Skip to content

API Exploration: Moneweb (canteen cards)

Jump to bottom
Marks Polakovs edited this page Sep 30, 2016 · 12 revisions

This page will document our exploration of the Moneweb "API".

Login

  1. GET http://sodexo-ecole-europeenne.moneweb.lu/default.aspx. There will be a number of hidden fields with names starting with __ (two underscores). At the time of writing these are __VIEWSTATE, __EVENTARGUMENT, __EVENTTARGET, __LASTFOCUS, __EVENTVALIDATION and __VIEWSTATEGENERATOR. The ASP.NET_SessionId cookie will be set, this will be needed later.

  2. POST to http://sodexo-ecole-europeenne.moneweb.lu/default.aspx (Content-Type: application/x-www-form-urlencoded) with all the aforementioned hidden fields unmodified, as well as:

  • login$ctl00$tbLogin: the username
  • login$ctl00$tbPassword: the password
  1. The result will be a 302 to http://sodexo-ecole-europeenne.moneweb.lu/convive/ on success or a 200 on failure.

Account Balance

POST to http://sodexo-ecole-europeenne.moneweb.lu/Services/profil.asmx/GetProfil (Content-Type: application/json). Don't forget the ASP.NET_SessionId cookie. Response will be in the format

{"d": "[encoded HTML gibberish]"}

A regex to parse out the balance is

([0-9]+,[0-9]{2})

Note: Be careful of locale. The decimal separator is a comma, which may need to be converted to a full stop.

Clone this wiki locally