Why Xiaohongshu xsec_token Links Expire and How to Recover
A Xiaohongshu note ID identifies a note, but it is not always sufficient request input. Public note links can also carry an xsec_token generated for that note and discovery context. Treat the complete link as short-lived input rather than a permanent identifier.
The Xiaohongshu URL Helper validates these components locally and creates a copy-ready request for Xiaohongshu (RedNote) Data API.
A usable note URL
The detail and comment endpoints expect a complete public URL:
https://www.xiaohongshu.com/explore/NOTE_ID
?xsec_token=CURRENT_TOKEN
&xsec_source=pc_search
The token belongs to the link that supplied it. Do not invent one, move it between notes, or store a signed example as permanent application configuration.
Validate before fetching
Use the local parser first. It separates malformed input from the upstream request:
parsed = requests.get(
f"{base_url}/note/parse_url",
headers=headers,
params={"url": note_url, "raw": "false"},
timeout=30,
)
parsed.raise_for_status()
print(parsed.json()["data"]["note_id"])
Parsing proves that the URL shape is supported. It does not promise that an old token remains current upstream.
Recover instead of retrying forever
When the API reports that the note or token is no longer accessible:
- Open the public note again from a visible card or freshly shared link.
- Copy the complete browser address, including query parameters.
- Validate the new URL locally.
- Retry the detail request with the new URL.
For a temporary 503 REQUEST_TIMEOUT, keep the same URL, honor Retry-After, and retry the identical request. Token expiry and a temporary timeout are different failures.
Collect several current URLs
The URL Helper includes a bookmarklet that scans visible Xiaohongshu note-card links and copies up to 10 deduplicated URLs as batch JSON. It only reads link addresses. It does not read cookies, browser storage, API keys, or hidden page state, and it sends no network request.
Use the resulting JSON with POST /note/batch_detail_from_url or the asynchronous batch workflow.
Keep the RapidAPI key on the server
The helper never asks for a RapidAPI key. Keep that credential in a server-side environment variable and send it only to the RapidAPI gateway. Include data.request_id, not credentials or complete signed URLs, when asking for support.
Read the complete xsec_token guide or test the API with the free monthly allowance.
XHS Data API is independent and is not affiliated with or endorsed by Xiaohongshu/RedNote. Use public data lawfully and follow applicable law, third-party rights, and source-platform rules.
Top comments (0)