I'm reverse engineering a company's internal API to make a python client. In order to use it, the company requires three cookies — one indicating the premium key (on premium.website.com), the other reflecting the refresh and access token (on website.com), which are required for access. I looked at my browser and extracted the tokens from my cookies. However, I'm unable to get API access. Minimum viable example:
import requests
premium_session: requests.Session = requests.Session()
premium_session.cookies.set("premium_key", credentials["premium_key"], domain = "premium.website.com")
premium_session.cookies.set("access_token", credentials["access_token"], domain = ".website.com")
premium_session.cookies.set("refresh_token", credentials["refresh_token"], domain = ".website.com")
premium_endpoint = premium_session.get("https://premium.website.com/api/v1/endpoint")
print(premium_endpoint.cookies)
When I view the cookies method, I only see the cookie for premium.website.com, not website.com which is necessary to access the data.
I've tried messing around with the cookie domain, to no avail. I even tried making a request to website.com to see if that would fix the problem — it does not. When I view the API Endpoints in my browser, it works perfectly.
How can I fix this?
Alright wow, as I was working on this I miraculously discovered the fix — I simply needed to change the domain of the .website.com cookies to premium.website.com and it worked. Hopefully this helps someone someday!