Awesome!
I tried writing a CLI tool for ordering Chipotle, but I ran into some dynamically generated headers, that made it near impossible to authenticate. In the end, I gave up.
Would love to see more examples and see how issues like this can be handled!
I’ve had this come up a few times when doing API snooping, and what I’ve done is decompiling the Android version (if available) of their app using jadx [1]. You get pretty legible Java, sometimes with Kotlin artifacts, sometimes with obfuscation, but in combination with some MITM snooping you can see how auth/headers/hashes are done. Sometimes you even find internal API endpoints with a security issue or two.