So how do people figure out API endpoints without documentation?

@irene Looks like the answer is in the network tab of Google chrome dev tools. But since people here obviously have the experience of API sniffing (Since the devRant API isn't documented anywhere) I was wondering how they did it.

Swearing a lot! It helps.
Searching the internet for the little documentation that exists, maybe other people have use the API before you steal their code.
Trying out a lot, even the stupidest things.
And swearing a lot, why those motherfuckers didn't document this pile of shit they call API.

@AlgoRythm @Skayo

Reading the source code and understanding the pattern of endpoints.

For example, I documented an API that had

/api/resource/{any document type}/{any document}

and

/api/method/{dotted.path.to.method}

while there can be arbitrary methods and documents. You can find a list of available documents via

/api/resource/DocType

All functions in the source code that have @whitelisted annotation are available via the /api/method endpoint and the dotted.path refers to the folder structure.

I just looked in the network tab/source files. It's all there.

Also, you can use tools like Postman to capture and document HTTP requests:

https://learning.getpostman.com/doc...

i actually do this quite frequently in order to get (faster) data from various apps as opposed to scraping (getting data from android apps is a walk in the park compared to ios ones, they're literally a security joke!).
it's not that hard once you learn how to capture https traffic and/or remove certificate pinpointing

That's a good question.

Brute Force xD