Depop 403

[Geo0010]

When running the script for Depop users, the request to the Depop api results in an authorization error (403 forbidden). I’ve tried different headers, vpns, and cloudscraper with no luck. Vinted still works without issue. Any advice would be appreciated. Thanks!

[Relax594]

They've added CloudFlare and you can't access the website without JavaScript enabled anymore. There might be additional protection layer somewhere which I haven't noticed yet.

There is also this in the original request headers now:
Access-Control-Request-Headers: depop-device-id,depop-search-id,depop-session-id,x-cached-sizes

[Gertje823]

Thanks for opening this issue. Apparently the Depop api requires a referer request header now.
I updated the script and it should work now.

[mkyrganov]

doesnt work

[Relax594]

dont work

for me it did yesterday and the day before. Haven't tested today.

[mkyrganov]

dont work

for me it did yesterday and the day before. Haven't tested today.

Already at this point Im getting 403

[Gertje823]

I can indeed reproduce the error you are getting. Looks like sometimes it works and sometimes it is detected by Cloudflare. I am testing different Cloudscraper configs to see if I can bypass the Cloudflare detection that way.

[mkyrganov]

I can indeed reproduce the error you are getting. Looks like sometimes it works and sometimes it is detected by Cloudflare. I am testing different Cloudscraper configs to see if I can bypass the Cloudflare detection that way.

`
import asyncio
import cloudscraper

async def main():

headers = {
    "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7",
    "Accept-Encoding": "gzip,deflate,br",
    "Accept-Language": "en-US,en;q=0.9",
    "Cache-Control": "max-age=0",
    "Dnt": "1",
    "Sec-Ch-Ua": '"Not_A Brand";v="8", "Chromium";v="120", "Google Chrome";v="120"',
    "Sec-Ch-Ua-Mobile": "?0",
    "Sec-Ch-Ua-Platform": '"Windows"',
    "Sec-Fetch-Dest": "document",
    "Sec-Fetch-Mode": "navigate",
    "Sec-Fetch-Site": "same-origin",
    "Sec-Fetch-User": "?1",
    "Upgrade-Insecure-Requests": "1",
    "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36"
}

headers2 = {
    "Accept": "application/json, text/plain, */*",
    "Accept-Encoding": "gzip,deflate,br",
    "Accept-Language": "en-US,en;q=0.9",
    "Origin": "https://www.depop.com",
    "Referer": "https://www.depop.com/",
    "Sec-Ch-Ua": '"Not_A Brand";v="8", "Chromium";v="120", "Google Chrome";v="120"',
    "Sec-Ch-Ua-Mobile": "?0",
    "Sec-Ch-Ua-Platform": '"Windows"',
    "Sec-Fetch-Dest": "empty",
    "Sec-Fetch-Mode": "cors",
    "Sec-Fetch-Site": "same-site",
    "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36"
}

s = cloudscraper.create_scraper()

r = s.get(
    "https://www.depop.com/search/?q=gucci", 
    proxies = {"http": "", "https": ""}, headers=headers
)

print("SITE PAGE", r.status_code) 

r = s.get(
    "https://webapi.depop.com/api/v2/search/products/?what=gucci&itemsPerPage=24&country=us&currency=USD&sort=relevance", proxies = {"http": "", "https": ""}, headers=headers2
)
print("API PAGE", r.status_code)  # this work  

if name == "main":
asyncio.run(main())
`

these headers (headers2) work for the webapi domain, but the main domain doesnt work

[Gertje823]

I added browser parameters for couldscraper and I was able to scrape some profiles without any problems. Could you please checkout https://github.com/Gertje823/Vinted-Scraper/tree/47-depop-403 and let me know if this is also working for you guys?

[Relax594]

Hey @Gertje823 sorry for coming back late. It worked fine with using the "chrome" browser parameters until like a few days ago. Now that also ends up in a lot of 403 requests. Using your browser parameters didn't change anything.

[Gertje823]

@Relax594 @mkyrganov @Geo0010 I haven't been able to find a way to use the webAPI for stable scraping. So I made some changes and the script is now using the mobile app API. I scraped some large accounts without any issues. Please check out https://github.com/Gertje823/Vinted-Scraper/tree/47-depop-403 and let me know if it is also stable for you guys so I can push this to the main branch.

[Relax594]

@Gertje823 works perfectly, thank you very much!