DEV Community

Jonathan Pereira
Jonathan Pereira

Posted on

27 1

How to intercept API calls from mobile devices

Ever wondered how to capture the API calls being made in the background while your mobile app or mobile browser is fetching data from the internet? This quick guide will give you some answers.

I'll be using a proxy server to inspect the web traffic originating from the mobile device. I'm using the Postman client and my Android smartphone for this purpose.

What is a Proxy Server?


Simply put, a proxy server is a gateway between the client and the server. In our case, we will use the mobile device as a client, and make the computer act as a proxy between the client and the server. The flow is setup in a way that the internet traffic passes through the proxy server while attempting to reach the web address you requested.

What is Postman?


Postman is a API Development Environment catering to every stage of the API Lifecycle. It is used by over 7M developers globally. The Postman Proxy is one of the feature available out-of-the-box on the Postman client.

Capturing API calls using Postman

  1. To get started, we need the computer and the mobile device to be connected to the same wireless network. I’m going to use a Mac laptop and an Android smartphone.

  2. Click on the Proxy Settings button in the top menu bar.

  3. The Proxy Settings modal should show. Make a note of the port mentioned. I’ll use the default post “5555”. Select the target to capture the requests. I’ll use the “History” sidebar panel. Click on Connect.

  4. Find the IP address of your computer. You should see this in your Network settings.

  5. Configure HTTP Proxy on the mobile device. You can do this by going to Settings -> Wi-Fi and selecting the Modify Network option. Enter the computer’s IP address as your Proxy Host. Set the proxy port to the same as the port in the Postman app, i.e. 5555.

You should have everything working!

Open a browser on the mobile device or any app and keep an eye on the Postman app. I entered www.mit.edu in my Chrome for Android browser. As the browser started contacting the server, all of the calls start appearing in the Postman sidebar.

Where can you use this?

  • To help you to understand the communications between the client and server. This could be useful from a security standpoint to highlight malicious requests.
  • To makes it easier to debug by pinpointing where the app crashes or throws an error.
  • To identify behavior differences among mobile devices (based on hardware and resolutions), which help to isolate bugs seen on certain devices.

Note:

  • Postman currently supports only HTTP traffic in the Proxy feature. Support for HTTPS is expected to be added soon.

Image of Timescale

🚀 pgai Vectorizer: SQLAlchemy and LiteLLM Make Vector Search Simple

We built pgai Vectorizer to simplify embedding management for AI applications—without needing a separate database or complex infrastructure. Since launch, developers have created over 3,000 vectorizers on Timescale Cloud, with many more self-hosted.

Read full post →

Top comments (0)

Sentry growth stunted Image

If you are wasting time trying to track down the cause of a crash, it’s time for a better solution. Get your crash rates to zero (or close to zero as possible) with less time and effort.

Try Sentry for more visibility into crashes, better workflow tools, and customizable alerts and reporting.

Switch Tools 🔁

👋 Kindness is contagious

Immerse yourself in a wealth of knowledge with this piece, supported by the inclusive DEV Community—every developer, no matter where they are in their journey, is invited to contribute to our collective wisdom.

A simple “thank you” goes a long way—express your gratitude below in the comments!

Gathering insights enriches our journey on DEV and fortifies our community ties. Did you find this article valuable? Taking a moment to thank the author can have a significant impact.

Okay