
Unofficial APIs - tornupinside
https://github.com/Rolstenhouse/unofficial-apis
======
komali2
Haha the pokemonGo Api! I was in the final stages of a bootcamp right when
Pokemon Go came out, and a bunch of us were desperately trying to put
ourselves on the map by doing something lit with Pokemon Go. We discovered
that the spawns were cycled hourly, so if we could gather enough data we could
quite accurately map out every pokemon in the city. Then we came up against
not knowing anything about parsing the data we were just yanking back from
requests to the API... I think some point in the authentication phase? So we
saw that python library, saw that _they_ had solved the problem, but it was
using something we had absolutely no idea how to transcribe to Node, and this
is like, a bunch of 3 month old freshfaced Javascript devs. Figuring out
Python was kinda out of the question (better to focus on pitching ourselves as
hardcore Node/Javascript devs in the upcoming job search).

And then, like, three days after we started the journey, someone had not only
beat us to the punch, they had done so at a professional level. I don't
remember which site it was, but not only did it work perfectly, it didn't
require the "crowd sourced" solution to mapping out pokemon that we were
counting on. The developer/s had somehow figured out how to just yank all
pokemon locations. And on top of that the app was functional, gorgeous, even
had its own URL (we were still in the "all our apps are
laughinggiraffe.herokuapp.com domains" phase).

All in all, great experience. A nice fresh slap in the face to how much work
we had ahead of us, and good fun had anyway.

~~~
delusional
I had a friend that ran some of that software. The trick was to just make a
bunch of accounts and just fake them walking all across the map to gather the
locations. Basically crowd sourcing it, but with fake people.

The number of fake accounts was a function of how large of an area you wanted
to cover and how often you wanted it to update.

~~~
alexeldeib
I remember some really good public sites, but the quality cycled up and down
and the Pokemon devs fought back a bit. I used some tool that basically was
what OP described, but let me easily self-host a server. At the time I think
there was some hack where the server component could fake location, so you'd
just send it off to walk a geofenced area and could browse on mobile remotely
while playing the game. Ran it off my laptop, then a DO droplet. Good times.

------
jjice
> Designed to inspire your next Friday night hack.

I've been hit with some burnout recently, and this is the kind of inspiration
I need. Small, fun, short term project to get some juices flowing, as opposed
to forcing myself to work on personal projects I currently don't have passion
for, but feel I need to work on out of some weird sense of obligation.

Thanks, this is actually a really great help.

~~~
Insanity
Upvoted, it's also what eventually got me out of a burnout. Didn't program
side projects for a long time (apart from work) and then just started small
hackish things for personal use.

------
billme
To find more of these unofficial APIs, Google:

[site:github.com "unofficial" AND "API"]

Or click here:

[https://www.google.com/search?q=site:github.com+%22unofficia...](https://www.google.com/search?q=site:github.com+%22unofficial%22+AND+%22API%22)

------
fenwick67
Domino's Pizza has an unofficial API as well:

[https://github.com/RIAEvangelist/node-dominos-pizza-
api](https://github.com/RIAEvangelist/node-dominos-pizza-api) and
[https://pypi.org/project/dominos/](https://pypi.org/project/dominos/)

~~~
tornupinside
That's awesome. I've always wanted to set up my own hardware button to order
pizza for fun haha.

~~~
SaltyBackendGuy
Also: [https://github.com/ndmckinley/terraform-provider-
dominos](https://github.com/ndmckinley/terraform-provider-dominos)

------
cschneid
Awesome! I was just looking at integrating Omnifocus and Notion to keep better
notes and history of tasks, letting Omnifocus focus on just the task
management side of the world.

It'd be cool to link up a script that takes a new task in Omnifocus under the
right tag, and push a template into Notion for the note taking, and sync a
link back into the notes field of Omnifocus for quick access.

~~~
charlieegan3
Notion plan to release an API soon. They included in their pricing plan update
yesterday.

------
darth_avocado
No offense to the people who built this, but sharing your username and
password with random packages on the internet seems like a bad idea,
especially for finance apps.

~~~
aasasd
The bad idea in this scheme is to not take a look at what the code does,
considering these are open-source packages.

~~~
thephyber
I agree, but that's not sufficient in an open source software supply chain.
You also need to inspect the dependencies and you need to do this every time
you pull any new versions.

------
xur17
Tangentially related, but I've been working on something for merchant websites
(Amazon, Target, Walmart, etc) that you can feed a product url, and get back
product information (image, title, price, availability, etc). It takes ~10
lines of code to write a driver for a merchant, and they are fairly stable if
written properly.

My goal is to open source this, and allow anyone to contribute new / update
existing drivers. Would there be interest in something like this?

~~~
dastx
Please do. I'm tired of going to multiple sites to compare prices.

------
dhruvkar
Awesome!

I tried writing a CLI tool for ordering Chipotle, but I ran into some
dynamically generated headers, that made it near impossible to authenticate.
In the end, I gave up.

Would love to see more examples and see how issues like this can be handled!

~~~
itzael
I’ve had this come up a few times when doing API snooping, and what I’ve done
is decompiling the Android version (if available) of their app using jadx [1].
You get pretty legible Java, sometimes with Kotlin artifacts, sometimes with
obfuscation, but in combination with some MITM snooping you can see how
auth/headers/hashes are done. Sometimes you even find internal API endpoints
with a security issue or two.

[1]: [https://github.com/skylot/jadx](https://github.com/skylot/jadx)

~~~
dhruvkar
Thanks!

I've used jadx once before to decompile a steamship line app, but it was just
curiosity with no end goal in mind. Didn't try it with the chipotle app.

Next project!

------
FanaHOVA
I wrote a Ruby one for the NBA.com API but not sure if it still works though
as I haven't used it in a while (and also slightly embarrassed at some of the
code I wrote back then, which I guess is good!)

[http://github.com/FanaHOVA/nba_rb/](http://github.com/FanaHOVA/nba_rb/)

------
philshem
“Anything can be an API - if you are stubborn enough.”

~~~
smrq
This is distinctly more SFW than the similar aphorism I've heard.

------
eska
I tried playing Final Fantasy XI on a private server for a week, but found the
game to involve too much grinding. Then I noticed an SQL injection in their
auction house web page, which allowed me to dump prices of items at various
times and build a private API. I used this to inform my investment, got quite
wealthy and bought equipment for my toon, then quit the game shortly after.

------
BillinghamJ
Along similar lines, and unfortunately quite out of date at this point(!) but
I've maintained a list of Monzo Bank APIs for a while:

[https://github.com/billinghamj/monzo-
api](https://github.com/billinghamj/monzo-api)

------
me551ah
I love the tinder API. A few years ago I was planing to shift to another
locality in my city but couldn't figure out where. I eventually decided to
move to an area with the best looking women. Used the python tinder API to
move around the whole city with GPS coordinates while setting the shortest
possible radius and saved profile pictures tagging them with geo location. The
end result was a database of geolocation mapped to profile pictures of women
in that area.

~~~
pyromine
That's really freaking creepy...

~~~
bigiain
BRB: Going to pitch some real estate agents with an automated system to add
Tinder women with super hot profile pics tightly geolocated to their
realestate listings...

~~~
me551ah
There are hot women in your area

Here's the data in a spreadsheet

------
charlieegan3
Personally I’ve found using ‘private’ web APIs to be a bit of a mixed
blessing. Having side projects break with no notice is very frustrating, at
the same time they’re a huge improvement on scraping for ad-hoc tasks.

------
chpmrc
Does using an unofficial API authenticated with someone else (e.g. a
customer)'s account count as a violation of the ToS? In other words: who gets
reprimanded/sued? The final user or the messenger?

~~~
robrtsql
Don't all of these libraries require you to provide your own credentials?

I do think this violates their ToS anyways though.

~~~
chpmrc
I'm sure it would, in some cases at least. I'd be more interested in
understanding who gets the blame.

~~~
luckylion
The few things I clicked on are scripts/modules you'd run yourself, so they're
not really APIs in the commonly used sense, but website-wrappers that let you
use the website as if it was an API. In that case, the user and the messengers
are one and the same, the developer of the wrapper isn't involved at all in
the transaction.

If it was Unofficial-API-As-A-Service, I'm pretty sure both would be in
violation for most services. The user at least for sharing their account
credentials, the UAAAS provider likely for some thing in the fine print about
only being allowed to use the website for the intended purposes. I doubt
either will get sued, the user will get their account cancelled and the
provider will get their servers blocked and an angry letter from the lawyers
telling them to stop.

------
doc_gunthrop
Hacker News also has an unofficial API: [https://github.com/cheeaun/node-
hnapi](https://github.com/cheeaun/node-hnapi)

~~~
bhhaskin
It also has an official API:
[https://github.com/HackerNews/API](https://github.com/HackerNews/API)

------
bootcat
[https://github.com/deepanprabhu/duckduckgo-images-
api](https://github.com/deepanprabhu/duckduckgo-images-api)

------
imedadel
If too many people are using the unofficial API for a product, is it right to
assume that building a competing product offering a better official API, would
be successful?

~~~
elpatoisthebest
My guess is that the two things are unrelated, at least looking at this list.

The API itself isn't the reason people use the product.

------
hmhrex
That Notion API is pretty slick. His example of using it for task management
and dashboards is wild. May have to give that a whirl.

------
Alupis
Strange they list Coinbase as an "Unofficial API".

The trading API is very much so official, and dates back to the GDAX days.

~~~
thephyber
I think you misunderstand what this repo calls an "API".

The Coinbase "API" in this repo isn't the protocol (eg an HTTP REST API
implementation), but the 3rd party Python _library_ which speaks the
protocol[1].

[1] [https://github.com/danpaquin/coinbasepro-
python](https://github.com/danpaquin/coinbasepro-python)

~~~
Alupis
I must be lost then.

The python code is an implementation of a program that uses the Coinbase API
to make trades, fetch market data, etc.

In my day, we'd call that a Program, Library or an SDK. Definitely wouldn't
call that an "Unofficial API".

When I think of "Unofficial API", I think of an API that wasn't intended for
public use and is undocumented and supported by the company. Like the Pandora
API some music players have reversed... or the Pokemon GO API people are
talking about in this very thread.

Coinbase released, documented and supports their API. Anything that uses that
API to do things is just a program, or library.

~~~
tsukurimashou
Coinbase may have an official API, doesn't mean they support the Python
implementation of their API, hence the 'unofficial' as in 'not maintained by
the coinbase dev team'

These implementations are there for devs to save time and simply import the
API implementation as a module and use already made functions to do the API
calls

~~~
Alupis
OK, but what you described isn't an API then. It's a library.

The Coinbase team, to my knowledge, doesn't maintain any implementation...
making all implementations "Unofficial" in that sense.

I still fail to see how this python code is considered an "Unofficial API".

~~~
tsukurimashou
I agree it's a library but these days anything is being called an 'app' it's
kind of the same with API and API implementation (library). It makes it
confusing

------
xoxoy
Been meaning to do something with the Robinhood one

~~~
exabyte
take a look at Alpaca! particularly, the paper trading is a nice and easy way
to implement strategies w/no money on the line

------
raj_khare
How does this work? Using scrapping?

------
tylerjrichards
oh this is awesome! would be great for new data scientists as well

------
minimaxir
From a practicality standpoint, I strongly discourage using unofficial APIs,
as tech companies nowadays are very prone to sending out C&Ds. If you have a
use case where the official API doesn't suffice, then do not redistribute
anything obtained from the unofficial API, and _definitely_ do not attempt to
commercialize it.

~~~
altdatathrow
Max remember this is _Hacker_ news. You sound like you're on Nextdoor
complaining about the neighbors who are in clear violation of HOA yard
maintenance policies.

~~~
minimaxir
It's a warning to avoid wasting valuable time, speaking from experience.

I used to use unofficial APIs years ago. There's a reason I don't anymore.

------
rolstenhouse
I'm actually the current owner of this repo!! I started it because I love
working with unofficial APIs for fun hacks that improve my life. During
college, I had an alert that told me when the Krispy Kreme donuts were fresh
built off an unofficial API that promised enjoyable donuts.

If you're interested, I have a newsletter to update you when new repos are
added
[https://forms.gle/e8nCivpTBNftNtgGA](https://forms.gle/e8nCivpTBNftNtgGA) and
to feature interesting stories from the community.

~~~
dang
Please don't use multiple accounts to promote things on HN. The community
feels extremely strongly about this and will bring out the Searzalls and use
much less kind words than "using multiple accounts to promote things".

I'm going to leave the submission up because it struck a genuine chord with
people, but that's a lucky escape. Normally, the likelier outcome is bannage.

