How to reverse engineer 3rd party mobile API calls with Postman


Long story short… I have a heat pump that I can control via an app. At the end of the day, there is no official documentation on how I can directly (without the app) communicate to my heat pump. So I embarked on a journey to reverse engineer the API connectivity and see how I could tweak this. For those curious, my end goal I have in mind is to align the heat pump to the production of my solar installation. Or just call me a technical nutcase, that also works. 😉



For today’s post, I will show you how you can combine the native proxy function of your iOS device to route to Postman. Where you can then start tracing the API calls made by a native mobile application. Makes sense so far? Cool! Let’s get to it!


I am assuming you already have postman installed. So click on the icon at the top right that allows you to capture requests. Toggle the “Capture Requests” flag to on, and you are good to go here.

Now open up the command shell, and type “ipconfig” to find out your local IP address ;

Note that one down, and pick up your mobile device. Go to your WIFI settings and select “Configure Proxy” ;

Now here you enter the IP you just noted down as “Server” and type 5555 for the “Port” ;


Once you press save, you will immediately see some URLs passing by on the Postman history …

Now open up the app you want to trace… and do whatever you want to trace… 😉


Next up you will see the API calls passing by ;


Where you can then get the details of those API calls ;

Closing Thoughts

Ever wanted to reverse engineer or check up on certain apps? Now you know how… 😉

To be honest, when I saw the connectivity going outside (to the internet) instead of being local, this also made me wonder if I want to have such a contingency. But that is a totally different story than the scope of today’s blogpost I guess!

I hope this was useful to you and that you enjoyed reading up on how to trace API calls from mobile applications.

2 thoughts on “How to reverse engineer 3rd party mobile API calls with Postman

  1. Hi, I think I have the same heat pump controller as you, I’ve been through the same process already and had the same though when I saw it wasn’t all local. I have no idea how to make the connection directly to the controller, any chance you could cover this in another post?

    1. With a lot of delay… I put the automation on hold for a while. Where I have noticed that the platform is very unstable to work with. It has been down for months. Makes you wonder…

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.