MyEdenred (Ticket Restaurant) app


Reading time: about 3 minutes

This page contains some general notes about the MyEdenred app. This is the app I use to pay for my lunches at work.

As expected, the application communicates with multiple tracking and analytics services.

Edenred API

https://etr-api.edenred.com.tr/MobileServices/1.2/VersionUpgrade

The application sends the current app version, Android version and the device model. It gets back the following response.

{
    "Data": {
        "AppVersionUpgradeURl": null,
        "ForceVersionUpgrade": false,
        "Header": null,
        "Message": null,
        "OptionalVersionUpgrade": false
    },
    "Status": false,
    "error": "",
    "success": true
}

https://etr-api.edenred.com.tr/MobileServices/1.2/token

The applications sends its refresh token and the device ID (why device ID? It’s not secure), gets back a new access token.

https://etr-api.edenred.com.tr/MobileServices/1.2/PasswordRules

https://etr-api.edenred.com.tr/EdenredTR.Services.Chatbot/1.0/Token

https://etr-api.edenred.com.tr/MobileServices/1.2/CombinedLogin

This endpoint is called CombinedLogin, but it’s not actually used for logging in. I suppose they used “login” as the home screen of the app you see after logging in.

You send it the device ID (again, why?), your current location (latitude and longitude), along with the access token you got from the /token endpoint.

The server responds with basically everything you see on the main screen. This includes.

Recent transactions

This is located in a key called card_transactions. It’s an array of objects. Each object looks like this.

{
  "rest_name": "Friendly Neighbourhood Burger",
  "tra_date": "03/07/2023", // Transaction date
  "tra_date_hour": "03/07/2023 19:00", // Transaction datetime
  "tra_amount": "150,8600", // Amount spent or added
  "tra_label": "HARCAMA", // HARCAMA (spend) or YÜKLEME (add)
  "tra_balance": "2500,9000", // The balance after the transaction
  "discount_amount": "0,0000",
  "loyalty_message": "",
  "campaign_code": "",
  "balance_type": ""
}

https://etr-api.edenred.com.tr/MobileServices/1.2/OnlineSales

https://etr-api.edenred.com.tr/MobileServices/1.2/OnlineSalesMerchants

https://etr-api.edenred.com.tr/MobileServices/1.2/TRLocationSearch

Send location, along with a search query. The server responds with a list of matching restaurants.

{
    "cat_code": "",
    "dep_code": "",
    "has_campaign": false,
    "is_market": false,
    "latitude": "41.01111",
    "limit": "100",
    "longitude": "29.01111",
    "rest_name": "",
    "twn_code": "",
    "usr_id": ""
}

https://etr-api.edenred.com.tr/MobileServices/1.2/MarketList

https://etr-api.edenred.com.tr/MobileServices/1.2/RCCampaigns

Misc stuff

Grabs the client IP from http://ip.jsontest.com/

Netmera.com

The app uses the netmera.com tracking/analytics API. All the communication happens over HTTPS, and every request seems to be a POST request.

Headers

X-Netmera-App-Key

This header is sent with the value edenredprod. Does this imply the existence of a edenreddev or edenredtest app key?

X-Netmera-Api-Key

Sent with the value 77MNEli8Vfzfl6T_eB8P_BqbkiCJ_vtMa7ILrkRJEV2oDx__GaSyiA.

X-Netmera-Sdkv

Clearly the SDK version. Sent with the value 3.9.4.

X-Netmera-Provider

Sent with the value google.

X-Netmera-Os

Sent with the value ANDROID.

Content-Type

Sent with the value application/json; charset=UTF-8.

Endpoints

https://sdkapi.netmera.com/sdk/3.0/session/init

On startup, the app sends a POST request to this endpoint. The request body is a JSON object. It contains the following fields.

{
    "cfgV": 112, // Configuration version?
    "ids": {
        "did": "123123123", // Device ID?
        "iid": "123123123", // Instance ID?
        "sid": "123123123",  // Session ID?
        "uid": "123123123", // User ID?
        "xid": "919bdd1c-b7ab-422a-a47d-e2d40ddf855f" // Some UUID
    },
    "info": {},
    "ts": 1688580747020, // Unix timestamp in milliseconds
    "tz": 10800 // Timezone offset in seconds (3 hours)
}

The same ids object is sent with every request.

https://sdkapi.netmera.com/sdk/3.0/event/fire

https://sdkapi.netmera.com/sdk/3.0/user/update

Appcenter.ms

Endpoints

https://in.appcenter.ms/logs?api-version=1.0.0

Seems to be a pretty simple logging endpoint.

The following pages link here

Citation

If you find this work useful, please cite it as:
@article{yaltirakliwikimyedenredticket,
  title   = "MyEdenred (Ticket Restaurant) app",
  author  = "Yaltirakli, Gokberk",
  journal = "gkbrk.com",
  year    = "2024",
  url     = "https://www.gkbrk.com/wiki/myedenred-ticket/"
}
Not using BibTeX? Click here for more citation styles.
IEEE Citation
Gokberk Yaltirakli, "MyEdenred (Ticket Restaurant) app", December, 2024. [Online]. Available: https://www.gkbrk.com/wiki/myedenred-ticket/. [Accessed Dec. 17, 2024].
APA Style
Yaltirakli, G. (2024, December 17). MyEdenred (Ticket Restaurant) app. https://www.gkbrk.com/wiki/myedenred-ticket/
Bluebook Style
Gokberk Yaltirakli, MyEdenred (Ticket Restaurant) app, GKBRK.COM (Dec. 17, 2024), https://www.gkbrk.com/wiki/myedenred-ticket/

Comments

© 2024 Gokberk Yaltirakli