api doc

[rliegmann]

Hello

great work
Do you have the API Documentation or even found out?

[leftshift]

Hey,
unfortunately, there's no official api documentation. The most important thing is to include
'X-MVG-Authorization-Key': 5af1beca494712ed38d313714d4caff6 in the HTTP headers when sending a request to the api.

All the different api endpoints are at the beginning of the code, so if you don't want to or can't reverse engineer the code, you can just start poking around at those endpoints, the responses are pretty self-explainatory.

There are also some example responses in the documentation.

[filipre]

seems like the MVG has top notch security measures 🙂

[truePhilipp]

Why is the X-MVG-Authorization-Key needed?
When I send requests to the api without the key I still get the results.

Did you find the endpoints yourself?
Or how did you get them?

[leftshift]

Huh, that's interesting. It definitely used to be required, that obviously changed at some point, maybe back when the station ID format changed (#15).

The endpoints were originally found by looking at what the mvg.de website does. It now sends a X-Api-Token header which doesn't seem to be required, but may be used for things like rate limiting. In any case, we can probably remove the old X-MVG-Authorization-Key and hope they just leave their api public now.