Migrate to Graphql

[guitmz]

Looks like N26 is migrating to Graphql, need to check and invest time on that in case they disable the current API.

[nathanmarcos]

Hey @guitmz, I would park this issue for awhile because they added some kind of encryption on the client side which makes things even more complicated and less flexible to send data to the server.

In practice, front-end encryption works like this: on start, the server generates two keys, a public one which makes its way to the client in a cookie, and a private one which stays on the server. In the browser, the public key is used to encrypt a certain payload before sending it to the server via a XHR request. On the server, upon receiving the request, the payload is decrypted using the private key. It’s important the private key remains a secret and never gets leaked, as it is the only way to decrypt the data.

More details: https://medium.com/insiden26/web-security-at-n26-d1b4644c32fb

[lruggieri]

Is there some documentation about the graphql mountpoints? I would like to start working on this

[guitmz]

@lruggieri N26 API is not publicly documented, we usually resort to MITM on the web page or mobile app to figure out the endpoints