`sync_refresh` doesn't work (404 error)

[saeedesmaili]

First, thanks for this great repo. The sync_refreshseems to be not working, and it returns 404 error:

HTTPError                                 Traceback (most recent call last)
/Library/Python/3.8/site-packages/spendee/spendee.py in request(self, method, url, version, headers, params, **kwargs)
     90             response = super(Spendee, self).request(method=method, url=url, headers=headers, params=params, **kwargs)
---> 91             response.raise_for_status()
     92         except RequestException as e:

/Library/Python/3.8/site-packages/requests/models.py in raise_for_status(self)
    952         if http_error_msg:
--> 953             raise HTTPError(http_error_msg, response=self)
    954 

HTTPError: 404 Client Error: Not Found for url: https://api.spendee.com/v2/logins/refresh?clientVersion=master&clientPlatform=WEB

The above exception was the direct cause of the following exception:

SpendeeError                              Traceback (most recent call last)
/var/folders/1m/7l0wyf056qgfh07vm22x3hmh0000gq/T/ipykernel_8299/3244004962.py in <module>
----> 1 s.sync_refresh(login_id=bank_wallets[0]["login_id"], wallet_id=bank_wallets[0]["wallet_id"])

/Library/Python/3.8/site-packages/spendee/spendee.py in sync_refresh(self, login_id, wallet_id, version, url, **kwargs)
   1071             "oAuthReturnUrl": "https://app.spendee.com/wallet/{}/transactions/sync-account/oauth-return".format(wallet_id)
   1072         }
-> 1073         return self.put(url=url, version=version, **kwargs)
   1074 
   1075     def providers(self, country: str, version: str = 'v2', url: str = 'providers', **kwargs):

/Library/Python/3.8/site-packages/requests/sessions.py in put(self, url, data, **kwargs)
    600         """
    601 
--> 602         return self.request('PUT', url, data=data, **kwargs)
    603 
    604     def patch(self, url, data=None, **kwargs):

/Library/Python/3.8/site-packages/spendee/spendee.py in request(self, method, url, version, headers, params, **kwargs)
     91             response.raise_for_status()
     92         except RequestException as e:
---> 93             raise SpendeeError("Spendee returned a non-200 HTTP code.", response=response) from e
     94 
     95         try:

SpendeeError: Spendee returned a non-200 HTTP code.```

[dionysio]

looks like spendee updated the auth to v3. New requests would be:

1. check password:

   curl 'https://www.googleapis.com/identitytoolkit/v3/relyingparty/verifyPassword?key=AIzaSyCCJPDxVNVFEARQ-LxH7q2aZtdQJGGFO84' \
   -H 'content-type: application/json' \
   --data-raw '{"email":"<EMAIL>","password":"<PASSWORD>","returnSecureToken":true}'

   which returns the idToken and refresh_token to be used in the next steps

2. login

curl 'https://api.spendee.com/v3/auth/login' \
  -H 'authorization: Bearer <idToken>' \
  -H 'content-type: application/json;charset=UTF-8' \
  --data-raw '{"global_currency":"USD","default_wallet_name":"Cash Wallet","timezone":"Europe/Bratislava","platform":"web","version":"master","locale":"en_US","credential":null}' \

3. refresh token call:

   curl 'https://securetoken.googleapis.com/v1/token?key=AIzaSyCCJPDxVNVFEARQ-LxH7q2aZtdQJGGFO84' \
   -H 'content-type: application/x-www-form-urlencoded' \
   --data-raw 'grant_type=refresh_token&refresh_token=<refresh_token>' \
   --compressed

and that probably gives you access_token to be used in later calls. At the moment I don't have the time to update the code, but it's basically just replicating the above requests. They also keep changing the API, so I'm not sure how up to date this repo actually is.

[saeedesmaili]

Actually, the authentication that this library uses works. I'm able to get details of the wallets and bank accounts, but the sync function doesn't work (and they have changed it apparently). I checked their requests on the web, and it sends a request to https://api2.spendee.com/v4/connections/{some_token}/refresh-data and then the page redirects to a third party website. I couldn't reproduce this part, even with replacing the same cookies and headers of my browser. The third-party website doesn't accept my requests, but accepts the ones inside spendee's web app.

[dionysio]

hmm I see. I think they basically made a switch from their custom solution to Firebase for syncing and the flow is different. But my v4 spendee app still works, so they still have to do the refresh there somehow