n26 icon indicating copy to clipboard operation
n26 copied to clipboard
verified publisher icon guitmz

Migrate to Graphql

Open guitmz opened this issue 6 years ago • 3 comments

Looks like N26 is migrating to Graphql, need to check and invest time on that in case they disable the current API.

guitmz avatar Oct 08 '19 13:10 guitmz

Hey @guitmz, I would park this issue for awhile because they added some kind of encryption on the client side which makes things even more complicated and less flexible to send data to the server.

In practice, front-end encryption works like this: on start, the server generates two keys, a public one which makes its way to the client in a cookie, and a private one which stays on the server. In the browser, the public key is used to encrypt a certain payload before sending it to the server via a XHR request. On the server, upon receiving the request, the payload is decrypted using the private key. It’s important the private key remains a secret and never gets leaked, as it is the only way to decrypt the data.

More details: https://medium.com/insiden26/web-security-at-n26-d1b4644c32fb

nathanmarcos avatar Dec 05 '19 13:12 nathanmarcos

Is there some documentation about the graphql mountpoints? I would like to start working on this

lruggieri avatar Jul 29 '20 06:07 lruggieri

@lruggieri N26 API is not publicly documented, we usually resort to MITM on the web page or mobile app to figure out the endpoints

guitmz avatar Jul 29 '20 14:07 guitmz