new endpoints found

[jumpjack]

By disassembling the app, I found different lists of different endpoints; most of them are already known, but I think some are new, so I am testing them:

classes2.dex

1. /commerce/v1/accounts/register
2. /commerce/v1/accounts/{accountId}/kamereon/kcm/v1/vehicles/{vin}/ev/soc-levels
3. /commerce/v1/accounts/{accountId}/kamereon/kts/tsp-adapter/v1/svt/vehicles/{VIN}/phonenumber
4. /commerce/v1/accounts/{accountId}/vehicles
5. /commerce/v1/accounts/{accountId}/vehicles/{vin}/contracts?connectedServicesContracts=true&warranty=true&warrantyMaintenanceContracts=true
6. /commerce/v1/accounts/{accountId}/vehicles/{vin}/details
7. /commerce/v1/accounts/{accountId}/vehicles/{vin}/details?staticMaintenancePlan=true
8. /commerce/v1/accounts/{accountId}/vehicles/{vin}/pop-init
9. /commerce/v1/accounts/{accountId}/vehicles/{vin}/preferred-dealer
10. /commerce/v1/accounts/{accountId}/vehicles/{vin}/recall-notifications
11. /commerce/v1/accounts/{accountId}/vehicles/{vin}/send-otp
12. /commerce/v1/accounts/{accountId}/vehicles/{vin}/valid-otp
13. /commerce/v1/accounts/{accountId}/vehicles/{vin}/valid-pop
14. /commerce/v1/accounts/{accountId}/vehicles/{vin}/validate-pairing
15. /commerce/v1/accounts/{accountId}/vehicles/{vin}?
16. /commerce/v1/accounts/{accountid}/vehicles/{vin}
17. /commerce/v1/accounts/{accountid}/vehicles/{vin}/unpairing
18. /commerce/v1/accounts/{id}
19. /commerce/v1/accounts/{id}/password
20. /commerce/v1/cards/{cardId}
21. /commerce/v1/carts
22. /commerce/v1/carts/{orderGroupUuid}
23. /commerce/v1/dealers/activities/{country}
24. /commerce/v1/dealers/locator
25. /commerce/v1/dealers/{id}
26. /commerce/v1/entities/countries-values
27. /commerce/v1/entities/countries-values?&referenceCode=GROUP_CONTRACT_LABEL
28. /commerce/v1/order-groups/?channel=main
29. /commerce/v1/persons/{id}
30. /commerce/v1/persons/{id}/credit-cards
31. /commerce/v1/persons/{id}/credit-cards/{cardId}
32. /commerce/v1/persons/{id}/purposes?purposeType=MARKETING&scopeType=RENAULTGROUP
33. /commerce/v1/persons/{id}/purposes?purposeType=MARKETING&sourceType=DIGITAL&subSourceType=MYRENAULT
34. /commerce/v1/pnc
35. /commerce/v1/pnc/payment-methods
36. /commerce/v1/pois/charging-stations/{STATION_ID}/usage
37. /commerce/v1/rdocs/{rDocId}
38. /commerce/v1/utils/google/maps/directions/json
39. /commerce/v1/utils/google/maps/distancematrix/json
40. /commerce/v1/utils/google/maps/geocode/json
41. /commerce/v1/utils/google/maps/place/autocomplete/json
42. /commerce/v1/utils/google/maps/place/details/json
43. /commerce/v1/utils/google/maps/place/nearbysearch/json
44. /commerce/v2/accounts/{accountId}/vehicles
45. /commerce/v2/accounts/{accountId}/vehicles/{vin}/connected-status
46. /commerce/v2/accounts/{accountId}/vehicles/{vin}/pop-init
47. /commerce/v2/accounts/{accountId}/vehicles/{vin}/valid-pop
48. /commerce/v2/cards
49. /commerce/v2/cards/ze-passes/info
50. /commerce/v2/cards/{cardId}
51. /commerce/v2/cards/{orderCode}
52. /commerce/v2/leads
53. /commerce/v2/offers
54. /commerce/v2/offers/{offerId}
55. /commerce/v2/pois/charging-stations

---

classes4.dex

1. /commerce/v1/accounts/{AccountID}/kamereon/kna/notifications/v1/categories/settings/users/{ONE_PERSON_ID}/vehicles/{vin}
2. /commerce/v1/accounts/{id}/kamereon/kca/car-adapter/v1/cars/{vin}/actions/charge-mode
3. /commerce/v1/accounts/{id}/kamereon/kca/car-adapter/v1/cars/{vin}/actions/charge-schedule
4. /commerce/v1/accounts/{id}/kamereon/kca/car-adapter/v1/cars/{vin}/actions/hvac-start
5. /commerce/v1/accounts/{id}/kamereon/kca/car-adapter/v1/cars/{vin}/actions/notification-settings
6. /commerce/v1/accounts/{id}/kamereon/kca/car-adapter/v1/cars/{vin}/actions/send-navigation
7. /commerce/v1/accounts/{id}/kamereon/kca/car-adapter/v1/cars/{vin}/actions/{action}
8. /commerce/v1/accounts/{id}/kamereon/kca/car-adapter/v1/cars/{vin}/battery-inhibition-status
9. /commerce/v1/accounts/{id}/kamereon/kca/car-adapter/v1/cars/{vin}/charge-mode
10. /commerce/v1/accounts/{id}/kamereon/kca/car-adapter/v1/cars/{vin}/charge-schedule
11. /commerce/v1/accounts/{id}/kamereon/kca/car-adapter/v1/cars/{vin}/charges
12. /commerce/v1/accounts/{id}/kamereon/kca/car-adapter/v1/cars/{vin}/charging-settings
13. /commerce/v1/accounts/{id}/kamereon/kca/car-adapter/v1/cars/{vin}/cockpit
14. /commerce/v1/accounts/{id}/kamereon/kca/car-adapter/v1/cars/{vin}/hvac-settings
15. /commerce/v1/accounts/{id}/kamereon/kca/car-adapter/v1/cars/{vin}/hvac-status
16. /commerce/v1/accounts/{id}/kamereon/kca/car-adapter/v1/cars/{vin}/location
17. /commerce/v1/accounts/{id}/kamereon/kca/car-adapter/v1/cars/{vin}/lock-status
18. /commerce/v1/accounts/{id}/kamereon/kca/car-adapter/v1/cars/{vin}/notification-settings
19. /commerce/v1/accounts/{id}/kamereon/kca/car-adapter/v1/cars/{vin}/pressure
20. /commerce/v1/accounts/{id}/kamereon/kca/car-adapter/v1/cars/{vin}/res-state
21. /commerce/v1/accounts/{id}/kamereon/kca/car-adapter/v2/cars/{vin}/actions/hvac-schedule
22. /commerce/v1/accounts/{id}/kamereon/kca/car-adapter/v2/cars/{vin}/battery-status
23. /commerce/v1/accounts/{id}/kamereon/kcm/v1/vehicles/{vin}/charge/schedule
24. /commerce/v1/accounts/{id}/kamereon/kcm/v1/vehicles/{vin}/charge/settings
25. /commerce/v1/accounts/{id}/kamereon/kcm/v1/vehicles/{vin}/charge/start
26. /commerce/v1/persons/{personId}/notifications/kmr

classes5.dex

1. /commerce/v1/accounts/{accountId}/vehicles/{vin}/virtual-keys
2. /commerce/v1/accounts/{accountId}/vehicles/{vin}/virtual-keys-roles
3. /commerce/v1/accounts/{accountId}/vehicles/{vin}/virtual-keys-roles/grant
4. /commerce/v1/accounts/{accountId}/vehicles/{vin}/virtual-keys-roles/revoke
5. /commerce/v1/accounts/{accountId}/vehicles/{vin}/virtual-keys/pending-revoke
6. /commerce/v1/accounts/{accountId}/vehicles/{vin}/virtual-keys/{rid}
7. /commerce/v1/accounts/{accountId}/vehicles/{vin}/virtual-keys/{rid}/validate
8. /commerce/v1/cards/ze-passes/price
9. /commerce/v1/chargepass/subscriptions
10. /commerce/v1/chargepass/subscriptions/billing-addresses
11. /commerce/v1/chargepass/subscriptions/catalog
12. /commerce/v1/chargepass/subscriptions/invoices
13. /commerce/v1/chargepass/subscriptions/invoices/{invoiceId}/emails
14. /commerce/v1/chargepass/subscriptions/payment-methods
15. /commerce/v1/chargepass/subscriptions/{subscriptionId}
16. /commerce/v1/gift-cards
17. /commerce/v1/persons/{personId}/vehicles/{vin}/admin
18. /commerce/v1/persons/{personId}/vehicles/{vin}/admin-eligibility
19. /commerce/v1/persons/{personId}/ze-passes
20. /commerce/v1/pnc/{vin}
21. /commerce/v2/cards/ze-passes/history
22. /commerce/v2/cards/ze-passes/info
23. /commerce/v2/cards/ze-passes/order/{PERSON_ID}
24. /commerce/v2/persons/{ONE_PERSON-ID}/ze-passes/{zePassId}
25. /commerce/v3/persons/{ONE_PERSON-ID}/ze-passes
26. /commerce/v3/persons/{ONE_PERSON-ID}/ze-passes/{zePassId}
27. /commerce/v4/persons/{ONE_PERSON-ID}/ze-passes

tests:

query: /commerce/v1/persons/{personId}/vehicles/{vin}/admin-eligibility GET result: eligible = false POST result:

query: /commerce/v1/accounts/{accountId}/vehicles/{vin}/virtual-keys GET result: No vehicle linked for account with id '{}', vin '{}' and country '{}' POST result: Body is missing or cannot be bound

query: /commerce/v1/cards/ze-passes/price GET result:

[ { "zePassId": XXXXXXXXXXXX "evcoId": XXXXXXXXXXXX "associatedCreditCardId": XXXXXXXXXXXX "zePassLabel": "Il mio Mobilize charge pass", "disabled": false, "createdDate": "2022-05-08T19:45:14.506262Z", "lastModifiedDate": "2023-05-27T12:03:38.303237Z" } ] POST result:

query: /commerce/v1/chargepass/subscriptions GET result: (needs many parameters) POST result:

query: /commerce/v1/chargepass/subscriptions/catalog GET result: (needs many parameters) POST result: (unsupported)

query: /commerce/v1/pnc/{vin} GET result: No subscription found for given vin and personId POST result:

query: /commerce/v2/cards/ze-passes/history GET result: "Failed to get ze-pass history, The model doesn't match validation rules POST result:

query: /commerce/v2/cards/ze-passes/info GET result: (lot of data!) POST result:

A lot of work to be done....