NikePlus hosted many my past run metrics however, they don't provide a way to export them for the customers and yet their API seems open to their partner which sounds kind of evil.
Anyways, because of that, there is definitely a simple HTTP/JSON API and we can fetch all metrics from their website.
To acquire the access, the API is using OAuth 2.0, thus need to get an access token, which is not easy by using normal OAuth authorization steps because we can't create client ID for their API. However, nike.com
and their website itself is using same API and it's really easy to get own access token from the response.
Open https://www.nike.com/us/en_us/p/myactivity and login, then see developer console.
Unfortunately, Nike discontinues viewing activities on the web.
To get bearer token, run Charles Proxy on iPhone with SSL proxy enabling, then see the access to api.nike.com
.
There are bunch of requests made to api.nike.com
and find the one has Authorization
header with Bearer
token. It seems like Base64 JSON data includes session tokens with digest.
If we can get this Bearer
token, then we can call their API to fetch all metrics.
There are bunch of API endpoints to access historical metrics however, there are only two API endpoints which we need to fetch past run metrics.
Use this endpoint first to start fetching activities, by giving 0
as a time
. time
is an integer value of UNIX epoc milliseconds.
$ curl -v -H "Authorization: Bearer ${bearer_token}" 'https://api.nike.com/sport/v3/me/activities/after_time/0'
{
"activities": [
{
id: "${activity_uuid}"
},
...
],
"paging": {
"after_time": ${after_time},
"after_id": "${after_activity_uuid}"
}
}
This API response returns limited amount of latest activities from the given time. Thus, we might need to paginate to get older activities. In that case, you might see after_id
key in paging
.
Use this endpoint to fetch another list activities to reach beginning. If paging
has only before_id
key, then it is last page.
To get GPS locations, heart rates and detailed activity metrics, use this API endpoint with activity_uuid
, that we can get by sport/v3/me/activities/
endpoint.
Give metrics=ALL
to get all details of the activity metrics.
$ curl -v -H "Authorization: Bearer ${bearer_token}" 'https://api.nike.com/sport/v3/me/activity/${activity_uuid}?metrics=ALL'
{
"id": "${activity_uuid}",
"type": "run",
...
"summaries": [
{
"metric": "distance",
...
},
...
],
...
"metric_types": [
"distance",
"rpe",
"pace",
"latitude",
"heart_rate",
"calories",
"nikefuel",
"speed",
"longitude"
],
"metrics": [
{
"type": "distance",
"unit": "KM",
...
"values": [
{
...
},
...
]
},
...
],
"moments": [
...
]
}
Here, metrics
contains all detailed metrics of distance, latitude and longitude etc.
@yasoob I tried to obtain the bearer token by running Charles and enabling SSL proxying for api.nike,com, but Charles only shows CONNECT requests for that domain and there is a spinner shown which spins indefinitely after the list of my runs in the NRC app. I think that is because the runs it is able to show are fetched from local cache and there is a request to fetch more in case the cache doesn't have them all which never finishes because Charles interferes with the application which probably started using certificate pinning which might be why I am not able to see the bearer token in Charles.
Do you think this is possible or are you still able to obtain the bearer token just fine?
Edit: Shit, I only now read the comment by @butnaruandrei which mentions how to get the token on web. But I think the endpoint name was changed to
https://api.nike.com/identity/user/v1/{guid}/read
. This request seems to have theAuthorization
header.