How to reverse engineer 3rd party mobile API calls with Postman

Introduction

Long story short… I have a heat pump that I can control via an app. At the end of the day, there is no official documentation on how I can directly (without the app) communicate to my heat pump. So I embarked on a journey to reverse engineer the API connectivity and see how I could tweak this. For those curious, my end goal I have in mind is to align the heat pump to the production of my solar installation. Or just call me a technical nutcase, that also works. 😉

 

Setup

For today’s post, I will show you how you can combine the native proxy function of your iOS device to route to Postman. Where you can then start tracing the API calls made by a native mobile application. Makes sense so far? Cool! Let’s get to it!

Step-by-Step

I am assuming you already have postman installed. So click on the icon at the top right that allows you to capture requests. Toggle the “Capture Requests” flag to on, and you are good to go here.

Now open up the command shell, and type “ipconfig” to find out your local IP address ;

Note that one down, and pick up your mobile device. Go to your WIFI settings and select “Configure Proxy” ;

Now here you enter the IP you just noted down as “Server” and type 5555 for the “Port” ;

 

Once you press save, you will immediately see some URLs passing by on the Postman history …

Now open up the app you want to trace… and do whatever you want to trace… 😉

 

Next up you will see the API calls passing by ;

 

Where you can then get the details of those API calls ;

Closing Thoughts

Ever wanted to reverse engineer or check up on certain apps? Now you know how… 😉

To be honest, when I saw the connectivity going outside (to the internet) instead of being local, this also made me wonder if I want to have such a contingency. But that is a totally different story than the scope of today’s blogpost I guess!

I hope this was useful to you and that you enjoyed reading up on how to trace API calls from mobile applications.

One thought on “How to reverse engineer 3rd party mobile API calls with Postman

  1. Hi, I think I have the same heat pump controller as you, I’ve been through the same process already and had the same though when I saw it wasn’t all local. I have no idea how to make the connection directly to the controller, any chance you could cover this in another post?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.