, OVH) are dead on arrival.
2. TLS fingerprint match — curl-cffi (Python) or tls-client (Node) impersonate Chrome's actual JA3 hash. A User-Agent: Chrome/124 paired with a Python requests JA3 is detected instantly.
3. Real browser fingerprint — for sessions that need JS rendering, use Camoufox or Chromium-stealth. Plain Playwright is fingerprintable.

Minimal Python sketch:

from curl_cffi import requests

session = requests.Session(impersonate="chrome131")
proxies = {"https": "http://user-session-X:pass@residential.proxy.com:8080"}
headers = {"Accept-Language": "fr-FR,fr;q=0.9"}  # match the geo of the IP

resp = session.get(
    "https://www.vinted.fr/api/v2/catalog/items?search_text=nike",
    headers=headers,
    proxies=proxies,
)
print(resp.status_code, resp.json()["items"][0]["title"])

That's the start. You also need cookie persistence per session, geo-aware domain routing (vinted.fr ≠ vinted.de), adaptive backoff with jitter, and a per-country session pool if you do anything cross-country. Plan for ~20 hours to get the first stable version, plus 2-4 hours/month of maintenance because Vinted ramps Datadome quarterly.

Path B: managed scraper

For everyone whose time is worth more than their proxy bill:

1. Sign up for a free Apify account (gives you $5/month of platform credits)
2. Open Vinted Smart Scraper and click Try for free
3. Pick a mode: SEARCH, ITEM_DETAIL, SELLER_PROFILE, or CROSS_COUNTRY for arbitrage
4. Type a query, pick countries, click Start
5. Download structured JSON / CSV / Excel in 30-60 seconds

The free tier covers about 9,000 items per month. After that, pay-per-use kicks in at $0.018 per actor start + $0.0005 per result. Below 50K items/month this is the cheapest path full stop.

The managed actor handles all six layers I listed above (residential IPs, TLS fingerprint, cookie persistence, geo routing, adaptive backoff, session pooling) for you. If you just need clean Vinted data and not a side project building anti-detection, this is the answer.

🌍 The cross-country mode that pays for itself

The single feature that makes a Vinted scraper commercially valuable for resellers is cross-country price comparison. The same product on vinted.es versus vinted.it can show a 50%+ price spread; finding those gaps in seconds is the entire reseller workflow.

Sample input:

{
  "mode": "CROSS_COUNTRY",
  "query": "nike air max 90",
  "countries": ["fr", "de", "es", "it", "nl"]
}

Sample output (real data, last week):

{
  "query": "nike air max 90",
  "summary": {
    "bestBuyCountry": "es",
    "bestSellCountry": "it",
    "arbitrageSpread": "78%",
    "sampledAt": "2026-04-26T14:08:31Z"
  }
}

A 78% spread on a single sneaker model. Buy from Madrid for €28 median, ship from Milan for €50 median, net ~€20/pair after fees. Scale that to a backpack of fifteen pairs and the API call has paid for itself a hundred times over.

If you build this yourself, the cross-country reducer is a 50-line job once the per-country sessions are isolated. If you don't, the managed actor's CROSS_COUNTRY mode is one input field.

🚧 Why is my Vinted scraper blocked?

Five reasons in descending order of frequency:

1. Datacenter IP. AWS / GCP / OVH IPs are flagged in 1-2 requests. Use residential or mobile.
2. Wrong TLS fingerprint. Python requests and Node's native fetch have JA3 hashes Datadome instantly identifies. Use curl-cffi or tls-client.
3. Uniform rate. A request every 1.000s with no variation looks robotic. Add 0.8-2.5s jitter, plus a 5-15s long pause every 50-80 requests.
4. Geo mismatch. A US IP hitting vinted.fr with Accept-Language: en-US is suspicious. Match IP geo to domain.
5. Cookie/session reuse across IPs. Once you rotate IP, the old Datadome cookie is invalid. Either persist the cookie with its IP, or re-warm.

If you're seeing 403s, audit those five before assuming Vinted has changed their detection. Most of the time it's one of those five.

❓ Frequently Asked Questions

How often does Vinted update its detection?

Datadome ramps detection roughly every quarter. Expect a noisy week 4-6 times a year where everyone's scraper breaks at once. Managed actors absorb most of these for you; DIY stacks need ongoing maintenance.

Can I scrape Vinted without proxies?

You can, for about 30-50 requests from a residential home connection before Datadome flags your IP. For anything operational, residential proxy rotation is non-negotiable.

What data can I extract from Vinted?

Public fields: item title, price, currency, brand, size, condition, photos, view count, favorite count, seller username, seller rating, seller location (city/country), creation timestamp. Private buyer info, messages, and emails are never accessible — and shouldn't be scraped.

How much does it cost to scrape Vinted?

Managed: $0.018 per actor start + $0.0005 per item on Vinted Smart Scraper (free tier covers ~9,000 items/month). DIY: $50-200/month minimum for residential proxies, plus your engineering time.

Can I scrape Vinted listings to a CSV file?

Yes. Apify lets you export any actor run to JSON, CSV, Excel, XML, or RSS in one click. If you want a Google Sheets pipeline, the Apify integration writes directly to a spreadsheet on schedule.

🎬 Try it

Free Apify account → open Vinted Smart Scraper → click Try for free → pick mode → click Start. ~30 seconds end-to-end. The free tier is generous enough that most users never pay in their first month.

For developers wiring this into AI agents, the Vinted MCP Server (npx -y vinted-mcp-server) exposes four tools for Claude Desktop, Cursor, or any MCP client.

If this saved you a couple of weekends, drop a comment or open an issue on the actor — I read everything that lands.

— kazkn