Getting "Forbidden" response from https://api.mobile.walmart.com/v4/mauth/get-token

[chuckinator0]

Hey, thanks for putting together this script. I'm playing around with it and getting this return value from posting to https://api.mobile.walmart.com/v4/mauth/get-token

Forbidden

1605741594-21206582306-10453480132-33291338

Any clues as to what's going on? Did Walmart lock down this API endpoint?

[nosamttam]

I fail on the same line, different error: DEBUG - Running pre-signin tasks. DEBUG - signing in with username = XXX, password=YYY Traceback (most recent call last): File "wallybot.py", line 318, in runwally(args.username, args.password, args.cvv, args.offerid, File "wallybot.py", line 273, in runwally if walmart_signin(r, username, password): File "wallybot.py", line 55, in walmart_signin resp = json.loads(r.post('https://api.mobile.walmart.com/v4/mauth/get-token', File "C:\Python38\lib\json__init__.py", line 357, in loads return _default_decoder.decode(s) File "C:\Python38\lib\json\decoder.py", line 337, in decode obj, end = self.raw_decode(s, idx=_w(s, 0).end()) File "C:\Python38\lib\json\decoder.py", line 355, in raw_decode raise JSONDecodeError("Expecting value", s, err.value) from None json.decoder.JSONDecodeError: Expecting value: line 1 column 1 (char 0)

[chuckinator0]

@nosamttam yes, if you do a try/except ValueError for the response object, you’ll find that the json doesn’t decode properly because the response is forbidden.

I’m not sure where the bot detection string comes from, and I can’t find any documentation on that get-token api endpoint, so I gave up.