This is a list of public Deutsche Bahn AG APIs, which anyone can use.
Documentation: https://developers.deutschebahn.com/db-api-marketplace/apis/product/ris-stations/api/ris-stations
Available under the following URLs (instead of apis.deutschebahn.com):
- https://dbstreckenagent.de/api/stations/ (Seems to support everything but POST requests)
- https://karte.bahn.de/api/stations/stop-places (Seems to support a limited set of endpoints under
/stop-places) - https://co2kompass.bahn.de/api/stations/stop-places/ (Seems to support a limited set of endpoints under
/stop-places)
Documentation: https://developers.deutschebahn.com/db-api-marketplace/apis/product/ris-boards-netz
Frontend available under: http://ris-abfahrtstafel.noncd.db.de/
Available under the following URLs (instead of apis.deutschebahn.com):
- https://wifi-landingpage.dbregio.de/api/boards/ (Seems to work for arrival/departure endpoints; uses regio CSRF protection)
Documentation: https://developers.deutschebahn.com/db-api-marketplace/apis/product/ris-journeys-netz
- https://karte.bahn.de/api/journeys/find (identical to
/find) - https://wifi-landingpage.dbregio.de/api/journeys/{jid} (
jidcan be from boards or/find; identical to/{jid}; uses regio CSRF protection)
Documentation: sadly they're currently now docs I can share
Napkin Docs
POST /multimodal
{"origin":{"evaNumber":"<eva>","type":"STOP_PLACE"},"destination":{"evaNumber":"<eva>","type":"STOP_PLACE"},"departureTime":"2025-10-19T22:52:54.249Z","navigationContext":"","maxChanges":5,"matchIDs":true,"provider":"HAFAS","persona":"OCCASIONAL_TRAVELLER"}Available under URLs:
- https://karte.bahn.de/api/routing/multimodal (see Napkin Docs)
- https://msz.bahnhof.de/api/v1/trips (see Napkin Docs; uses CSRF Protection
Documentation: sadly they're currently now docs I can share
Napkin Docs
POST https://wifi-landingpage.dbregio.de/api/transports/occupancies
{
"journeys": [
{"journeyID": "<ris journey id>", "departureID": "<departureId>" // only request for this departure; optional
]
}Available under the following urls:
- https://wifi-landingpage.dbregio.de/api/transports/occupancies (See Napkin docs; uses regio CSRF protection)
- https://wifi-landingpage.dbregio.de/api/transports/vehicles/{uic}/journeys (Returns previous journey of vehicle by uic; uses regio CSRF protection)
Endpoints under the Vwifi-landingpage.dbregio.de Domain use an easily bypassable CSRF protection, the followings steps are required:
- Requesting CSRF token A CSRF token can be requested by requesting https://wifi-landingpage.dbregio.de/, which will contains 2 pieces of data:
- A cookies called
__Host-csrf - An HTML meta tag called
csrf-token
- Authorizing the request
In order to authorize the request you have to send both the cookie (identical to how you received it) and the value of the meta tag as the value of the Csrf-Token header