Some more reverse engineering

[nyancrimew]

To get the maximum available online order quantity (+ price + delivery costs + some more stuff):

0. Get ikea session cookies ? GET https://ikea.com/ch/de
1. Create a new cart and add 999 of the product to the cart POST https://iows.ikea.com/retail/iows/ch/de/customer/irw/3980823232/shoppingbags/onlineshoppingcart Payload:

   list={"ShoppingBag":{"BagType":{"$":"onlineshoppingcart"},"BagSource":{"$":"M2"},"BagName":{"$":"CART"},"CustomerSource":{"$":"M2"},"CustomerId":{},"CreatedDateTime":{"$":"Thu, 23 Jan 2020 20:33:29 GMT"},"ShoppingBagSectionList":[{"ShoppingBagSection":{"ShoppingBagItemList":{"ShoppingBagItem":[{"ItemType":{"$":"ART"},"ItemNo":{"$":"50455234"},"ItemQty":{"$":"999"}}]}}}],"@xmlns":{"$":"ikea.com/cem/iows/ShoppingBagService/2.0/"}}}

2. Update delivery details with zip GET https://secure.ikea.com/webapp/wcs/stores/servlet/IrwWSCfbDeliveryDetail?zipCode=6004&state=&storeId=6&langId=-17&priceexclvat=false This should return something like this:

[bonzi]

Hi There!

This looks very useful but out of scope at this very moment in time, Using ZIP Codes/Postal Codes sounds like a great idea, I shall certainly try and implement this, maybe in version 3 as getting the main functions of the code to work is my main priority.

I have planned moving to the http://iows.ikea.com/ API for version 2, luckily the API seems to be more or less the same as the XML one so moving to the new one should be very easy.

I shall keep this issue open for reference and for if you have any more ideas / information on the matter. I will happily take any other feature requests in another issue, the more the merrier 😁

[nyancrimew]

I'll probably play around with implementing this today, if I find time to do so

[nyancrimew]

Alright, after playing around with iows for a bit I noticed that its pretty painful to work with (in my testing it didnt even reliably work with the proper headers and still returned 403 every now and then). In addition to that I find the model used by iows endpoints quite bad and wanted to see if their mobile app uses iows as well, or something else. As it turns out their app is not obfuscated at all and reverse engineering this was pretty straight forward.

While the data model is still kind of weird in some places this is certainly an improvement already, and working with it was quite well. I have REd almost the entire API (- some marketing stuff + mcommerce for now), and "documented" it to some extent here: https://del.dog/ikeamobileapi.md

I hope this helps with this project, and I personally intend to use this in a similar project I plan on writing in go which also provides a simpler rest api with no auth to get product/stock info for IKEA products. I will obviously include this repository in an acknowledgements section because it did help me a great deal and its what sparked my interest initially.