rohanpai
commented
9 years ago @sircambridge Thanks, I'll look into this and create a fix.
Open sircambridge opened 9 years ago
rohanpai
commented
9 years ago @sircambridge Thanks, I'll look into this and create a fix.
ialexryan
commented
9 years ago Duuuuuuuude this is really bad haha - are people not screwing around with your account left and right? If I were you I would close your RobinHood account ASAP.
ialexryan
commented
9 years ago Also, you can't execute buy/sell orders without that string. How did you find out your account ID?
rohanpai
commented
9 years ago @ialexryan
"Duuuuuuuude this is really bad haha - are people not screwing around with your account left and right? If I were you I would close your RobinHood account ASAP.'
Unlikely. It's possible that this is causing problems with you executing trades but very unlikely that this is a security vuln. I'll take a look later.
"Also, this project is pretty much useless without that string. "
Ok. I'll late a look. If you have ideas file a PR.
ialexryan
commented
9 years ago I spent some time inspecting Robinhood app traffic with Charles and wasn't able to get anywhere. Looks like the Robinhood app is pretty strict about SSL certificates, and it refused to log in or do anything while proxying was active.
How did you get your user ID originally? Is this a change in their security practices (for the better, but unfortunate for us) in the last few months?
watch out! your account is hard coded inside def place_order
https://api.robinhood.com/accounts/5PY93481/
you should probably call the "accounts" endpoint, and extract "url" from the first account