API v2 Research

How to do this

Use MITMProxy, Fiddler2, Charles Proxy or whatever, install the CA certificate on your phone (Emulator or real Android phone) and make the phone connect through the proxy. Now use Snapchat. Quit SnapChat and take a look at them nice connection logs, every POST or GET request the application has ever made.

Notes

This is not for any malicious use, I just wanted to know what SnapChat does behind the application, and if anyone else is interested then here take a look.

The application makes a lot of requests to Crittercism, it sends off almost every movement performed in the application. Snapchat also has it's own "in house" analytics system, and that posts data every now to find out when you open the app.

Request headers

• User-Agent : Snapchat/8.1.1 Beta (Android SDK built for x86; Android 19; gzip)
• Accept-Language : en
• Accept-Local : en_US
• Content-Type : application/x-www-form-urlencoded
• Host : feelinsonice-hrd.appspot.com
• accept-encoding : identity
• Content-Length

Response headers

• Content-Type : application/json; charset=UTF-8
• X-Snapchat-Notice : Snapchat Private APIs - Unauthorized use is prohibited. (Don't laugh please)
• Vary : accept-encoding
• Date
• Server : Google Frontend
• Cache-Control : no-cache, no-store or private
• Alternate-Protocol : 443:quic,p=0.02
• Transfer-Encoding : chunked

/ph/device

Description

Honestly, no idea what it does.

Request

• device_token : 162 char long string containing - _ - random UUID maybe
• username
• type : android is hardcoded into the APK
• timestamp
• req_token
• features_map : {}

Response :

No content.

/loq/register

Description

Used to create a new user.

Request

• email
• birthday (YYYY-MM-DD)
• password
• age (Bit stupid seeing that you provide your birth date. Example : 22)
• timestamp
• req_token
• features_map : {}

Response

• email
• should_send_text_to_verify_number : Boolean
• snapchat_phone_number : +17864088365
• auth_token
• logged : Boolean

/loq/register_username

Description

Allows a user to associate a username with his / her newly created account.

Request

• username : Don't be fooled, this is your email address
• selected_username : The username you want to have
• timestamp
• req_token
• features_map : {"all_updates_friends_response":true}

Response

If successful then the response should be the same as/loq/all_updates

/bq/phone_verify - Verification request

Description

Used to request phone verification

Request

• countryCode : ISO Country code
• action : updatePhoneNumberWithCall or updatePhoneNumberWithMessage
• phoneNumber
• username
• timestamp
• req_token
• features_map : {}

Response

• action : confirm
• message : We're calling your number now with a verification code.
• param : The phone number with country code (Example : +33102030405)
• logged : Boolean

/bq/phone_verify - Verification time

Description

Verification of the verification code

Request

• action : verifyPhoneNumber
• username
• code : 6 digit verification code
• timestamp
• req_token
• features_map : {}

Response

• allowed_to_use_cash : NON_US_USER
• message : Phone number updated!
• param : The phone number with country code (Example : +33102030405)
• logged : Boolean

/loq/all_updates

Description

This is the greatest endpoint of them all containing most of the information, long and painful to document though...

Request

• username
• timestamp
• req_token
• features_map : {"all_updates_friends_response":true}
• checksums_dict : Empty variable

Response

• background_fetch_secret_key : 44 character string containing / + =
• conversations_response : Array
  • conversation_messages : Array
    • Messages : Array
      • chat_message : Array
        • body : Array
          • text : The message text
          • type : text
        • chat_message_id : 36 character string containing -
        • header : Array
          • conv_id : ToUsername~FromUsername
          • from : username
          • to : Array of usernames
        • id : 36 character string containing -
        • seq_num : Order of display in SnapChat (Example : 5)
        • timestamp : (Example : 1419936429914)
        • type : chat_message
      • iter_token : Strange string "{\"FromUsername\":seq_num}~{}. This follows every chat message
      • snap : Array
        • id : 19 character string with 18 digits then s or r like before
        • m : Media type
        • sn : Snap sender (Applicable when the snap is for you)
        • rp : Snap receiver (Applicable when the snap is from you)
        • st : Media state
        • sts : Time sent
        • t : Time viewable in seconds
        • timer : Time viewable in seconds as a float
        • ts : Time last interacted with
    • messaging_auth : Array
      • mac : 44 character string containing _ ending with =
      • payload : 120 character string
  • conversation_state : Array
    • user_chat_releases : Array
      • FromUsername : Array with FromUsername as key and number of snaps received from that person as key.
    • user_sequences : Array with FromUsernames as key and number of snaps received from that person as key.
    • user_snap_releases : Array (To be continued)
  • id : ToUsername~FromUsername
  • last_chat_actions : Array
    • last_write_timestamp
    • last_write_type : Media type of last message (Example : text)
    • last_writer : Sender of last message
  • last_interaction_ts
  • last_snap :
    • id : (Example : 1r)
    • m : Media type
    • sn : Sender name (Applicable when the snap is for you)
    • rp : Recipient name (Applicable when the snap is from you)
    • st : Media state
    • sts : Time sent
    • ts : Time of last interaction
  • participants : Array of participants in the conversation
  • pending_chats_for : Array of users who haven't opened the last message
  • pending_received_snaps : Array
    • Array
      • id : Snap id
      • m : Media type
      • sn : Sender name (Applicable when the snap is for you)
      • rp : Recipient name (Applicable when the snap is for you)
      • st : Media state
      • sts : Time sent
      • t : Time viewable in seconds
      • timer : Time viewable in seconds, but a float
      • ts : Time of last interaction
• conversations_response_info : Array
  • is_delta : Boolean
• friends_response : Array
  • added_friends : Array of friends added (To be continued)
  • bests : Array of best friends (To be continued)
  • friends : Array
    • Array
      • add_source : ADDED_BY_USERNAME
      • can_see_custom_stories : Boolean
      • direction : OUTGOING or INCOMING
      • display : User display name
      • name : Username
      • type : Type of friend (Example : 0)
• messaging_gateway_info : Array
  • gateway_auth_token : Array
    • mac : 44 character string containing - ending with =
    • payload : 72 character string ending with =
  • gateway_server : Server IP and port (Example : 23.251.149.90:443)
• server_info : Array
  • response_checksum : Array as a string
    • updates_checksum : 32 character string (MD5)
    • friends_checksum : 32 character string (MD5)
    • stories_checksum : 32 character string (MD5)
    • conversations_checksum : 32 character string (MD5)
  • response_compare_result : equal or not_equal
  • response_compare_results_dict : Array as a string
    • updates_checksum : equal or not_equal
    • friends_checksum : equal or not_equal
    • stories_checksum : equal or not_equal
    • conversations_checksum : equal or not_equal
  • server_latency : Ping result in ms (Example : 39)
• stories_response : (This part is pretty empty, haven't tried it with friends yet, gonna leave the house and find some, brb)
  • friend_stories : Array (To be continued)
  • friend_stories_delta : Boolean
  • mature_content_text : Array
    • message : The red exclamation mark on this Story indicates that Stories posted by this user may not be suitable for sensitive viewers. Do you wish to continue? After selecting 'Yes', you will never be prompted again.
    • no_text : No
    • yes_text : Yes
    • title : Content Warning
  • my_group_stories : Array (To be continued)
  • my_stories : Array (To be continued)
• updates_response : Array
  • added_friends_timestamp : I suppose it's the last time you added a friend. I don't have any I wouldn't know.
  • allowed_to_use_cash : NON_US_USER(Need someone from the US to get us Snapcash details)
  • auth_token
  • birthday : Kind reminder of your birthday (YYYY-MM-DD)
  • blocked_from_using_our_story : Boolean
  • can_view_mature_content : Boolean
  • cash_customer_id : Username
  • cash_provider : SQUARE
  • client_properties : Array
    • snapcash_new_tos_accepted : Boolean
    • snapcash_tos_v2_accepted : Boolean
  • contacts_resync_request : (Example : 1)
  • country_code : ISO 2 letter country code
  • current_timestamp : A current UNIX timestamp. Thanks for that.
  • device_token : Empty
  • email
  • enable_video_transcoding_android : Boolean
  • feature_settings : Array
    • front_facing_flash : Boolean
    • power_save_mode : Boolean
    • replay_snaps : Boolean
    • smart_filters : Boolean
    • special_text : Boolean
    • swipe_cash_mode : Boolean
    • visual_filters : Boolean
  • image_caption : Boolean
  • is_cash_active : Boolean
  • logged : Boolean
  • mobile : Phone number with country code (Example : +33102030405)
  • mobile_verification_key : Base64 encoded string with 4 digit code and username (Example : 1234:Username)
  • notification_sound_setting : ON or OFF
  • number_of_best_friends
  • received : Number of received snaps
  • recents : Array containing usernames of recently interacted friends
  • requests : Array (To be continued)
  • score : Your snapchat score
  • searchable_by_phone_number : Boolean
  • sent : Number of sent snaps
  • should_call_to_verify_number : Boolean
  • should_send_text_to_verify_number : Boolean
  • snap_p : Account privacy setting
  • snapchat_phone_number : (Example : +17864088362)
  • store_privacy : Story privacy setting
  • study_settings : Array
    • DELTA_RESPONSE : Array as a string
      • experimentId : 1
      • CONVERSATIONS_DELTA : on or off
      • FRIENDS_STORY_DELTA : on or off
    • USE_VIDEO_STABILIZATION : Array as a string
      • experimentId : 0
      • option : on or off
  • user_id : 36 character string containing -
  • username

/ph/upload

Description

Used to upload media to the server

Request

• data : Encrypted image data
• media_id : Username in capitals and a random media ID
• type : Media type
• username
• req_token
• timestamp
• features_map : {}

Response

No content.

/loq/send

Description

Used to send media to users

Request

• time : Snap countdown timer (Float)
• recipients : Array of usernames
• media_id : The media id used when uploading the media
• zipped : (Example : 0)
• username
• req_token
• timestamp
• features_map : {}

Response

• snap_response : Array
  • snaps : Array
    • [ToUsername] : Array
      • id : The snap's ID
      • timestamp
  • success : Boolean

/loq/conversations

Description

Used to check for new conversations

Request

• checksum :
• offset : [TimestampOfLastMessage]ToUsernameFromUsername
• username
• req_token
• timestamp
• features_map : {"all_updates_friends_response":true}

Response

• server_info : Array
  • response_checksum : 32 character string (MD5)
  • response_compare_result : equal or not_equal
  • server_latency : Ping time in ms (Example : 39)

/bq/chat_typing

Description

Informs the server and recipient that the user is typing

Request

• recipient_usernames : Array of usernames
• username
• req_token
• timestamp
• features_map : {}

Response

No content.

/ph/find_friends

Description

Used to find users by phone number

Request

• countryCode : ISO 2 letter country code
• numbers : Array with display name as key and phone number as value (The official client sends off all numbers at once. Maybe there is no limit ?)
• username
• req_token
• timestamp

Response

• logged : Boolean
• results : Array
  • Array
    • display : Name provided as display name in the request
    • name : Username
    • type : User's privacy setting