Did the API change?

[ldellisola]

I'm trying to log in with my Facebook token and ID but everytime I do it it returns "OK" instead of my profile, so I've got no token to keep using the API. I checked this with my own wrapper and with a rest client and both return the same. This started happening yesterday in the afternoon.

[jsdjsd]

Same issue here... Working on it, will let you know if I find anything

[ldellisola]

@jsdjsd Thanks

[MMcintire96]

I am having the same issue. SMS auth seems to be working.

[jdoez]

Hello,

It seems the current way to get a token with facebook auth is:

POST https://api.gotinder.com/v2/auth/login/facebook
{"token":"%FACEBOOK_TOKEN%","facebook_id":"%FACEBOOK_ID%"}

with the Tinder token being "api_token" in response:

{
    "meta": {
        "status": 200
    },
    "data": {
        "_id": String,
        "is_new_user": boolean,
        "api_token": String,
        "refresh_token": String,
        "sms_login": String
    }
}

auth might be done with https://api.gotinder.com/v2/auth/login/{value} with {value} in ("ACCOUNTKIT", "FACEBOOK", "TINDER_SMS", "EMAIL", "Companion", "domain")

[jsdjsd]

@jdoez Thank you for your reply.

Although I still can't connect to the api. I'm wondering if the issue is not on facebook side ? Pardon my french on the error message below

I have the following error "URL bloquée: La redirection a échoué car l’URI redirigée n’est pas approuvée dans les réglages Client OAuth de l’application. Assurez-vous que le Client et l’identification Web OAuth sont activés et ajoutez les domaines de toutes vos applications dans la liste des URI autorisées." when I go to : "https://www.facebook.com/dialog/oauth?client_id=464891386855067&redirect_uri=https://www.facebook.com/connect/login_success.html&scope=basic_info,email,public_profile,user_about_me,user_activities,user_birthday,user_education_history,user_friends,user_interests,user_likes,user_location,user_photos,user_relationship_details&response_type=token"

What do you think guys ?

[danielreis1]

@jsdjsd your problem has to do with the OAUth protocol, it cannot redirect you to the url you are trying to redirect it to in the "redirect_url=... ", I don't know why that is, (I believe it's just that the client_id is not matching the other token you have to send) anyways the translation from french of his problem is that the url redirect is not possible.

[Gab0]

https://api.gotinder.com/v2/auth/login/FACEBOOK returns 404 for me.

https://api.gotinder.com/auth, with the token and id from facebook as I used to do in february returns a response with code 200, without the good old json... just the word OK.

What is happening? Is this a thing? Would they answer OK while denying access just for deception?

[FavyTeam]

Hello @jdoez

Thank you for share new tinder auth api.

Actually, it was working correctly but now it's not working.

Please update if you know something else about it

Thanks!

[cytex124]

New Solution:

POST https://api.gotinder.com/v2/auth/login/facebook
{"token":"%FACEBOOK_TOKEN%"}
HEADERS: 
content-type: application/json

[Gab0]

@cytex124 solution works for authentication, other API calls have also change though.

[benonilearns]

Something else related to retrieving access tokens changed in the last 24 hours.

[patrickclery]

New Solution:

POST https://api.gotinder.com/v2/auth/login/facebook
{"token":"%FACEBOOK_TOKEN%"}
HEADERS: 
content-type: application/json

^^^ this.

Although I'm using my own Tinder client written in Ruby, I've verified that using any Content-Type header other than Content-Type: application/json will return "Invalid request body".

Even though /auth/sms/send and /auth/sms/validate (or the Facebook equivalent) work, it looks like the actual /auth/login/sms requires that header parameter.

Thought I'd share. :)

[Hyperclaw79]

2020 Way of auth:

Url: 'https://api.gotinder.com/v2/auth/login/facebook?locale=en' Method: POST Headers:

{
   "x-auth-token": "old_auth_token_here"
}

Body:

{
   "grant_type": "refresh_token",
   "refresh_token": "refresh_token_obtained_from_old_auth"
}

[imdavidmin]

Is the posting of fb token and id as arguments still working? I couldn't get any x-auth-token. Going through their minified JS code, it looks like they have moved onto v3 of their authentication, sending a x-google-protobuf content to Tinder, returning an "API token" that is the x-auth-token still referenced elsewhere.

With the Protocol Buffer format, they seem to be submitting the FB token (possibly other data too) as a 8 bit array.

Anyone has a working example / tutorial how to get the tinder token with a FB token that's still working?

[gotibhai]

Just tried this, this works for me for fetching the tinder token.

get_headers = {
    'app_version': '6.9.4',
    'platform': 'ios',
    "User-agent": "Tinder/7.5.3 (iPhone; iOS 10.3.2; Scale/2.00)",
    "Accept": "application/json"
}
headers = get_headers.copy()
headers['content-type'] = "application/json"

def get_auth_token(host, fb_auth_token, fb_user_id):
    url = 'https://api.gotinder.com/v2/auth/login/facebook?locale=en'
    req = requests.post(url,
                        headers=headers,
                        data=json.dumps(
                            {'token':fb_auth_token, 'facebook_id': fb_user_id}
                        )
                       )
    try:
        tinder_auth_token = req.json()["data"]["api_token"]
        headers.update({"X-Auth-Token": tinder_auth_token})
        get_headers.update({"X-Auth-Token": tinder_auth_token})
        print("You have been successfully authorized!")
        return tinder_auth_token
    except Exception as e:
        print(e)
        return {"error": "Something went wrong. Sorry, but we could not authorize you."}

#tinder_auth_token = tinder_api.get_auth_token(config.fb_auth_token, config.fb_user_id)
get_auth_token(host, fb_access_token, fb_user_id)

[imdavidmin]

Thanks @gotibhai - finally got this to work, after making some changes to the fb auth module.

One thing I don't get though is I tried replicating exactly the same POST in Postman, but that returns a 400 error, whereas it works here... Why might this be?

Request Headers:
    app_version: 6.9.4
    platform: ios
    User-agent: Tinder/7.5.3 (iPhone; iOS 10.3.2; Scale/2.00)
    Accept: application/json
    content-type: application/json
Request Body
    token: "<token I've copied from the python script output (without making it send the POST)"
    facebook_id: "<ID I've copied from script output>"

EDIT: Also tried to do this in JS, gets the same 400 response.

Response body is

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<HTML><HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<TITLE>ERROR: The request could not be satisfied</TITLE>
</HEAD><BODY>
<H1>400 ERROR</H1>
<H2>The request could not be satisfied.</H2>
<HR noshade size="1px">
Bad request.
We can't connect to the server for this app or website at this time. There might be too much traffic or a configuration error. Try again later, or contact the app or website owner.
<BR clear="all">
If you provide content to customers through CloudFront, you can find steps to troubleshoot and help prevent this error by reviewing the CloudFront documentation.
<BR clear="all">
<HR noshade size="1px">
<PRE>
Generated by cloudfront (CloudFront)
Request ID: Dj6iKP6RfGyNbqrLymAki6uW9DCzpZrohlNkHgdoEk2NVcRtXwANzQ==
</PRE>
<ADDRESS>
</ADDRESS>
</BODY></HTML>

[rohans0509]

Just tried this, this works for me for fetching the tinder token.

get_headers = {
    'app_version': '6.9.4',
    'platform': 'ios',
    "User-agent": "Tinder/7.5.3 (iPhone; iOS 10.3.2; Scale/2.00)",
    "Accept": "application/json"
}
headers = get_headers.copy()
headers['content-type'] = "application/json"

def get_auth_token(host, fb_auth_token, fb_user_id):
    url = 'https://api.gotinder.com/v2/auth/login/facebook?locale=en'
    req = requests.post(url,
                        headers=headers,
                        data=json.dumps(
                            {'token':fb_auth_token, 'facebook_id': fb_user_id}
                        )
                       )
    try:
        tinder_auth_token = req.json()["data"]["api_token"]
        headers.update({"X-Auth-Token": tinder_auth_token})
        get_headers.update({"X-Auth-Token": tinder_auth_token})
        print("You have been successfully authorized!")
        return tinder_auth_token
    except Exception as e:
        print(e)
        return {"error": "Something went wrong. Sorry, but we could not authorize you."}

#tinder_auth_token = tinder_api.get_auth_token(config.fb_auth_token, config.fb_user_id)
get_auth_token(host, fb_access_token, fb_user_id)

What are you supposed to fill in the variable "host"? And is the second last line supposed to be commented out?

[imdavidmin]

@rohans0509

What are you supposed to fill in the variable "host"? And is the second last line supposed to be commented out?

His code took out the host variable and put in the full url. Host is supposed to be https://api.gotinder.com/

The code snippet he did is get_auth_token, the commented out part is just how you would call it.

[RMatushkin]

Guys, if you find actual API endpoints, please take a look at my own open-sourced library written on Java where you can find all basic requests including authorization and registration via SMS: https://github.com/RMatushkin/tinder-api

[AbderrahmenM]

Anyone have a valid updated documentation for the api please ?

[robotbanker]

Hi, Given that the API is unstable why don't we use something based on selenium like the one below?

https://github.com/robotbanker/Swiper_Bot