upbit
commented
8 years ago 用中文讨论比较快。
/settings/*这个API有看到过,不过因为pixivpy定位是抓取用的,不需要关心最低客户端版本,所以最初没有将这个加进来。get_secure_url这个参数应该是Android客户端特有的。我最近抓的iOS 5.8.3请求里,并没有看到这个key。device_token如果是推送用的设备Token,一般是注册后客户端上报的。你可以抓下新帐号登录后,Android客户端的POST请求(一般device_token客户端也不用关心)- Android的BearerToken不会变我也发现了,推测是Android的遗留BUG。
不请求r18数据的话,某些接口传无效的BearerToken也能使用。后来发现了iOS的BearerToken生成规律,于是改为模拟iOS客户端。不过iOS的client_id/client_secret生成方法依然没有找到(代码里是硬编码Android的),有兴趣可以研究下:
'client_id': 'bYGKuGVw91e0NMfPGp44euvGt59s',
'client_secret': 'HP3RmkgAmEGro0gn1x9ioawQE8WMfvLXDz3ZqxpK',
xingoxu
API - To find out the lowest version can be logged in
https://app-setting.secure.pixiv.net/v1/setting/pixiv_android.json https://app-setting.secure.pixiv.net/v1/setting/pixiv_ios.json
request headers(actually can be null (tested)):
User-Agent:PixivAndroidApp/4.9.11 User-Agent:PixivIOSApp/5.8.4
returns:
{"server_status":"active","response":{"version":"4.9.1","google_play_url":"https:\/\/play.google.com\/store\/apps\/details?id=jp.pxv.android"}}
params - most apis has added "get_secure_url" params
key:get_secure_url
value:0/1
when it is 1, urls in response will be start as https
And I tested the oAuth, now it will return a new key "device_token", but I didn't found where it has been used (may be notification?)
found the title picture
The title picture on mobile devices is come from daily ranking.
I found that pixivApp on Android get day ranking (all) and get image from it one by one and when pixivApp on Android get these urls and images with a public token as: Authorization: Bearer 8mMXXWT9iuwdJvsVIvQsFYDwuZpRCMePeyagSh30ZdU
The token unchanged whenver changed the account or reinstall the app.
The picture request send as the refer as: https://public-api.secure.pixiv.net/v1/ranking/all.json
I didn't tested it my ios device because it is un-jailbreaked.
严重怀疑安卓客户端是外包开发的,各种参数各种问题(