Long story short… I have a heat pump that I can control via an app. At the end of the day, there is no official documentation on how I can directly (without the app) communicate to my heat pump. So I embarked on a journey to reverse engineer the API connectivity and see how I could tweak this. For those curious, my end goal I have in mind is to align the heat pump to the production of my solar installation. Or just call me a technical nutcase, that also works. 😉
For today’s post, I will show you how you can combine the native proxy function of your iOS device to route to Postman. Where you can then start tracing the API calls made by a native mobile application. Makes sense so far? Cool! Let’s get to it!
I am assuming you already have postman installed. So click on the icon at the top right that allows you to capture requests. Toggle the “Capture Requests” flag to on, and you are good to go here.
Now open up the command shell, and type “ipconfig” to find out your local IP address ;
Note that one down, and pick up your mobile device. Go to your WIFI settings and select “Configure Proxy” ;
Now here you enter the IP you just noted down as “Server” and type 5555 for the “Port” ;
Once you press save, you will immediately see some URLs passing by on the Postman history …
Now open up the app you want to trace… and do whatever you want to trace… 😉
Next up you will see the API calls passing by ;
Where you can then get the details of those API calls ;
Ever wanted to reverse engineer or check up on certain apps? Now you know how… 😉
To be honest, when I saw the connectivity going outside (to the internet) instead of being local, this also made me wonder if I want to have such a contingency. But that is a totally different story than the scope of today’s blogpost I guess!
I hope this was useful to you and that you enjoyed reading up on how to trace API calls from mobile applications.
5 thoughts on “How to reverse engineer 3rd party mobile API calls with Postman”
Hi, I think I have the same heat pump controller as you, I’ve been through the same process already and had the same though when I saw it wasn’t all local. I have no idea how to make the connection directly to the controller, any chance you could cover this in another post?
With a lot of delay… I put the automation on hold for a while. Where I have noticed that the platform is very unstable to work with. It has been down for months. Makes you wonder…
Great stuff but this does not work well for apps using HTTPS. I lost internet on most of my apps because of the proxy and I never saw anything in the history.
Did you get past this or meet this issue?
Be sure that your mobile device can reach the proxy port. So they need to be on the same network (WiFi “vs” 4/5G for instance) and nothing should impede the connectivity in between (firewall rules?).
Hi, I followed this process, but after I configure the proxy settings on my iPhone the wifi status shows no internet connection. There are a couple of APIs calls captured to http://netsts-cdn.apple.com, http://captive.apple.com/hotspot-detect.html and http://www.connectionassist.com/ping.html/. After that I not able to do any activity in my app or browse anything on the browser.
My MacBook and iPhone are on the latest os versions.
Can you suggest how to proceed.