Getting "Forbidden" response from https://api.mobile.walmart.com/v4/mauth/get-token

[chuckinator0]

Hey, thanks for putting together this script. I'm playing around with it and getting this return value from posting to https://api.mobile.walmart.com/v4/mauth/get-token

Forbidden

1605741594-21206582306-10453480132-33291338

Any clues as to what's going on? Did Walmart lock down this API endpoint?

[nosamttam]

I fail on the same line, different error:
DEBUG - Running pre-signin tasks.
DEBUG - signing in with username = XXX, password=YYY
Traceback (most recent call last):
File "wallybot.py", line 318, in
runwally(args.username, args.password, args.cvv, args.offerid,
File "wallybot.py", line 273, in runwally
if walmart_signin(r, username, password):
File "wallybot.py", line 55, in walmart_signin
resp = json.loads(r.post('https://api.mobile.walmart.com/v4/mauth/get-token',
File "C:\Python38\lib\json_init_.py", line 357, in loads
return _default_decoder.decode(s)
File "C:\Python38\lib\json\decoder.py", line 337, in decode
obj, end = self.raw_decode(s, idx=_w(s, 0).end())
File "C:\Python38\lib\json\decoder.py", line 355, in raw_decode
raise JSONDecodeError("Expecting value", s, err.value) from None
json.decoder.JSONDecodeError: Expecting value: line 1 column 1 (char 0)

[chuckinator0]

@nosamttam yes, if you do a try/except ValueError for the response object, you’ll find that the json doesn’t decode properly because the response is forbidden.

I’m not sure where the bot detection string comes from, and I can’t find any documentation on that get-token api endpoint, so I gave up.