The Setup

Few Tools Necessary

Fiddler

- http://www.telerik.com/fiddler

- fiddler is a wonderful free http proxy built for debugging.

- During the install you will be prompted to add the fiddler SSL cert to your CA. Make sure you do this and select the "Download to Desktop" option as well. You will need to transfer that to your phone(for SSL decryption)





Curl

- Open your shell and type "man curl" if your not familiar with curl. You will want to be.









I fired up fiddler and started intercepting traffic from my phone. You can then watch the requests to the tinder API go out and read the responses. Here is the lowdown on the process for making API calls from your shell. The first thing you need to do is make the call to the Facebook API to get your authentication. The easiest way to get this info is to log out and log back in form your phone while you are running though fiddler. In fiddler you will see a request go out of your phone to https://api.facebook.com/method/auth.androidauthorizeapp. The response to this request is a JSON object that contains the access_token key. It is the value associated with this key that is important to us.

Next we will open up a shell and use curl from here. Now we are going to call the auth section of the Tinder API and start our session. Our next command is as follows:





curl -H "Content-Type: application/json" -d '{"facebook_token":"<your access_token>"}' https://api.gotinder.com/auth









If you want to know more about me or you are looking for someone with my skill set my contact info can be found at Note the addition of the content-type header. You will need this for your commands to properly be interpreted by the server. This command will return you a JSON object with the key "token". This token is going to be very important as it is what allows us to make authenticated calls to the API. Anytime you see me refer to auth_token this is the token I am referring too. From here on out we are going to be adding another header to our curl calls. We will need to add the header for our authentication, You will see this in the next example. From here it was just a matter of playing with anything that made an API call on my phone and looking at the URL for the request and the object that was sent and mimicking this is curl with my authentication header. I will now give a few examples of some of the API calls. I encourage everyone to setup a lab and play with this yourself. You can run the same process against any API. Throw data at the functions and see what happens. Happy tinkering.If you want to know more about me or you are looking for someone with my skill set my contact info can be found at atarimaster.us









Pull info on 20 people in your area:

curl -H "Content-Type: application/json" -H "X-Auth-Token: <your auth_token>" -d '{"limit": 20}' https://api.gotinder.com/user/recs





Change Your Current Location:

curl -H "Content-Type: application/json" -H "X-Auth-Token:<your auth_token>" -d '{"lon":12.8067812,"lat":69.0881643}' https://api.gotinder.com/user/ping

Like A User curl -H "X-Auth-Token:<your auth_token>" https://api.gotinder.com/like/<user's_id>

Pass On A User curl -H "X-Auth-Token:<your auth_token>" https://api.gotinder.com/pass/<user's_id>

Pull New Activity(Matches Messages Etc) curl -H "Content-Type: application/json" -H "X-Auth-Token: <your auth_token>" -d '{"last_activity_date":"<Last Date To Check From>"}' https://api.gotinder.com/updates

*Last Date is in form "2015-03-14T03:48:29.002Z"

Pull Users Info curl -H "X-Auth-Token:<your auth_token>" https://api.gotinder.com/user/<user's_id>























What would possible posses someone to spend a Friday night trying to learn the inner workings of the Tinder API? Me that's who. I was trying to think of a project involving social media and I thought it would be fun to write a bot that sits on tinder. The bot would spam accept every person it finds periodically moving location for maximum reach. The idea from there is that when a spammers account get hit it will match with my bots account. The spam account will then send me an automated message with a link to whatever site they are advertising for. My bot would monitor for incoming messages and when they came in run a Bayesian algorithm on the message and report the account if it is detected as spam. The first part of making this a reality was to find out how to call the Tinder API. I am sure someone out there has already documented this but, I feel like doing a little tinkering so this feels like a perfect opportunity.