Login using Api not working
Mobeen-Ghaffar opened this issue · 28 comments
I am try to login using my email and password.But it always say not authenticate
@Mobeen22-creator As I've said in the README.md, the login has been changed by Nike more than a year ago.
You need to reverse engineer their new log-in system powered by Akamai.
A few leads I can give you:
- Decode the Akamai file stored in Nike public files:
12/4/2020: https://www.nike.com/static/91698b6f882ti2091b8958ff21d04d86a - Once you understand its logic, check how to generate and to use _abck cookie on login.
While a lot of bots are requests based nowadays, I'm sure you'll be able to generate better results with a good webdriver framework.
Good luck and let me know if you achieve anything!
Thanks for your response...I will check it if possible.. Also Can you guide me on other api(for checkout,add to card)?
Last time I checked they were not any changes on the checkout part. They track your sensor data through the whole process though.
Last time I checked they were not any changes on the checkout part. They track your sensor data through the whole process though.
Which Senor data?..Because I am working about 15 days ago..Checkout Api working..But now it not working..Can you please check the issue?..I will be very thankful to you.
Will try to check asap
Will try to check asap
Thank you so much
fetch("https://api.nike.com/buy/checkouts/v3/ee2c64e3-7fcb-4793-ba50-d7b23585b2ca", {
"headers": {
"accept": "application/json",
"accept-language": "en-US,en;q=0.9",
"authorization": "Bearer eyJhbGciOiJSUzI1NiIsImtpZCI6ImFlYmJkMWMyLTNjNDUtNDM5NS04MGMzLWE3YTIyMmJlOTJmMHNpZyJ9.eyJ0cnVzdCI6MTAwLCJpYXQiOjE2MDcwNzI1NTAsImV4cCI6MTYwNzA3NjE1MCwiaXNzIjoib2F1dGgyYWNjIiwianRpIjoiMjE1Nzk4MWMtODY5Yi00MDI0LWFiOWYtZjI1OTBkYzdmM2E0IiwibGF0IjoxNjA3MDI2MTk4LCJhdWQiOiJjb20ubmlrZS5kaWdpdGFsIiwic3ViIjoiY29tLm5pa2UuY29tbWVyY2UuY2hlY2tvdXQud2ViIiwic2J0IjoibmlrZTphcHAiLCJzY3AiOlsiY29tbWVyY2UiXSwicHJuIjoiNWI1ZDhkMjgtMTA0Yi00OTlhLTkzOTAtNTc0NDhjNTQ1OWQxIiwicHJ0IjoibmlrZTpwbHVzIn0.0bpMoHH3d68qZz5ORXdkV2Wfj2lNCpbMA_PwCtNmL7B1a2udS2xrxLbHMvGgw8gVbtuU72JhsAKCoVJ7SFW7cO6t-EQDIrxprCW9TgH0oWsR52YmK1RGak7nkq7TIeJQMbsQu65X5jnQEw4httffSBOE8jDoMTCSrh_bEeoyIOyPngP9E4go_zaHzpGkuzCdWrK4uyLJqK1mHZ93FjdpiIwWpb9FuXNRziYgD2hxJkDkX3u5pbYVXwG3JHV-8yyDKn8NXcCYEo_7U-UhjvTNz7yFtAljk5IjyRbAke_hz3W3ck6TG2HFljd87I7hINKF9WgTWtT25ECNP1Fz5m02Dg",
"content-type": "application/json; charset=UTF-8",
"sec-fetch-dest": "empty",
"sec-fetch-mode": "cors",
"sec-fetch-site": "same-site",
"x-b3-spanname": "CiCCheckout",
"x-b3-traceid": "552bf8ff-8077-4a4c-92c5-a3db513744fc"
},
"referrer": "https://www.nike.com/",
"referrerPolicy": "strict-origin-when-cross-origin",
"body": "{"request":{"email":"as@gmail.com","country":"GB","currency":"GBP","locale":"en_GB","channel":"NIKECOM","clientInfo":{"deviceId":"0400nyhffR+vPCUNf94lis1ztol5d9dCHB246/Ao2WE9gwrUHAxi3JGYcv10jeKdrw/C8c6z42TBuWd9l5a0IyQqrWpPeeaRgFdrdUsprl5Sq8nl3OCiMt8Ua0+1lB53qXj42Y+Kp1yqi2Z4uIfnWQtSfAUqw4TZbScFh+Qutt/w307oXkDF/U1E7xXW4qB19dHOMLejutG4hxJ6SrLlZLyFhSgO+Uqpxb++AfOPjzqyODJQ74Aiel35TKTOWG8pq1WO6yzJ1GNmMuMWZBamlGXoG/imnjwHY9HQtQzpGfcm0cR8X2Fd1ngNFGLDGZlWOX0jgqNsTimwHaMJry15Gy0Vf0zI+mPNi65X5WFPYlDG9N1OfdJx+sF9hM8RMXMgtBW8CHSoFPORV1rkPw9HliwRsMNlq2VRMtfisD3sDb9dVa2h1CEoY664mo6H2W0dl9AiCA+hWOqdNHoULoDhcfK1noEfSQGj2ggU77A/AHthzIQI07p4tGGHBe8mR20/oWqfEHK71L7cSw/Kf2hhwqstJ0+N0eY/qPMOWU/9MIjl/2AbD3koZ93rcdXh35GdB6Cc0rdKBra3m4b4QdHFky+5sZv2Kj9Fes82ldfwd3sZbGN+/u06EOo/UEYn9EFMRfvxVguGdCj5lhdXtgrpfxK3cPyoTgulhul+Oe0RxWZbWQxXeqF/xZU7dZKetslI3IixuQGzU+n3CAtvv8E4b2pMvayNzGkmK4M7ISKiq4yvoHcgBVMDdOYV83MnEYUvBMAKTEVdGJlxBwCc8acbcKqAuWf7gouzBPJaEMCy0s3hRLlX3uHnT/mMqzEnDVj65t4J4CJ/ytKbzo4j6X1ofZ7r4JYwJVsFx3E/58zGq/hZ0ZoyseD0G1/ThxEIvsJRqGfF9spFd7LTpxjhrt64WqIxSK+Vx63F6egN3u5bh8qtOMZhKoST0dhOCOCSU0oZPWNEfF9hXdZ4DRRkrbXWcoCj3I1znntcmg8XIiroNPn6uMT9rxZ7qeEFWRj18l7DPKO0GeWtn+b74ILhm1ktqxSy95oLxJ4wRE2+2jTYG5F/Nh7D/sce1jRk0ezV1VhPa1KsqpkJeRz7XIosPiZXdNCqfONp5tr3JJKOUynO7lvNGhMGpUeravdrC6H/edFuJJseB8n/NyT5AQL3W8POr0bHFWf5a8LChWIdQuDB7h6M5D0gX3A4cAE9Y2r0rvbBRVd53BOJ2d5nlZ6oNBEkNZ1jV5LSKRXt7Cgy2F6NwUwl9oZZ9QWrvZYKbOvwKNlhPYMK1BwMYtyRmHLfhVX5Lkhxb+bHa83CDZB6we5j4IIrWxMsSjK79lVFBrV8dHY+xR/hipLYSyumm5EJby3UH+X6gycqgnQuQ/zKgvmQv7oSpR7WjVkxQPfCtSRKbKGKbsGAaNDOuJV070+eL95s1tnZULi6NPoChhyXJCq+NTWRpAHjVbcIQaZyvlUmoq3MFE1OvpUNFyuiTcGNpO1APFETHhycLtQBpgeRH82SmjZ9xBbSvXhtHp8xh3BDHIiN3p6e"},"items":[{"id":"21d70f3a-9053-42bc-a5e3-1b76531515b0","skuId":"3e323cdc-1c35-5663-895e-f3f809edff1e","productId":"6e92eeae-6956-5eec-82b8-a1b67af28c2f","itemCosts":{"priceInfo":{"taxTotal":0,"price":84.95,"subtotal":84.95,"discount":0,"valueAddedServices":0,"total":84.95}},"quantity":1,"fulfillmentDetails":{"type":"SHIP","getBy":{"maxDate":{"dateTime":"2020-12-11T12:00:00Z","timezone":"Europe/London","precision":"DAY"}},"location":{"id":"62f64b0d-0cff-4c38-99d5-20d870bd1e42","postalAddress":{"country":"GB","address1":"asmn","postalCode":"L1 8JQ","city":"asmn"},"type":"address/shipping"}},"valueAddedServices":[],"recipient":{"firstName":"asmn","lastName":"asmn"},"contactInfo":{"phoneNumber":"923478677","email":"as@gmail.com"}}],"paymentToken":"d7a76359-b908-4e2e-b13f-c8808229ca8c","promotionCodes":[],"totals":{"total":84.95,"items":{"total":84.95,"details":{"price":84.95,"discount":0}},"fulfillment":{"total":0,"details":{"price":0,"discount":0}},"taxes":{"total":0,"details":{"items":{"tax":0,"type":"NOT_CALCULATED"},"fulfillment":{"tax":0,"type":"NOT_CALCULATED"},"valueAddedServices":{"tax":0,"type":"NOT_CALCULATED"}}},"valueAddedServices":{"total":0,"details":{"price":0,"discount":0}}}}}",
"method": "PUT",
"mode": "cors",
"credentials": "include"
});
This response:
{
"sec-cp-challenge": "true",
"provider": "crypto",
"branding_url_content": "%2fstatic%2fbot%2fchallenge%2findex.html",
"chlg_duration": 30
}
How are you handling your cookies?
I am get access token from chrome session storage...I am not using cookies.. Because api request for add to cart and checkout api was working without cookies..
They flag you because of that. This response is returned whenever your cookies are incorrect or absent.
It mean we need cookies..But when I copied it from chrome in postman, issue still exist..Any Solution for it?
I am working in c#
How can I generate cookies for nike?
If you can guide, I will be very helpful for me..
Thank you so much for helping me out...
So if the login URL isn't "https://unite.nike.com/login?"
Then what is it? I cannot find a link that goes api.nike.com for login purposes
You have to generate senor data then it will be easier.
Selenium will get you flagged instantly by Akamai. Decode the _bmak file and search for "selenium" or "chromedriver", hopefully you'll start to understand how that works. 😁
@Mobeen22-creator I'll be happy to hear what you found, please let me know. 😉
The code itself generates the sensor data. You're only half way through with that decoded result, replace all "_ac" vars by its value in the array. Good luck!
I figured out a way to bypass all of that. Which is great news. I am on the final part of checkout. I saw someone mentioned it above as well but it is not clear to me what they did but they seemed to figure it out. I am getting the following error on checkout: "sec-cp-challenge": "true", "provider": "crypto", "branding_url_content": "%2fstatic%2fbot%2fchallenge%2findex.html", "chlg_duration": 30
…
________________________________ From: Azerpas notifications@github.com Sent: Tuesday, January 26, 2021 3:40 AM To: azerpas/nikeAPI-Py nikeAPI-Py@noreply.github.com Cc: rhkruz03 rh_curtis@outlook.com; Comment comment@noreply.github.com Subject: Re: [azerpas/nikeAPI-Py] Login using Api not working (#3) The code itself generates the sensor data. You're only half way through with that decoded result, replace all "_ac" vars by its value in the array. Good luck! — You are receiving this because you commented. Reply to this email directly, view it on GitHub<#3 (comment)>, or unsubscribehttps://github.com/notifications/unsubscribe-auth/ASSNVW6I2GQODEWAIOLD2LDS3Z5ZFANCNFSM4UMLOYDQ.
I am working on bypassing it.and I have done something in Android app. Maybe we can collaborate.
My email is 864306867@qq.com
I've created a discord to share your work:
https://discord.gg/JqYCEAURpm
Has anyone come around this
"sec-cp-challenge": "true",
"provider": "crypto",
"branding_url_content": "%2fstatic%2fbot%2fchallenge%2findex.html",
"chlg_duration": 30
also how senser data is generated pls elaborate.TIA
I HAve Succesed getting the abck cookie but when use my bot in concurrency, akamai detect to me that I use a bot, somebody know how akamai detect to me?