conference logo

Playlist "May Contain Hackers 2022"

Reverse engineering the Albert Heijn app for fun and profit

Nick Bouwhuis

The Albert Heijn, everyone (in the Netherlands at least) knows it. It's the largest supermarket chains here. They have a very extensive API. This API is not public unfortunately, but in this talk I will show you how you can reverse engineer the app to figure out how the API works and how we can use it to our advantage.

The Albert Heijn, everyone (in the Netherlands at least) knows it. It's one of the largest supermarket chains with a very extensive API. This API is not public unfortunately, but in this talk I will show you how you can reverse engineer the app to figure out how the API works and how we can use it to our advantage.

AirMiles, tracking stamps for the current saving program, receipts, personal discounts. All these can be viewed or tracked within the Albert Heijn app. But, what if you want to track your savings over time? I want my pretty Grafana dashboard gosh darn it!

This talk will go into the story behind randombonuskaart.nl (a website for a 'random' bonuskaart right when you need it), talk about how your private API is not really private and how we can use the Albert Heijn API to track various data and do tedious actions for us.

The knowledge gained from this talk can also be used with other apps, but the Albert Heijn app proves for a very good example.