I'm trying to reverse engineer the Bumble dating app, but I'm hitting a wall with some endpoints that are returning a 400 error. I've got Interceptor on, so it should sync all the cookies from my browser. However, when I try to send requests from Postman, they fail, even though the same requests go through perfectly in the browser after I resend them. I've double-checked to ensure I'm not using any Postman-specific cookies. What techniques do sites like this use to detect and block requests from Postman?
2 Answers
You might want to check the User-Agent header. Sometimes sites use that to determine what kind of request is coming in. If it sees 'Postman' in there, it might block you.
Have you tried replicating all the HTTP headers exactly? Sometimes it’s not enough to just send the same data; you really need to match every little detail.
I'm copying the request directly from the browser, so all headers, parameters, and payloads should match.