exislow / kleinanzeigen-magic

[DO NOT USE] [Or you will get blocked! This app need re-factoring.] Speed up your eBay Kleinanzeigen workflows -- for free!
GNU Affero General Public License v3.0
45 stars 7 forks source link

try to login via postman #2

Closed michabbb closed 3 years ago

michabbb commented 3 years ago

@exislow hey, can you please help me out here... i am trying to make the login working in postman, here is my pre-request-script:

let email = 'xxxxxx@xxxxxx.com';
let password = 'mypassword';
let hash = CryptoJS.SHA1(password);
hashed_user_password = hash.toString(CryptoJS.enc.Base64);
authuser = `email="${email}",password="${hashed_user_password}"`
pm.variables.set("authuser",authuser);

i am using basic auth with the app username and password you are using in your code.

and i am using these headers:

X-EBAYK-APP:13a6dde3-935d-4cd8-9992-db8a8c4b6c0f1456515662229
X-ECG-USER-VERSION:12.2.0
X-ECG-USER-AGENT:ebayk-android-app-12.2.0
X-ECG-Authorization-User:{{authuser}}
User-Agent:Dalvik/2.2.0
Content-Type:application/xml

doing a POST to https://api.ebay-kleinanzeigen.de/api but i always get a 404 and i don´t really see what i am missing here, i checked your code several times, but i cannot find the difference here 😕

i would be very happy if you could help me out here! thanks !

exislow commented 3 years ago

This would be an example curl command (you can use postman to import it; just change everything accordingly):

curl --location --request GET 'https://api.ebay-kleinanzeigen.de/api/users/KLEINANZEIGEN@EMAIL.DE/ads.json' \
--header 'X-ECG-USER-AGENT: ebayk-android-app-12.2.0' \
--header 'X-ECG-USER-VERSION: 12.2.0' \
--header 'X-ECG-Authorization-User: email="KLEINANZEIGEN@EMAIL.DE",password="PASSWORD HASHED"' \
--header 'User-Agent: Dalvik/2.2.0' \
--header 'X-EBAYK-APP: 13a6dde3-935d-4cd8-9992-db8a8c4b6c0f1456515662229' \
--header 'Authorization: Basic YW5kcm9pZDpUYVI2MHBFdHRZ'

This would return all your available ads.

Please see here how to encrypt your password: https://github.com/exislow/kleinanzeigen-magic/blob/728a46adebd6269d31fa30aa9d8b7f17270dd662/src-electron/main-process/kleinanzeigen.js#L23

In general, the whole logic to query the API is here: https://github.com/exislow/kleinanzeigen-magic/blob/728a46adebd6269d31fa30aa9d8b7f17270dd662/src-electron/main-process/kleinanzeigen.js

michabbb commented 3 years ago

i guess my mistake is: i was thinking that there exists some kind of "login", where you get a JWT or any other kind of token, but i realize now, you have to send all the auth stuff with every single call - correct ? ;)

update: confirmed... thanks for your feedback ! 😏