Different results between postman and browser requests

Hi, I’m trying to simulate a login on the Disneyworld.disney.go.com website, but when I request the login URL from postman, it says that the credentials are wrong (the same used in the browser).

I used the Postman interceptor to clone the browser request but I get different results.

Could anyone help me to understand what’s going on and how to solve?

What does the request you’ve got in Postman look like.

Please note. Unless Disney offer an dedicated API to allow you to authenticate, then screen scraping the login may get detected as a hack attempt.

Postman Interceptor is good, but make sure you are allowed to use it with the associated website.

1 Like

Hum… tks… in fact I think they wouldn’t allow this kind of automation.

My intention is to use my own credentials to simulate a browser login and monitor dining reservations availability.

I thought Postman could clone the same request, authenticate, and give me the token, then I would call the dining API and handle the results to find a reservation.

It probably can, and the interceptor is the starting point but it can be complex and depends on how the authentication is handled.

Some modern websites uses cookies for the authentication. So its not always obvious how this is working and you usually have to piece together several requests to work out how the authentication is actually working.

At work, we use OAuth 2.0 and the details are stored in cookies, but we can also fall back to other OAuth 2.0 methods so I would usually pick a method that is easier to automate like client credentials or password. All this is fairly straight forward when you have documented API’s to work from.

As mentioned I suspect that Disney will have a reasonably high level of security and this might get flagged as suspicious behaviour.

If they have publicly available API’s for this, then that would be a different matter.

If they don’t have public API’s, I wouldn’t recommend doing this.

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.