ListenBrainz restricts APIs after AI scrapers overload MusicBrainz services

TL;DR

MetaBrainz reports that automated AI scrapers have been hitting MusicBrainz and ListenBrainz pages repeatedly, ignoring robots.txt and overloading servers. To protect service availability, several ListenBrainz API endpoints now require authorization, and some debugging endpoints have been removed pending replacement.

What happened

MetaBrainz said in a December 11, 2025 blog post that it has been dealing with automated AI data-gathering that ignores common web conventions such as robots.txt. Rather than downloading a dataset in a single dump, the scrapers have reportedly followed site pages one by one — a process the team says would take hundreds of years to reproduce but nonetheless has caused heavy load on MusicBrainz servers and interfered with normal usage. To limit the impact, the ListenBrainz team implemented immediate changes: the /metadata/lookup endpoints (both GET and POST) now require callers to supply an Authorization token; several ListenBrainz Labs endpoints (mbid-mapping, mbid-mapping-release and mbid-mapping-explain) were removed — they had been intended for debugging and will be replaced by new mapper endpoints; and LB Radio now requires users to be logged in, with API callers expected to send an Authorization header. The team apologized for the sudden changes and said some user-facing messages remain rough and will be improved after work on the Year in Music is finished.

Why it matters

• Requiring Authorization tokens reduces anonymous load and aims to preserve service availability for legitimate users.
• Removal of debugging endpoints may disrupt workflows for developers and researchers who relied on them.
• The incident highlights operational pressure that indiscriminate scraping can place on community-run services.
• Changes may force third parties to update integrations and authentication flows to continue using ListenBrainz APIs.

Key facts

• MetaBrainz reported increased automated scraping activity against MusicBrainz and ListenBrainz.
• The scrapers reportedly ignored robots.txt and accessed pages one at a time rather than using dataset dumps.
• MetaBrainz said such page-by-page scraping would take hundreds of years to fully replicate, yet still caused heavy server load.
• To mitigate load, the /metadata/lookup API endpoints (GET and POST) now require an Authorization token.
• ListenBrainz Labs endpoints named mbid-mapping, mbid-mapping-release and mbid-mapping-explain have been removed.
• Those Labs endpoints were intended for debugging and will be replaced with new endpoints for an improved mapper.
• LB Radio now requires users to be logged in; API users must send an Authorization header.
• The team acknowledged an awkward error message for logged-in users and said they will fix it after Year in Music work completes.
• The blog post was authored by 'ruaok' and published December 11, 2025.

What to watch next

• Release and documentation of the replacement mapper endpoints for ListenBrainz (confirmed in the source).
• Improvements to the LB Radio login/error messaging after the Year in Music work is completed (confirmed in the source).
• Whether scraping behavior or mitigation measures change over time (not confirmed in the source).

Quick glossary

• API endpoint: A specific URL or path where an application exposes functionality or data for other programs to call.
• Authorization token: A credential sent with API requests that proves the caller is permitted to access a resource.
• robots.txt: A web standard file that indicates which parts of a site automated agents should or should not access.
• Web scraping: Automated retrieval of content from websites, often by bots that request pages and extract data.

Reader FAQ

Why did ListenBrainz change its APIs?
The team said the changes were needed to protect services from heavy automated scraping that was overloading servers.

How do I use the metadata/lookup endpoints now?
Callers must include an Authorization token with both GET and POST variants of /metadata/lookup.

What happened to the ListenBrainz Labs endpoints?
mbid-mapping, mbid-mapping-release and mbid-mapping-explain were removed; they were debugging endpoints and will be replaced with new mapper endpoints.

Can the MetaBrainz team identify the scrapers or block them individually?
not confirmed in the source

We can’t have nice things… because of AI scrapers In the past few months the MetaBrainz team has been fighting a battle against unscrupulous AI companies ignoring common courtesies (such…

Sources

• We can't have nice things because of AI scrapers
• ListenBrainz – MetaBrainz Blog
• MusicBrainz API / Rate Limiting
• ruaok – MetaBrainz Blog

Related posts

• Memory shortages could push global PC shipments back to pre-pandemic lows
• Games Workshop bans staff from using AI in content production and design
• New York governor paves way for statewide robotaxis, excluding NYC