Always use User-Agent: Appie/8.22.3
and Content-Type: application/json
Technically there is more information about your device and user ID after it, but the server does not seem to care
If you have a valid access_token
, add it as a header in request
Authorization: Bearer access_token
Get a token:
POST https://api.ah.nl/mobile-auth/v1/auth/token/anonymous
{
"clientId": "appie"
}
Returns:
{
"access_token": "USERID_ACCESSTOKEN",
"refresh_token": "REFRESHTOKEN",
"expires_in": 7199
}
Sign in via browser (set User-Agent
)
Visit https://login.ah.nl/secure/oauth/authorize?client_id=appie&redirect_uri=appie://login-exit&response_type=code
Login, page should reply with 303 See Other
and something like Location: appie://login-exit?code=CODE
Take CODE
and
POST https://api.ah.nl/mobile-auth/v1/auth/token
{
"clientId": "appie",
"code": "CODE"
}
Returns:
{
"access_token": "USERID_ACCESSTOKEN",
"refresh_token": "REFRESHTOKEN",
"expires_in": 7199
}
POST https://api.ah.nl/mobile-auth/v1/auth/token/refresh
{
"clientId": "appie",
"refreshToken": "REFRESHTOKEN"
}
Returns:
{
"access_token": "USERID_ACCESSTOKEN",
"refresh_token": "REFRESHTOKEN",
"expires_in": 7199
}
GET https://api.ah.nl/mobile-services/product/search/v2?query=QUERY&sortOn=RELEVANCE
See reply example in search.json
GET https://api.ah.nl/mobile-services/v1/receipts
See reply example in receipts.json
GET https://api.ah.nl/mobile-services/v2/receipts/TRANSACTIONID
See reply example in receipt.json
If you want to use this to crossmatch transactions from your bank statement, look for the text in "first": "Authorization code"
(and for old receipts it's "third":"Autorisatiecode"
)
Thanks! I'm attempting to drill down as much as possible into the sub-categories to reduce the amount of products that need to be checked per page. I've noticed that iterating on pages where you've set the page size to 1000 products will return a 400 error at around the 3rd page, smaller page sizes also seem to return a 400 error around that same page count. I'm assuming this is a limitation of the API but please correct me if I'm wrong here.