admin/Flights
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial commit: Flights iOS app

Browse Source 
Flight search app built on FlightConnections.com API data.
Features: airport search with autocomplete, browse by country/state/map,
flight schedules by route and date, multi-airline support with per-airline
schedule loading. Includes 4,561-airport GPS database for map browsing.
Adaptive light/dark mode UI inspired by Flighty.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Trey t
2026-04-08 15:01:07 -05:00
commit 3790792040
46 changed files with 5116 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

155
api_docs/SUMMARY.md Normal file
View File

@@ -0,0 +1,155 @@
# Airline Load Data API Summary
Goal: Get **number of open seats** and **number of people on standby list** per flight.
---
## United Airlines - BEST
### Endpoints
| Endpoint | URL |
|----------|-----|
| **Standby List** | `POST https://mobileapi.united.com/standbylistservice/api/GetStandbyList` |
| **Upgrade List** | `POST https://mobileapi.united.com/upgradelistservice/api/GetUpgradeList` |
| Flight Status | `GET https://mobileapi.united.com/flightstatusservice/api/GetFlightStatus_UAandStar` |
| Flight Status (segment) | `GET https://mobileapi.united.com/flightstatusservice/api/GetSegmentFlightStatusWithDestination_UAandStar` |
| Pass Rider List | `POST https://mobileapi.united.com/passriderlistservice/api/PassRiderList` |
### Data Fields (confirmed from embedded mock JSON)
- `CustomersOnStandbyList` — list of passengers on standby
- `SeatsAvailable` — available seat count (nullable)
- `AvailabiltyCount` — availability count string
- `ShowStandby` — whether standby is shown for segment
- `enableStandbyList` — boolean toggle on flight status
- `enableUpgradeList` — boolean toggle on flight status
- `businessStandByList` — business class standby list
- `standByListPassengers` — passenger details
- `availableSeat11AMto5PM` / `availableSeatBefore11AM` / `availableSeatAfter5PM` — time-bucketed availability
### Security
- No SSL pinning
- No PairIP/anti-tamper
- No emulator detection
- Auth: session-based (needs login token)
### Completeness: 95%
- Open seats: YES (`SeatsAvailable`, `AvailabiltyCount`, time-bucketed seat fields)
- Standby count: YES (`CustomersOnStandbyList`, `standByListPassengers`)
- Standby names: YES (passenger objects)
- Upgrade list: YES (separate endpoint)
- Missing: Need to capture actual API request body format. Can do via emulator + mitmproxy since no protections exist.
---
## Delta Air Lines - GOOD
### Endpoints
| Endpoint | URL |
|----------|-----|
| **Airport Standby List** | `POST https://www.delta.com/api/mobile/asl` |
| Upgrade Eligibility | `POST https://www.delta.com/api/mobile/getUpgradeEligibilityInfo` |
| Flight Status | `POST https://www.delta.com/api/mobile/getFlightStatus` |
| Flight Status by Leg | `POST https://www.delta.com/api/mobile/getFlightStatusByLeg` |
### Data Fields
- `seatsAvailableCount` — number of open seats
- `seatsRemainingLabel` — display text for remaining seats
- `upgradeCount` — number on upgrade list
- `UpgradeSeatRemaining` — seats remaining per cabin class
- `getClearedStandbyPassengers` — passengers who cleared
- `getWaitingStandbyPassengers` — passengers still waiting
- `getStandbyTotalWaitList` — total on standby waitlist
- `getStandbySeatRemaining` — seats available for standby
- `standbyPriority` / `standbyPriorityCode` — priority info
- `hasStandbyFlightNoSeatsAvailable` — boolean indicator
### Security
- No SSL pinning
- No PairIP/anti-tamper
- No emulator detection
- Auth: session-based via `/api/mobile/login`
### Completeness: 90%
- Open seats: YES (`seatsAvailableCount`, `UpgradeSeatRemaining` per cabin)
- Standby count: YES (`getStandbyTotalWaitList`, cleared vs waiting)
- Standby names: YES (`StandbyPassengerPositionView`, `StandbyPassengerStatusAdapter`)
- Upgrade list: YES (`upgradeCount`, `upgradeList`)
- Missing: Need to capture actual request/response JSON format. Can do via emulator + mitmproxy. Need to determine if auth is required or if ASL endpoint works without login.
---
## Spirit Airlines - PARTIAL
### Endpoints
| Endpoint | URL |
|----------|-----|
| **BOA Status** | `POST https://api.spirit.com/customermobileprod/2.8.0/v1/getboastatus` |
| BOA Parameters | `GET https://api.spirit.com/customermobileprod/2.8.0/v1/getboaparameters` |
| Flight Search | `POST https://api.spirit.com/customermobileprod/2.8.0/v5/Flight/Search` |
### Data Fields
- `isStandby` — boolean standby flag
- `standby` — standby details on segment
- `boaStatus` — Board of Availability status
- `capacity` — flight capacity
- `availableUnits` — available units
### Security
- No SSL pinning
- No PairIP/anti-tamper
- Akamai Bot Manager present (may block non-app requests)
- Auth: token-based via `/v2/Token`
### Completeness: 50%
- Open seats: UNCLEAR — `availableUnits` and `capacity` exist but unclear if they represent seat counts. Spirit may not expose granular seat availability.
- Standby count: UNCLEAR — `boaStatus` exists but the response format is unknown. Spirit's BOA system is simpler than Delta/United.
- Standby names: UNCLEAR — no `StandbyPassenger` model found. May only show status, not individual passengers.
- Missing: Need actual API call to determine what `getboastatus` returns. Emulator capture needed. Spirit may have a more limited standby system (being an ULCC).
---
## American Airlines - BLOCKED
### Endpoints
| Endpoint | URL |
|----------|-----|
| Flight Status (web) | `POST https://www.aa.com/flightinfo/v1.2/` |
| Standby/Waitlist | **UNKNOWN** — mobile app only, SSL pinned |
### Data Fields (from iOS app screenshot)
- "Available seats: 23" — seat count per cabin
- Passenger names on standby list
- Standby vs Upgrade lists
- Cabin-specific breakdown
### Security
- SSL pinning on key domains
- PairIP anti-tamper on Android (crashes on emulators)
- Akamai WAF on web endpoints
### Completeness: 20%
- Open seats: CONFIRMED EXISTS (screenshot shows "Available seats 23") but API endpoint unknown
- Standby count: CONFIRMED EXISTS (screenshot shows passenger list) but API endpoint unknown
- Flight status: CAPTURED (`/flightinfo/v1.2/` — gates, times, status, equipment)
- Missing: The standby/waitlist API endpoint is mobile-app-only, protected by SSL pinning (iOS) and PairIP (Android). Cannot be captured without jailbroken iOS device or rooted physical Android with Magisk+Shamiko.
---
## Action Items
### Immediately actionable (no additional capture needed):
1. **AA Flight Status**`/flightinfo/v1.2/` is working. Can get gates, times, delays, equipment.
### Needs emulator + mitmproxy capture (no protections, straightforward):
2. **United Standby List** — Boot emulator, install APK, login, call `GetStandbyList`. No pinning/anti-tamper. Full data including seat counts and passenger names.
3. **Delta ASL** — Same approach. Boot emulator, install APK, login, call `/api/mobile/asl`. Full data.
4. **Spirit BOA** — Boot emulator, install APK, login, call `/v1/getboastatus`. Determine what data is actually returned.
### Requires physical device:
5. **AA Standby/Waitlist** — Needs jailbroken iPhone + SSL Kill Switch, or rooted physical Android + Magisk + Shamiko + Frida.
### Priority order for implementation:
1. **United** (most data, easiest to capture, dedicated standby service endpoint)
2. **Delta** (rich data model, no protections)
3. **Spirit** (uncertain data granularity)
4. **AA** (blocked without specialized hardware)

154
api_docs/delta_api.md Normal file
View File

@@ -0,0 +1,154 @@
# Delta Air Lines Mobile API
Extracted from `com.delta.mobile.android` v6.7 (build 24019)
## Base URLs
| Environment | URL |
|-------------|-----|
| Production | `https://www.delta.com` |
| CDN | `https://content.delta.com` |
| Embed Web | `https://api.delta.com/embedweb` |
## Key Endpoints
### Airport Standby List (ASL)
```
POST https://www.delta.com/api/mobile/asl
```
**This is the standby/upgrade list endpoint.** Uses `AirportStandbyListRequest` with fields:
- `departureDate` — flight departure date
- Request likely includes flight number, origin, destination
- Returns `AirportUpgradeStandbyModel` with upgrade list and standby list data
### Flight Status
```
POST https://www.delta.com/api/mobile/getFlightStatus
POST https://www.delta.com/api/mobile/getFlightStatusByLeg
```
### Upgrade Eligibility
```
POST https://www.delta.com/api/mobile/getUpgradeEligibilityInfo
POST https://www.delta.com/api/mobile/purchaseEfirst
```
### Complimentary Upgrade (from DEX strings)
```
/getComplimentaryUpgrade
/processComplimentaryUpgrade
/purchaseUpgrade
```
## All Mobile API Endpoints
| Endpoint | Path |
|----------|------|
| **Standby List** | `/api/mobile/asl` |
| Flight Status | `/api/mobile/getFlightStatus` |
| Flight Status By Leg | `/api/mobile/getFlightStatusByLeg` |
| Flight Schedule | `/api/mobile/getFlightSchedule` |
| Login | `/api/mobile/login` |
| Logout | `/api/mobile/logout` |
| Check Login | `/api/mobile/checkLogin` |
| Get Profile | `/api/mobile/getprofile` |
| Manage Profile | `/api/mobile/manageProfile` |
| Get PNR | `/api/mobile/getPnr` |
| Validate PNR | `/api/mobile/validatePnr` |
| Dashboard | `/api/mobile/getDashboard` |
| Check-in | `/api/mobile/checkin` |
| Seat Map | `/api/mobile/getSeatMap` |
| Change Seat | `/api/mobile/changeSeat` |
| Upgrade Eligibility | `/api/mobile/getUpgradeEligibilityInfo` |
| Purchase E-First | `/api/mobile/purchaseEfirst` |
| Bag Info | `/api/mobile/getBagInfo` |
| Add Bags | `/api/mobile/addBags` |
| Get Bags | `/api/mobile/getBags` |
| Bag Carousel | `/api/mobile/getBagCarousel` |
| Weather | `/api/mobile/getWeather` |
| Account Activity | `/api/mobile/getAcctActivity` |
| SkyClub Info | `/api/mobile/getSkyclubInfo` |
| Purchase SkyClub | `/api/mobile/purchaseSkyclub` |
| Receipts | `/api/mobile/getReceipts` |
| Email Receipt | `/api/mobile/processEmailReceipt` |
| Merchandise | `/api/mobile/getMerchandise` |
| Promotions | `/api/mobile/getPromotions` |
| Airport Mode | `/api/mobile/getAirportMode` |
| Passenger Info | `/api/mobile/getPaxInfo` |
| Manage Passenger | `/api/mobile/managePaxInfo` |
| Travel Documents | `/api/mobile/getTravelDoc` |
| Add Travel Doc | `/api/mobile/addTravelDoc` |
| Emergency Contact | `/api/mobile/addEmergencyContact` |
| Manage Cart | `/api/mobile/manageCart` |
| Get Cart | `/api/mobile/getCart` |
| Clear Cart | `/api/mobile/clearCart` |
| Eligible FOP | `/api/mobile/getEligibleFop` |
| SSR | `/api/mobile/getSsr` |
| Available SSR | `/api/mobile/getAvailableSsr` |
| Manage SSR | `/api/mobile/manageSsr` |
| Manage FF | `/api/mobile/manageFF` |
| Validate Address | `/api/mobile/validateAddress` |
| Forgot Username | `/api/mobile/forgotUserName` |
| Country Reference | `/api/mobile/getCountryReferenceData` |
| Address Fields | `/api/mobile/getAddressFields` |
| Enroll SkyMiles | `/api/mobile/enrollSM` |
| Upsell Info | `/api/mobile/getPnrUpsellInfo` |
| Upsell Fare Rules | `/api/mobile/getUpsellFareRules` |
| Purchase Upsell | `/api/mobile/purchaseUpsell` |
| Supported Version | `/api/mobile/supportedVersion` |
| SkyMiles Info | `/api/mobile/getSMInfo` |
| SkyMiles Pass | `/api/mobile/getSMPass` |
| SC Info | `/api/mobile/getSCInfo` |
| SC Pass | `/api/mobile/getSCPass` |
| Membership Status | `/api/mobile/getMembershipStatusInfo` |
| EOD Eligibility | `/api/mobile/getEODEligibility` |
| Store Password | `/api/mobile/storePassword` |
| Store Email | `/api/mobile/storeEmail` |
| Update Password | `/api/mobile/updatePassword` |
| Security Questions | `/api/mobile/getSecurityQuestions` |
| Get SQA | `/api/mobile/getSQA` |
| Store SQA | `/api/mobile/storeSQA` |
| App Info | `/api/mobile/getinfo` |
## Request Headers (from DEX analysis)
The app uses an `AirlineRequest` pattern with these common headers:
- `Content-Type: application/json`
- Custom auth headers (session-based after `/api/mobile/login`)
## ASL Data Model (from DEX class analysis)
### AirportStandbyListRequest
- `requestInfo` — flight identification
- `departureDate` — date string
### AirportUpgradeStandbyModel
Contains:
- Upgrade list (by cabin class)
- Standby list
- `standbyPriority` / `standbyPriorityCode`
- `upgradeList` entries
- `ASLStandby` — individual standby entries
- `ASLUpgrade` — individual upgrade entries
- `UpgradeSeatRemaining` — available seats per cabin
- `PassengerChiclet` — passenger display data
### UpgradeStandbyParams
- `airportModeResponse`
- Flight leg details
- Eligibility flags
## Security Notes
- **No SSL pinning** in `network_security_config.xml` (only trusts system CAs)
- **No PairIP or anti-tamper** — app runs on emulators
- Auth is session-based via `/api/mobile/login`
- The ASL endpoint likely requires an authenticated session
- No Akamai bot detection observed on the mobile API path
## Next Steps
1. Call `/api/mobile/login` with Delta credentials to get a session
2. Call `/api/mobile/getFlightStatus` with a flight number
3. Call `/api/mobile/asl` with the flight details from the status response
4. The ASL response should contain upgrade and standby lists

176
api_docs/spirit_api.md Normal file
View File

@@ -0,0 +1,176 @@
# Spirit Airlines Mobile API
Extracted from `com.spirit.customerapp` v4.7.0 (build 1340)
## Base URL
| Environment | URL |
|-------------|-----|
| **Production** | `https://api.spirit.com/customermobileprod/2.8.0/` |
| QA1 | `https://apiqa.spirit.com/qa01-customermobileapi/` |
| QA2 | `https://apiqa.spirit.com/qa02-customermobileapi/` |
| Dev1 | `https://apiqa.spirit.com/dev01-customermobileapi/` |
| Dev2 | `https://apiqa.spirit.com/dev02-customermobileapi/` |
| Stage | `https://api.spirit.com/stage-customermobileapi/` |
| CMS | `https://content.spirit.com/api/content/` |
## Standby / Board of Availability (BOA)
Spirit uses "BOA" (Board of Availability) as their standby system:
```
GET https://api.spirit.com/customermobileprod/2.8.0/v1/getboaparameters
POST https://api.spirit.com/customermobileprod/2.8.0/v1/getboastatus
```
### BOA Status Request
- **Method:** POST
- **Body:** `BoaStatusRequestDto` (JSON)
- **Response:** `BoaStatusResponseDto` containing `BoaStatus` objects
### BOA Data Model
- `BoaStatusInfo` — status of standby position
- `boaStatusChecker` — polls for status updates using a `boaUniqueSessionToken`
- `isStandby` — boolean flag on trip/flight objects
- `standby` — standby details on trip segments
### BOA Flow
1. Call `v1/getboaparameters` to get BOA config
2. Call `v1/getboastatus` with flight/booking details
3. Poll using `boaStatusChecker` with session token for updates
## All API Endpoints
### Authentication
| Method | Path | Description |
|--------|------|-------------|
| POST | `v2/Token` | Fetch auth token |
| POST | `v3/Token` | Fetch v3 auth token |
| PUT | `v3/Token` | Refresh v3 token |
### Init & Config
| Method | Path | Description |
|--------|------|-------------|
| GET | `v1/init` | App initialization |
| GET | `v1/stations` | Airport station list |
| GET | `v1/OnD/Countries` | Country reference data |
### Flight Search & Status
| Method | Path | Description |
|--------|------|-------------|
| POST | `v5/Flight/Search` | Search flights |
| POST | `v3/GetFlightInfoBI` | Flight info |
| POST | `v1/booking/flightdetails` | Flight details |
| POST | `v1/calendar/availabledates` | Available dates calendar |
### Booking
| Method | Path | Description |
|--------|------|-------------|
| GET | `v1/booking/retrieve` | Retrieve booking (params: RecordLocator, LastName) |
| GET | `v1/booking` | Get booking state |
| GET | `v1/booking?screenType=ReviewTempStay` | Booking review |
| PUT | `v2/booking` | Update booking |
| POST | `v1/booking/book` | Confirm booking |
| POST | `v1/trip/sell` | Sell trip |
| POST | `v2/ValidateBookingRequest` | Validate booking |
### Standby / BOA
| Method | Path | Description |
|--------|------|-------------|
| **GET** | **`v1/getboaparameters`** | **Get BOA (standby) parameters** |
| **POST** | **`v1/getboastatus`** | **Get standby status** |
### Check-in & Boarding
| Method | Path | Description |
|--------|------|-------------|
| POST | `v1/booking/checkin/journey` | Check in for journey |
| POST | `v2/booking/boardingpasses/journey` | Get boarding passes |
### Trip Management
| Method | Path | Description |
|--------|------|-------------|
| POST | `v1/managetrip` | Manage trip |
| POST | `v2/tripdetails` | Get trip details |
| POST | `v3/mytrips` | Get my trips |
| POST | `v1/booking/passengers/passengerreturndates` | Passenger return dates |
### Seats
| Method | Path | Description |
|--------|------|-------------|
| GET | `v1/booking/seatmap` | Get seat map |
| GET | `v4/booking/seatmaps/` | Get seat maps v4 |
| POST | `v4/booking/passengers/{passengerKey}/seats/{unitKey}` | Assign seat |
### Bags
| Method | Path | Description |
|--------|------|-------------|
| POST | `v1/bags` | Get bags |
| PUT | `v1/bags/update` | Update bags |
### Bundles & Upsell
| Method | Path | Description |
|--------|------|-------------|
| GET | `v3/options` | Get options |
| PUT | `v1/options/update` | Update options |
| POST | `v1/bundle/UpsellAvailability` | Upsell availability |
| POST | `v3/bundle/ssrs` | Bundle SSRs |
| POST | `v4/bundle/ssrs` | Bundle SSRs v4 |
| POST | `v2/cart` | Manage cart |
### Payments
| Method | Path | Description |
|--------|------|-------------|
| POST | `v1/booking/payments/fetchredemptiondetail` | Fetch redemption |
| POST | `v1/booking/payments/redeem` | Redeem points |
| DELETE | `V3/User/Person/StoredPayments/{key}` | Delete stored payment |
### Account
| Method | Path | Description |
|--------|------|-------------|
| POST | `v1/FreeSpirit/CreateAccount` | Create Free Spirit account |
| POST | `v1/FreeSpirit/Booking/CreateAccount` | Create account during booking |
| GET | `v1/User/Person` | Get user profile |
| POST | `v1/account/password/reset` | Reset password |
| POST | `v1/account/updateexpiredpassword` | Update expired password |
| POST | `v1/account/points` | Account points |
| POST | `v1/points` | Points |
| POST | `v1/MemberInfo/ValidateFSNumber` | Validate Free Spirit number |
| POST | `v1/registerForPromotion` | Register for promotion |
### Documents & SSR
| Method | Path | Description |
|--------|------|-------------|
| POST | `v1/booking/passengers/{key}/documents` | Add travel doc |
| PUT | `v1/booking/passengers/{key}/documents/{docKey}` | Update travel doc |
| POST | `v1/booking/passengers/{key}/infant/documents` | Add infant doc |
| POST | `v1/document/validate` | Validate document |
| POST | `v1/booking/ssrs/add/acia` | Add SSR |
| POST | `v2/trip/specialassistance` | Special assistance |
| POST | `v3/ssrs/health-ack/accept` | Accept health acknowledgment |
| POST | `v3/ssrs/health-ack/decline` | Decline health acknowledgment |
### Other
| Method | Path | Description |
|--------|------|-------------|
| GET | `v1/GetContent/help` | Help content |
| POST | `v1/getdynamiccontent` | Dynamic content |
| POST | `v1/booking/touristtax` | Tourist tax |
| POST | `v1/booking/passengers/temporarystay/address` | Temp stay address |
| POST | `v1/travelguard/getquote` | Travel insurance quote |
## Security Notes
- **No SSL pinning** in network_security_config.xml
- **No PairIP or anti-tamper** protection
- Uses Retrofit2 for HTTP
- Auth via token-based system (`v2/Token`, `v3/Token`)
- `libakamaibmp.so` present — Akamai Bot Manager for bot detection
- App runs fine on emulators
## CMS Endpoints
| Path | Description |
|------|-------------|
| `en-US?path=mobile/book/paxtravelingui` | Passenger traveling UI content |
| `en-US?path=mobile/localnotification` | Local notification content |
| `en-US?path=mobile/mytripui` | My trips UI content |

137
api_docs/united_api.md Normal file
View File

@@ -0,0 +1,137 @@
# United Airlines Mobile API
Extracted from `united-airlines.apk` (11 DEX files, ~100MB)
## Base URLs
| Environment | URL |
|-------------|-----|
| **Production** | `https://mobileapi.united.com` |
| QA | `https://mobileapi.qa.united.com` |
| Dev | `https://mobileapi.dev.united.com` |
| Stage | `https://mobileapi.stage.united.com` |
| PreProd | `https://mobileapi.preprod.united.com` |
| Preview | `https://mobileapi.preview.united.com` |
## Load Data Endpoints
### Standby List
```
POST https://mobileapi.united.com/standbylistservice/api/GetStandbyList
```
Returns `MOBStandByListResponse`:
- `standByListPassengers` — passenger list with names, status
- `CustomersOnStandbyList` — customers on standby
- `businessStandByList` — business class standby
- `isStandByListAvailable` — availability flag
- `showStandbyListButton` — UI toggle
### Upgrade List
```
POST https://mobileapi.united.com/upgradelistservice/api/GetUpgradeList
```
Returns `MOBUpgradeListResponse`:
- Upgrade passengers with status
- Cabin eligibility
### Pass Rider List (Employee/Non-Rev)
```
POST https://mobileapi.united.com/passriderlistservice/api/PassRiderList
POST https://mobileapi.united.com/passriderlistservice/api/TravelerMisConnect
```
## Flight Status Data Fields (from embedded JSON)
Per segment in the response:
- `SeatsAvailable` — nullable seat count
- `AvailabiltyCount` — availability string
- `CustomersOnStandbyList` — standby passengers
- `ShowStandby` — whether standby is displayed
- `enableStandbyList` — boolean
- `enableUpgradeList` — boolean
- `availableSeat11AMto5PM` — time-bucketed availability
- `availableSeatBefore11AM` — morning availability
- `availableSeatAfter5PM` — evening availability
## All 60+ Microservices
| Service | Base Path |
|---------|-----------|
| **standbylistservice** | `/standbylistservice/api/` |
| **upgradelistservice** | `/upgradelistservice/api/` |
| **flightstatusservice** | `/flightstatusservice/api/` |
| passriderlistservice | `/passriderlistservice/api/` |
| passridersservice | `/passridersservice/api/` |
| checkinservice | `/checkinservice/api/` |
| checkinebpservice | `/checkinebpservice/api/` |
| checkinmerchservice | `/checkinmerchservice/api/` |
| seatmapservice | `/seatmapservice/api/` |
| seatengineservice | `/seatengineservice/api/` |
| bagcalculatorservice | `/bagcalculatorservice/api/` |
| bagtrackingservice | `/bagtrackingservice/api/` |
| bookingtripsservice | `/bookingtripsservice/api/` |
| completebookingservice | `/completebookingservice/api/` |
| cancelreservationservice | `/cancelreservationservice/api/` |
| shoppingservice | `/shoppingservice/api/` |
| shoptripsservice | `/shoptripsservice/api/` |
| shopbundlesservice | `/shopbundlesservice/api/` |
| shopflightdetailsservice | `/shopflightdetailsservice/api/` |
| shopfarewheelservice | `/shopfarewheelservice/api/` |
| shopawardservice | `/shopawardservice/api/` |
| shopseatsservice | `/shopseatsservice/api/` |
| flightsearchresultservice | `/flightsearchresultservice/api/` |
| myunitedservice | `/myunitedservice/api/` |
| customerprofileservice | `/customerprofileservice/api/` |
| memberprofileservice | `/memberprofileservice/api/` |
| memberinformationservice | `/memberinformationservice/api/` |
| memberbenefitsservice | `/memberbenefitsservice/api/` |
| updatememberprofileservice | `/updatememberprofileservice/api/` |
| enrollmentservice | `/enrollmentservice/api/` |
| premieractivityservice | `/premieractivityservice/api/` |
| recentactivityservice | `/recentactivityservice/api/` |
| balanceservice | `/balanceservice/api/` |
| mywalletservice | `/mywalletservice/api/` |
| etcservice | `/etcservice/api/` |
| travelcreditservice | `/travelcreditservice/api/` |
| clubservice | `/clubservice/api/` |
| unitedclubservice | `/unitedclubservice/api/` |
| productservice | `/productservice/api/` |
| msccheckoutservice | `/msccheckoutservice/api/` |
| mscpaymentservice | `/mscpaymentservice/api/` |
| mscregisterservice | `/mscregisterservice/api/` |
| postbookingservice | `/postbookingservice/api/` |
| tripplannerservice | `/tripplannerservice/api/` |
| tripplannergetservice | `/tripplannergetservice/api/` |
| savetripservice | `/savetripservice/api/` |
| travelersservice | `/travelersservice/api/` |
| traveloffersservice | `/traveloffersservice/api/` |
| homescreenservice | `/homescreenservice/api/` |
| inboxservice | `/inboxservice/api/` |
| receiptservice | `/receiptservice/api/` |
| inflightamenityservice | `/inflightamenityservice/api/` |
| locationservice | `/locationservice/api/` |
| airportsservice | `/airportsservice/api/` |
| securityquestionsservice | `/securityquestionsservice/api/` |
| addressvalidationservice | `/addressvalidationservice/api/` |
| syncservice | `/syncservice/api/` |
| subscriptionsservice | `/subscriptionsservice/api/` |
| paymentoptionservice | `/paymentoptionservice/api/` |
| otpandchasecardsservice | `/otpandchasecardsservice/api/` |
| promocodeservice | `/promocodeservice/api/` |
| moneyplusmilesservice | `/moneyplusmilesservice/api/` |
| alertcheckfsrservice | `/alertcheckfsrservice/api/` |
| cceservice | `/cceservice/api/` |
| mpcservice | `/mpcservice/api/` |
| trcservice | `/trcservice/api/` |
| employeeprofileservice | `/employeeprofileservice/api/` |
| employeepassbalanceservice | `/employeepassbalanceservice/api/` |
| unfinishedbookingservice | `/unfinishedbookingservice/api/` |
| viewresseatmapservice | `/viewresseatmapservice/api/` |
## Security Notes
- **No SSL pinning** — `network_security_config.xml` only allows cleartext for inflight WiFi domains
- **No PairIP or anti-tamper**
- **No emulator detection**
- Auth: session/token based
- Can be fully captured via emulator + mitmproxy