Mercari API for the US?

[Gresliebear]

Would you know if this works for Mercari API US?

[Gresliebear]

https://www.mercari.com/us/item/

https://www.mercari.com/v1/api

{"operationName":"cartCountQuery","variables":{},"extensions":{"persistedQuery":{"version":1,"sha256Hash":"bb1ad0a466ff590aabc096222eada47e8c8f52eec9b7fe579b392483d7b6b016"}}}

[marvinody]

Seems like different API completely.

The JP version requires a special token to be generated on every request and passed an HTTP header, but in the one you linked, you can just issue a GET request with your search parameters. So on that basis, they would be different, but it's something I can look into, for the search api, since it's a fun thing for me but no promises on my end.

[Gresliebear]

Thanks for getting back to me!

Ya installed the request packages & tried a post but there was some sort of complicated string query. I will be honest its over my head right now. Is there any reading material can you suggest use to figure out this reserve engineer API? I could try it myself.

Ya I am trying to pull data for Mercia as a data science project, I wanted to create price index similar to S&P 500 but with Squishmallow prices. I got the japan API to work but there is so few squishmallows on the market that I could not do anything.

[marvinody]

There's not really one set way to do it but I can offer some general steps. You'll want to use something like Postman to play around with network requests in an easier way.

I start by opening the website and just searching for the thing I want, in your case "squishmallow." Navigate to the network section of your browser and see if you can find the actual HTTP call. Normally, if you right click it, you can copy it as a cURL or some other format and import it into postman.

From there, it's a little guess and check of "let's remove this parameter, ok it still works. let's remove this one, oh it broke." The point of this is to find out what they're using for functional search vs tracking usage or unneeded parameters to make a minimal payload.

Then you can try changing the search query and other things to see if it'll keep working with the bare minimum parameters.

In the Mercari JP side, it was a bit more work because they pass a signature on the payload so every time you changed the request body significantly, you would need to run it through this signature code on the frontend (which I had to reverse engineer from their javascript). Let's assume you don't need that just yet.

The first part is just reducing your postman request to the fewest pieces and checking to see if you can change parameters without breaking the existing call or perhaps you can only query for like 5 minutes because of the signature. It's hard to say for sure without playing with it.

As for other resources, I don't have any handy, but maybe you can stumble on something useful on google with "reverse engineer http apis" or some similar query.

[Gresliebear]

Thank you! I never tried that before that makes lot of sense! I will give that a try, I do have postman install. so I can start there.

Ya I read through your code on Dpop for Mercari JP & hashes, I was like oh god, how do I reverse engineer https I havn't done that before its imitating. Well thanks for getting back to me I appreciate it. I will share my findings over few days if work doesn't get in the way.

I would like to learn something new here, get a deeper understanding of it.

[marvinody]

I published an initial version called mercarius (creative name, I know), which you can try with pip install mercarius.

You can check the PyPi link or the github link for a sample script on how to use it. I probably won't support this long term since I don't use it, but you're welcome to just rip whatever code you need from it.

It was an interesting dive into their side of how they do it and I definitely learned some new things. You don't need any of the DPOP stuff on there, but there's some weird inconsistencies that I noted in the readme file that you can take a look for yourself. I didn't do a writeup on my process but hopefully you can gleam enough from the code to use to your advantage.

Feel free to ask if any questions, I haven't written python in a while so I'm sure I made a couple of weird design decisions that a more experienced dev may not have made.

[Gresliebear]

mercarius

I came up with the same name I wasn't too creative when I was trying.

Awesome! thank you so much!

I will give this a download & see if I can pull the data, I can make some improvements and merge anything if it needs fixing.

I will have more questions soon but I will need to try