×
  1. Home
  2. Knowledge Base
  3. Automation
  4. Automation Course Part 5 – Detective Work

Automation Course Part 5 – Detective Work

Welcome to the next article in our API development series! In this article, we will discuss how it is common for web apps to use an undocumented REST API under the hood, and how to use the Browser Inspector to examine these calls and use them to build your own tools.

Many web applications use APIs to communicate with their backend systems. However, not all APIs are documented publicly, which can make it difficult for developers to understand how to use them. In these cases, developers can use the Browser Inspector to examine the API calls that the web application makes to its backend system.

Here are the steps to use the Browser Inspector to examine the API calls:
Step 1: Open the Browser Inspector
Open your web browser and navigate to the web application that you want to examine. Then, open the Browser Inspector by pressing F12 or right-clicking on the page and selecting “Inspect”.

Step 2: Navigate to the Network tab
In the Browser Inspector, navigate to the Network tab. This tab displays all the HTTP requests and responses made by the web application.

Step 3: Trigger an action
Trigger an action in the web application that you want to examine. For example, if you want to examine how the web application retrieves data, perform a search or click on a button that triggers data retrieval.

Step 4: Examine the API call
In the Network tab, look for the API call that corresponds to the action that you triggered (there may be quite a few!). The API call will be listed with the method (e.g., GET, POST), the URL, and the status code.

Click on the API call to view its details, including the request and response headers and body. Typically, the response will be formatted as a JSON object.

Step 5: Use the API call to build your own tools
Once you have examined the API call, you can use it to build your own tools. You can mimic the API call in your own code, using the same HTTP method, URL, headers, and parameters. This can be particularly useful if the API is not documented publicly or if you want to integrate the web application’s functionality into your own application. Chrome and Edge have the ability to right-click a request and create a PowerShell version of the same request:

(note: recommend changing this from Invoke-WebRequest to Invoke-RestMethod, as highlighted above.)

This is just a first step–you’ll need to figure out how to authenticate (generate a session), for instance. Often, there’s a “/login” endpoint for the API as well that can be mocked to generate a websession.

Related Articles

Need Support?

Can't find the answer you're looking for?
Contact Support