|
|
|
|
|
|
by brendonjohn
2187 days ago
|
|
|
This is brilliant work, I'm hoping in part II we get to see it working against the API. I reverse engineered this in a production environment. It took approximately 7 months to build a scalable solution. The investigation on how to create the x-snapchat-client-auth token is brilliant. One day I hope to do a talk on what my old team did to circumvent it. There's a painful gotcha on the homestretch for this token: You may be creating the token, but it's not obvious what you're supposed to be using the method to sign. What do they use it for? As far as I could tell, it's so they can verify requests at the edge nodes of their network. When you provide a bad x-snapchat-client-auth, you get a near-instant 403. |
|
|