Figuring out the API
Closed this issue · 1 comments
wblondel commented
Hi,
I've been spending my day on trying to reverse engineer the TooGoodToGo APK.
I found some interesting URLs in the APK:
package com.app.tgtg.p137f.p138c;
/* renamed from: com.app.tgtg.f.c.a */
public interface ApiService {
@POST("api/auth/v1/token/refresh")
/* renamed from: a */
Maybe<C6979q<RefreshTokenResult>> mo10819a(@Body RefreshToken refreshToken);
@POST("api/hiddenstore/v1/remove")
/* renamed from: a */
Maybe<RemoveHiddenStoreResponse> mo10820a(@Body RemoveHiddenStoreRequest removeHiddenStoreRequest);
@POST("api/hiddenstore/v1/unlock")
/* renamed from: a */
Maybe<UnlockHiddenStoreResponse> mo10821a(@Body UnlockHiddenStoreRequest unlockHiddenStoreRequest);
@POST("api/item/v4/")
/* renamed from: a */
Maybe<ListItemResponse> mo10822a(@Body ListItemRequest listItemRequest);
@POST("api/location/v1/lookup")
/* renamed from: a */
Maybe<ReverseLookupResponse> mo10823a(@Body GeoLocation geoLocation);
@POST("api/location/v1/search")
/* renamed from: a */
Maybe<SearchLocationResponse> mo10824a(@Body LocationRequest locationRequest);
@POST("api/payment/v1/recurring/delete")
/* renamed from: a */
Maybe<ResponseBody> mo10825a(@Body DeleteRecurringPaymentOption deleteRecurringPaymentOption);
@POST("api/payment/v1/option/list")
/* renamed from: a */
Maybe<ListPaymentOptionsResponse> mo10826a(@Body ItemBasketRequest itemBasketRequest);
@POST("api/voucher/v2/add")
/* renamed from: a */
Maybe<AddVoucherResponse> mo10827a(@Body AddVoucherRequest addVoucherRequest);
@POST("api/basket/v2/{basketId}/cancel")
/* renamed from: a */
Maybe<ResponseBody> mo10828a(@Path(encoded = true, value = "basketId") String str);
@POST("api/item/v4/{itemId}")
/* renamed from: a */
Maybe<Item> mo10829a(@Path(encoded = true, value = "itemId") String str, @Body ItemRequest itemRequest);
@POST("api/item/v4/{itemId}/setFavorite")
/* renamed from: a */
Maybe<ResponseBody> mo10830a(@Path(encoded = true, value = "itemId") String str, @Body SetFavoriteRequest setFavoriteRequest);
@POST("api/basket/v2/{basketId}/checkout")
/* renamed from: a */
Maybe<CheckoutResult> mo10831a(@Path(encoded = true, value = "basketId") String str, @Body BasketCheckout basketCheckout);
@POST("api/basket/v2/{basketId}/complete")
/* renamed from: a */
Maybe<BasketCompleteResponse> mo10832a(@Path(encoded = true, value = "basketId") String str, @Body BasketComplete basketComplete);
@POST("api/item/v4/{itemId}/basket")
/* renamed from: a */
Maybe<Basket> mo10833a(@Path(encoded = true, value = "itemId") String str, @Body ItemBasketRequest itemBasketRequest);
@POST("api/basket/v2/{basketId}/recurring/save")
/* renamed from: a */
Maybe<C6979q<ResponseBody>> mo10834a(@Path(encoded = true, value = "basketId") String str, @Body SaveCardRequest saveCardRequest);
@POST("api/auth/v1/token/refresh")
/* renamed from: a */
Object mo10835a(@Body RefreshToken refreshToken, Continuation<? super C6979q<RefreshTokenResult>> cVar);
@POST("api/user/v1/update")
/* renamed from: a */
Object mo10836a(@Body UserData userData, Continuation<? super UserData> cVar);
@POST("api/item/v4/discover")
/* renamed from: a */
Object mo10837a(@Body DiscoverItemsRequest discoverItemsRequest, Continuation<? super DiscoverItemsResponse> cVar);
@POST("api/tracking/v1/heartbeat")
/* renamed from: a */
Object mo10838a(@Body HeartbeatRequest heartbeatRequest, Continuation<? super ResponseBody> cVar);
@POST("api/tracking/v1/impressions")
/* renamed from: a */
Object mo10839a(@Body ItemImpressionRequest itemImpressionRequest, Continuation<? super ResponseBody> cVar);
@POST("api/item/v4/")
/* renamed from: a */
Object mo10840a(@Body ListItemRequest listItemRequest, Continuation<? super ListItemResponse> cVar);
@POST("api/order/v1/active")
/* renamed from: a */
Object mo10841a(@Body ListOrdersRequest listOrdersRequest, Continuation<? super OrderListResult> cVar);
@POST("api/support/v1/business/")
/* renamed from: a */
Object mo10842a(@Body BusinessSupportRequest businessSupportRequest, Continuation<? super ResponseBody> cVar);
@POST("api/support/v1/consumer/")
/* renamed from: a */
Object mo10843a(@Body ConsumerSupportRequest consumerSupportRequest, Continuation<? super ConsumerSupportResponse> cVar);
@POST("api/support/v1/consumer/refund/choice")
/* renamed from: a */
Object mo10844a(@Body ConsumerRefundChoiceRequest consumerRefundChoiceRequest, Continuation<? super ResponseBody> cVar);
@POST("api/user/v1/changePassword")
/* renamed from: a */
Object mo10845a(@Body ChangePasswordRequest changePasswordRequest, Continuation<? super ResponseBody> cVar);
@POST("api/signup/v1/userExists")
/* renamed from: a */
Object mo10846a(@Body CheckUserExistsRequest checkUserExistsRequest, Continuation<? super C6979q<EmailCheckResult>> cVar);
@POST("api/auth/v1/loginByEmail")
/* renamed from: a */
Object mo10847a(@Body LoginByEmailRequest loginByEmailRequest, Continuation<? super LoginResponse> cVar);
@POST("api/auth/v1/loginByThirdParty")
/* renamed from: a */
Object mo10848a(@Body LoginByThirdPartyRequest loginByThirdPartyRequest, Continuation<? super LoginResponse> cVar);
@POST("api/user/v1/resetPassword")
/* renamed from: a */
Object mo10849a(@Body ResetPasswordRequest resetPasswordRequest, Continuation<? super ResponseBody> cVar);
@POST("api/auth/v1/signUpByEmail")
/* renamed from: a */
Object mo10850a(@Body SignUpByEmailRequest signUpByEmailRequest, Continuation<? super LoginResponse> cVar);
@POST("api/auth/v1/signUpByThirdParty")
/* renamed from: a */
Object mo10851a(@Body SignUpByThirdPartyRequest signUpByThirdPartyRequest, Continuation<? super LoginResponse> cVar);
@POST("api/voucher/v2/")
/* renamed from: a */
Object mo10852a(@Body VoucherListRequest voucherListRequest, Continuation<? super VoucherList> cVar);
@POST("api/item/v4/{itemId}")
/* renamed from: a */
Object mo10853a(@Path(encoded = true, value = "itemId") String str, @Body ItemRequest itemRequest, Continuation<? super Item> cVar);
@POST("api/item/v4/{itemId}/setFavorite")
/* renamed from: a */
Object mo10854a(@Path(encoded = true, value = "itemId") String str, @Body SetFavoriteRequest setFavoriteRequest, Continuation<? super ResponseBody> cVar);
@POST("api/order/v1/{receiptId}/cancel")
/* renamed from: a */
Object mo10855a(@Path(encoded = true, value = "receiptId") String str, @Body CancelOrderRequest cancelOrderRequest, Continuation<? super ResponseBody> cVar);
@POST("api/order/v1/{receiptId}/rate")
/* renamed from: a */
Object mo10856a(@Path(encoded = true, value = "receiptId") String str, @Body OrderRating orderRating, Continuation<? super C6979q<ResponseBody>> cVar);
@POST("/order/v1/{receiptId}/sendOrderConfirmedEmail")
/* renamed from: a */
Object mo10857a(@Path(encoded = true, value = "receiptId") String str, @Body OrderConfirmedEmailRequest orderConfirmedEmailRequest, Continuation<? super ResponseBody> cVar);
@POST("api/item/v4/{itemId}/basket")
/* renamed from: a */
Object mo10858a(@Path(encoded = true, value = "itemId") String str, @Body ItemBasketRequest itemBasketRequest, Continuation<? super Basket> cVar);
@POST("api/gdpr/v1/{userId}/deleteUser")
/* renamed from: a */
Object mo10859a(@Path(encoded = true, value = "userId") String str, @Body DeleteUserRequest deleteUserRequest, Continuation<? super ResponseBody> cVar);
@POST("api/gdpr/v1/{userId}/exportUserData")
/* renamed from: a */
Object mo10860a(@Path(encoded = true, value = "userId") String str, @Body ExportUserRequest exportUserRequest, Continuation<? super ResponseBody> cVar);
@POST("api/store/v3/{storeId}")
/* renamed from: a */
Object mo10861a(@Path(encoded = true, value = "storeId") String str, @Body StoreRequest storeRequest, Continuation<? super StoreInformation> cVar);
@POST("api/voucher/v2/{voucherId}")
/* renamed from: a */
Object mo10862a(@Path(encoded = true, value = "voucherId") String str, @Body VoucherDetailRequest voucherDetailRequest, Continuation<? super VoucherDetails> cVar);
@POST("api/voucher/v2/{voucherId}/storeFilterList")
/* renamed from: a */
Object mo10863a(@Path(encoded = true, value = "voucherId") String str, @Body VoucherFilterRequest voucherFilterRequest, Continuation<? super VoucherFilterResponse> cVar);
@POST("api/order/v1/{receiptId}")
/* renamed from: a */
Object mo10864a(@Path(encoded = true, value = "receiptId") String str, Continuation<? super Order> cVar);
@POST("api/support/v1/uploading/files")
@Multipart
/* renamed from: a */
Object mo10865a(@Part List<MultipartBody.C6476c> list, Continuation<? super SupportPictureUploadResponse> cVar);
@POST("api/app/v1/user_settings")
/* renamed from: a */
Object mo10866a(Continuation<? super UserSettings> cVar);
@POST("api/order/v1/inactive")
/* renamed from: b */
Object mo10867b(@Body ListOrdersRequest listOrdersRequest, Continuation<? super OrderListResult> cVar);
@POST("api/user/v1/confirmEmail/{token}")
/* renamed from: b */
Object mo10868b(@Path(encoded = true, value = "token") String str, Continuation<? super C6979q<ResponseBody>> cVar);
@POST("api/map/v1/listAllBusinessMap")
/* renamed from: b */
Object mo10869b(Continuation<? super StoreListResult> cVar);
@POST("api/basket/v2/{basketId}/cancel")
/* renamed from: c */
Object mo10870c(@Path(encoded = true, value = "basketId") String str, Continuation<? super ResponseBody> cVar);
@POST("api/app/v1/app_settings")
/* renamed from: c */
Object mo10871c(Continuation<? super AppSettings> cVar);
@POST("api/order/v1/{receiptId}/redeem")
/* renamed from: d */
Object mo10872d(@Path(encoded = true, value = "receiptId") String str, Continuation<? super ResponseBody> cVar);
@POST("api/user/v1/")
/* renamed from: d */
Object mo10873d(Continuation<? super UserData> cVar);
@POST("api/map/v1/listAllBusinessLocationPicker")
/* renamed from: e */
Object mo10874e(Continuation<? super StoreLocationListResult> cVar);
@POST("api/auth/v1/logout")
/* renamed from: f */
Object mo10875f(Continuation<? super Unit> cVar);
@POST("api/app/v1/user_settings")
/* renamed from: g */
Object mo10876g(Continuation<? super UserSettings> cVar);
}Finding those URLs is a great start
I think that by using Charles Proxy as a MITM we could easily see what the app is sending to the API. I will do that this week.
stale commented
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.