← Back to Scraping Central
Practice target. A fake marketplace built for scraping practice, no real businesses, people, or prices. View the matching lesson at Scraping Central / Learn.

Catalog108 / challenges / api/auth/api-key-in-js

API key hidden in JS bundle

advanced Matching curriculum →

What this challenge teaches

Teaches: Read the minified JS, extract the key, send it on subsequent requests.

Expected output: Send X-API-Key: <key> on ?json=1 → {"ok": true}.

Submit your scraper's JSON output to /challenges/api/auth/api-key-in-js/grade (grader endpoint is part of a later phase; URL is reserved now).

Read the <script> below, find the API key literal, send it on subsequent requests.

// Minified JS in the page source:
!function(){var e="C108_PUB_8A1F2D9E";window.__cfg={k:e};fetch("/api/products",{headers:{"X-API-Key":e}}).catch(function(){})}();
import re, requests
js = requests.get("https://practice.scrapingcentral.com/challenges/api/auth/api-key-in-js").text
key = re.search(r'"(C108_[A-Z0-9_]+)"', js).group(1)
r = requests.get("https://practice.scrapingcentral.com/challenges/api/auth/api-key-in-js?json=1",
                 headers={"X-API-Key": key})
print(r.json())