azerpas
Login using Api not working
I am try to login using my email and password.But it always say not authenticate
@Mobeen22-creator As I've said in the README.md, the login has been changed by Nike more than a year ago.
You need to reverse engineer their new log-in system powered by Akamai.
A few leads I can give you:
- Decode the Akamai file stored in Nike public files: 12/4/2020: https://www.nike.com/static/91698b6f882ti2091b8958ff21d04d86a
- Once you understand its logic, check how to generate and to use _abck cookie on login.
While a lot of bots are requests based nowadays, I'm sure you'll be able to generate better results with a good webdriver framework.
Good luck and let me know if you achieve anything!
Thanks for your response...I will check it if possible.. Also Can you guide me on other api(for checkout,add to card)?
Last time I checked they were not any changes on the checkout part. They track your sensor data through the whole process though.
Last time I checked they were not any changes on the checkout part. They track your sensor data through the whole process though.
Which Senor data?..Because I am working about 15 days ago..Checkout Api working..But now it not working..Can you please check the issue?..I will be very thankful to you.
fetch("https://api.nike.com/buy/checkouts/v3/ee2c64e3-7fcb-4793-ba50-d7b23585b2ca", { "headers": { "accept": "application/json", "accept-language": "en-US,en;q=0.9", "authorization": "Bearer eyJhbGciOiJSUzI1NiIsImtpZCI6ImFlYmJkMWMyLTNjNDUtNDM5NS04MGMzLWE3YTIyMmJlOTJmMHNpZyJ9.eyJ0cnVzdCI6MTAwLCJpYXQiOjE2MDcwNzI1NTAsImV4cCI6MTYwNzA3NjE1MCwiaXNzIjoib2F1dGgyYWNjIiwianRpIjoiMjE1Nzk4MWMtODY5Yi00MDI0LWFiOWYtZjI1OTBkYzdmM2E0IiwibGF0IjoxNjA3MDI2MTk4LCJhdWQiOiJjb20ubmlrZS5kaWdpdGFsIiwic3ViIjoiY29tLm5pa2UuY29tbWVyY2UuY2hlY2tvdXQud2ViIiwic2J0IjoibmlrZTphcHAiLCJzY3AiOlsiY29tbWVyY2UiXSwicHJuIjoiNWI1ZDhkMjgtMTA0Yi00OTlhLTkzOTAtNTc0NDhjNTQ1OWQxIiwicHJ0IjoibmlrZTpwbHVzIn0.0bpMoHH3d68qZz5ORXdkV2Wfj2lNCpbMA_PwCtNmL7B1a2udS2xrxLbHMvGgw8gVbtuU72JhsAKCoVJ7SFW7cO6t-EQDIrxprCW9TgH0oWsR52YmK1RGak7nkq7TIeJQMbsQu65X5jnQEw4httffSBOE8jDoMTCSrh_bEeoyIOyPngP9E4go_zaHzpGkuzCdWrK4uyLJqK1mHZ93FjdpiIwWpb9FuXNRziYgD2hxJkDkX3u5pbYVXwG3JHV-8yyDKn8NXcCYEo_7U-UhjvTNz7yFtAljk5IjyRbAke_hz3W3ck6TG2HFljd87I7hINKF9WgTWtT25ECNP1Fz5m02Dg", "content-type": "application/json; charset=UTF-8", "sec-fetch-dest": "empty", "sec-fetch-mode": "cors", "sec-fetch-site": "same-site", "x-b3-spanname": "CiCCheckout", "x-b3-traceid": "552bf8ff-8077-4a4c-92c5-a3db513744fc" }, "referrer": "https://www.nike.com/", "referrerPolicy": "strict-origin-when-cross-origin", "body": "{"request":{"email":"[email protected]","country":"GB","currency":"GBP","locale":"en_GB","channel":"NIKECOM","clientInfo":{"deviceId":"0400nyhffR+vPCUNf94lis1ztol5d9dCHB246/Ao2WE9gwrUHAxi3JGYcv10jeKdrw/C8c6z42TBuWd9l5a0IyQqrWpPeeaRgFdrdUsprl5Sq8nl3OCiMt8Ua0+1lB53qXj42Y+Kp1yqi2Z4uIfnWQtSfAUqw4TZbScFh+Qutt/w307oXkDF/U1E7xXW4qB19dHOMLejutG4hxJ6SrLlZLyFhSgO+Uqpxb++AfOPjzqyODJQ74Aiel35TKTOWG8pq1WO6yzJ1GNmMuMWZBamlGXoG/imnjwHY9HQtQzpGfcm0cR8X2Fd1ngNFGLDGZlWOX0jgqNsTimwHaMJry15Gy0Vf0zI+mPNi65X5WFPYlDG9N1OfdJx+sF9hM8RMXMgtBW8CHSoFPORV1rkPw9HliwRsMNlq2VRMtfisD3sDb9dVa2h1CEoY664mo6H2W0dl9AiCA+hWOqdNHoULoDhcfK1noEfSQGj2ggU77A/AHthzIQI07p4tGGHBe8mR20/oWqfEHK71L7cSw/Kf2hhwqstJ0+N0eY/qPMOWU/9MIjl/2AbD3koZ93rcdXh35GdB6Cc0rdKBra3m4b4QdHFky+5sZv2Kj9Fes82ldfwd3sZbGN+/u06EOo/UEYn9EFMRfvxVguGdCj5lhdXtgrpfxK3cPyoTgulhul+Oe0RxWZbWQxXeqF/xZU7dZKetslI3IixuQGzU+n3CAtvv8E4b2pMvayNzGkmK4M7ISKiq4yvoHcgBVMDdOYV83MnEYUvBMAKTEVdGJlxBwCc8acbcKqAuWf7gouzBPJaEMCy0s3hRLlX3uHnT/mMqzEnDVj65t4J4CJ/ytKbzo4j6X1ofZ7r4JYwJVsFx3E/58zGq/hZ0ZoyseD0G1/ThxEIvsJRqGfF9spFd7LTpxjhrt64WqIxSK+Vx63F6egN3u5bh8qtOMZhKoST0dhOCOCSU0oZPWNEfF9hXdZ4DRRkrbXWcoCj3I1znntcmg8XIiroNPn6uMT9rxZ7qeEFWRj18l7DPKO0GeWtn+b74ILhm1ktqxSy95oLxJ4wRE2+2jTYG5F/Nh7D/sce1jRk0ezV1VhPa1KsqpkJeRz7XIosPiZXdNCqfONp5tr3JJKOUynO7lvNGhMGpUeravdrC6H/edFuJJseB8n/NyT5AQL3W8POr0bHFWf5a8LChWIdQuDB7h6M5D0gX3A4cAE9Y2r0rvbBRVd53BOJ2d5nlZ6oNBEkNZ1jV5LSKRXt7Cgy2F6NwUwl9oZZ9QWrvZYKbOvwKNlhPYMK1BwMYtyRmHLfhVX5Lkhxb+bHa83CDZB6we5j4IIrWxMsSjK79lVFBrV8dHY+xR/hipLYSyumm5EJby3UH+X6gycqgnQuQ/zKgvmQv7oSpR7WjVkxQPfCtSRKbKGKbsGAaNDOuJV070+eL95s1tnZULi6NPoChhyXJCq+NTWRpAHjVbcIQaZyvlUmoq3MFE1OvpUNFyuiTcGNpO1APFETHhycLtQBpgeRH82SmjZ9xBbSvXhtHp8xh3BDHIiN3p6e"},"items":[{"id":"21d70f3a-9053-42bc-a5e3-1b76531515b0","skuId":"3e323cdc-1c35-5663-895e-f3f809edff1e","productId":"6e92eeae-6956-5eec-82b8-a1b67af28c2f","itemCosts":{"priceInfo":{"taxTotal":0,"price":84.95,"subtotal":84.95,"discount":0,"valueAddedServices":0,"total":84.95}},"quantity":1,"fulfillmentDetails":{"type":"SHIP","getBy":{"maxDate":{"dateTime":"2020-12-11T12:00:00Z","timezone":"Europe/London","precision":"DAY"}},"location":{"id":"62f64b0d-0cff-4c38-99d5-20d870bd1e42","postalAddress":{"country":"GB","address1":"asmn","postalCode":"L1 8JQ","city":"asmn"},"type":"address/shipping"}},"valueAddedServices":[],"recipient":{"firstName":"asmn","lastName":"asmn"},"contactInfo":{"phoneNumber":"923478677","email":"[email protected]"}}],"paymentToken":"d7a76359-b908-4e2e-b13f-c8808229ca8c","promotionCodes":[],"totals":{"total":84.95,"items":{"total":84.95,"details":{"price":84.95,"discount":0}},"fulfillment":{"total":0,"details":{"price":0,"discount":0}},"taxes":{"total":0,"details":{"items":{"tax":0,"type":"NOT_CALCULATED"},"fulfillment":{"tax":0,"type":"NOT_CALCULATED"},"valueAddedServices":{"tax":0,"type":"NOT_CALCULATED"}}},"valueAddedServices":{"total":0,"details":{"price":0,"discount":0}}}}}", "method": "PUT", "mode": "cors", "credentials": "include" }); This response: { "sec-cp-challenge": "true", "provider": "crypto", "branding_url_content": "%2fstatic%2fbot%2fchallenge%2findex.html", "chlg_duration": 30 }
I am get access token from chrome session storage...I am not using cookies.. Because api request for add to cart and checkout api was working without cookies..
They flag you because of that. This response is returned whenever your cookies are incorrect or absent.
It mean we need cookies..But when I copied it from chrome in postman, issue still exist..Any Solution for it?
So if the login URL isn't "https://unite.nike.com/login?"
Then what is it? I cannot find a link that goes api.nike.com for login purposes
I did generate the sensor data but I still get a 403 error. I even used selenium to get the sensor data from nike. It still did not work. Do you use the same "unite.nike.com/login?" link though?
From: Muhammad Mobeen Ghaffar [email protected] Sent: Sunday, January 24, 2021 6:07 AM To: azerpas/nikeAPI-Py [email protected] Cc: rhkruz03 [email protected]; Comment [email protected] Subject: Re: [azerpas/nikeAPI-Py] Login using Api not working (#3)
You have to generate senor data then it will be easier.
— You are receiving this because you commented. Reply to this email directly, view it on GitHubhttps://github.com/azerpas/nikeAPI-Py/issues/3#issuecomment-766329404, or unsubscribehttps://github.com/notifications/unsubscribe-auth/ASSNVW7PDDNSG7AMZ5TGTFLS3P5PHANCNFSM4UMLOYDQ.
Selenium will get you flagged instantly by Akamai. Decode the _bmak file and search for "selenium" or "chromedriver", hopefully you'll start to understand how that works. 😁
@Mobeen22-creator I'll be happy to hear what you found, please let me know. 😉
I appreciate the help. I have a script that decodes the bmak file for me. An example of the decoded results can be found here: http://ddecode.com/hexdecoder/?results=335f2776eaf4ca7eca9953d2240c3316
I'm using python and I am not trying to figure out how do I then take this code and convert it into the sensor data. I have a script that creates sensor data but if nike constantly updates it would make it obsolete. I've searched github to see if anyone has a python script that could convert the decoded bmak file but I have not seen one.
From: Azerpas [email protected] Sent: Sunday, January 24, 2021 11:45 AM To: azerpas/nikeAPI-Py [email protected] Cc: rhkruz03 [email protected]; Comment [email protected] Subject: Re: [azerpas/nikeAPI-Py] Login using Api not working (#3)
@Mobeen22-creatorhttps://github.com/Mobeen22-creator I'll be happy to hear what you found, please let me know. 😉
— You are receiving this because you commented. Reply to this email directly, view it on GitHubhttps://github.com/azerpas/nikeAPI-Py/issues/3#issuecomment-766392116, or unsubscribehttps://github.com/notifications/unsubscribe-auth/ASSNVW4NJCRBSVGJ6B4JO3TS3RFBXANCNFSM4UMLOYDQ.
The code itself generates the sensor data. You're only half way through with that decoded result, replace all "_ac" vars by its value in the array. Good luck!
I figured out a way to bypass all of that. Which is great news. I am on the final part of checkout. I saw someone mentioned it above as well but it is not clear to me what they did but they seemed to figure it out. I am getting the following error on checkout:
"sec-cp-challenge": "true", "provider": "crypto", "branding_url_content": "%2fstatic%2fbot%2fchallenge%2findex.html", "chlg_duration": 30
From: Azerpas [email protected] Sent: Tuesday, January 26, 2021 3:40 AM To: azerpas/nikeAPI-Py [email protected] Cc: rhkruz03 [email protected]; Comment [email protected] Subject: Re: [azerpas/nikeAPI-Py] Login using Api not working (#3)
The code itself generates the sensor data. You're only half way through with that decoded result, replace all "_ac" vars by its value in the array. Good luck!
— You are receiving this because you commented. Reply to this email directly, view it on GitHubhttps://github.com/azerpas/nikeAPI-Py/issues/3#issuecomment-767391175, or unsubscribehttps://github.com/notifications/unsubscribe-auth/ASSNVW6I2GQODEWAIOLD2LDS3Z5ZFANCNFSM4UMLOYDQ.
I figured out a way to bypass all of that. Which is great news. I am on the final part of checkout. I saw someone mentioned it above as well but it is not clear to me what they did but they seemed to figure it out. I am getting the following error on checkout: "sec-cp-challenge": "true", "provider": "crypto", "branding_url_content": "%2fstatic%2fbot%2fchallenge%2findex.html", "chlg_duration": 30 … ________________________________ From: Azerpas [email protected] Sent: Tuesday, January 26, 2021 3:40 AM To: azerpas/nikeAPI-Py [email protected] Cc: rhkruz03 [email protected]; Comment [email protected] Subject: Re: [azerpas/nikeAPI-Py] Login using Api not working (#3) The code itself generates the sensor data. You're only half way through with that decoded result, replace all "_ac" vars by its value in the array. Good luck! — You are receiving this because you commented. Reply to this email directly, view it on GitHub<#3 (comment)>, or unsubscribehttps://github.com/notifications/unsubscribe-auth/ASSNVW6I2GQODEWAIOLD2LDS3Z5ZFANCNFSM4UMLOYDQ.
I am working on bypassing it.and I have done something in Android app. Maybe we can collaborate. My email is [email protected]
I've created a discord to share your work: https://discord.gg/JqYCEAURpm
@maiff @rhkruz03 @Mobeen22-creator
Has anyone come around this "sec-cp-challenge": "true", "provider": "crypto", "branding_url_content": "%2fstatic%2fbot%2fchallenge%2findex.html", "chlg_duration": 30
also how senser data is generated pls elaborate.TIA
I HAve Succesed getting the abck cookie but when use my bot in concurrency, akamai detect to me that I use a bot, somebody know how akamai detect to me?
