Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Question] How do you guys managed to find the API endpoints? #24

Closed
jhonpedro opened this issue Nov 6, 2022 · 2 comments
Closed

[Question] How do you guys managed to find the API endpoints? #24

jhonpedro opened this issue Nov 6, 2022 · 2 comments

Comments

@jhonpedro
Copy link

I opened this issue because I do not know how we can find the API endpoints without a documentation. I am curious about how you guys made it and maybe I can help building other repositories about other fintech/banks like this one.

And I would really appreciate if you guys give me some resources/directions on how can I discover Nubank or bank related API's their endpoints.

I saw that there are some "Discovery" endpoints, but I did not manage to go beyound that.

Thank you guys!
@fmsouza
Copy link
Owner

fmsouza commented Nov 7, 2022

Hey @jhonpedro!

So giving you some context, basically @andreroggeri spent some time to create his python library for the same purpose a few years ago, and this repository is basically a not-so-up-to-date translation from his repository to TypeScript.

According to what I read in some discussions in his repository, the strategy was basically reverse engineering using man-in-the-middle attack via running the app on an emulator in the computer. So he (and other devs) would listen to the requests with their payloads for each action you do in the app and map those so this could be redone in the library.

Initially, it was possible to make the introspection call to their GraphQL endpoint and read the entire specification for the API, but after they've started talking about it in the repo Nubank people addressed that so we wouldn't be able to anymore (I've tried the same thing when I heard about it, and it sadly wasn't returning anything anymore).

So whatever developments done since then were basically via reverse engineering of the code again, which is a very time consuming way of developing an API, so that's why it'll likely always be pretty slow to bring new features.

Said that, if you don't want to use those libs but want to develop some sort of integration either way, what I'd recommend you is going through our codebases to learn how things are working and then just try to replicate for your use case. Unfortunately there's really no other better alternative that we know of.

@jhonpedro
Copy link
Author

Hello @fmsouza !

Thank you for the explanation man! I really appreciate it!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@fmsouza @jhonpedro