Access ubank's API.
Install ubank with pip (Python 3.8+ is required):
$ pip install ubankBefore accessing the API, you'll first need to enrol a new device with ubank. Running ubank as a module helps with this task:
$ python -m ubank --help
usage: ubank.py [-h] [-o FILE] [-v] username
Enrols new device with ubank. You will be asked for your ubank password and secret code interactively.
positional arguments:
username ubank username
optional arguments:
-h, --help show this help message and exit
-o FILE, --output FILE
write JSON device credentials to file (default: write to stdout)
-v, --verbose displays httpx INFO logsWe'll enrol a new device and save the credentials to device.json.
Keep this file safe!
You'll be prompted for your ubank password and security code during this step.
$ python -m ubank [email protected] --output device.json
Enter ubank password:
Enter security code sent to 04xxxxx789: 123456
$ cat device.json
{
"hardware_id": "35bd47b0-eced-4fb4-88e1-24657c2500ec",
"device_id": "cc1d3291-8e7d-45fc-845b-326b65bffcb1",
"device_meta": "{\"appVersion\": \"15.11.1\", \"binaryVersion\": \"15.11.1\", \"deviceName\": \"iPhone19-1\", \"environment\": \"production\", \"instance\": \"live\", \"native\": true, \"platform\": \"ios\"}",
"hashed_pin": "N0ZsiU81f+qiOZvs424E06AasHBlHsSlH9Fj1J0Sz5c=",
"secret": "c3e59465-2449-4692-8d0a-6dc9bb8b2ae2",
"auth_key": "pLzKjKs0FW104tqaj5qD3wYmZf0Q+udRCsRgST1gRGwh9iaxVf5qZdn+LtidvqSx20Y=",
"email": "[email protected]",
"mobile_number": "+61423456789",
"user_id": "51457aec-9fb4-45c4-9ed0-4d17b70665ec",
"username": "48b16c6f-19a5-46e7-855e-5d6922882276",
"token": "dw2FYNdTRLgIS8YxZlQ0RnihkpgxRB/+a/o3vmQWWiRtrF11H4ZjA8ywZfaoUYK/Gkc="
}You won't use your username and password to access ubank's API.
Instead, you'll use the enrolled device's credentials (stored in device.json).
Instantiate a ubank.Device from device.json:
import json
import ubank
with open("device.json") as file:
device = ubank.Device(**json.load(file))Next, we'll instantiate ubank.Client with the device created above.
Use this class as a context manager.
This ensures ubank sessions and HTTP connections are properly cleaned when leaving
the with block.
ubank.Client's base_url is set to https://api.ubank.com.au/, so only the API path is required when making requests.
Important
You must store the instance's .device attribute after instantiation.
Otherwise the stored device credentials will be expired and you'll need to re-enrol.
Instantiating ubank.Client refreshes the auth_key and long life token, held in the .device attribute.
with ubank.Client(device) as client:
with open("device.json", "w") as file:
file.write(client.device.dumps())
print(client.get("/app/v1/accounts/summary").json())
{'linkedBanks': [{'bankId': 1, 'shortBankName': 'ubank', 'accounts': [{'label': 'Spend', 'type': 'TRANSACTION', 'balance': {'currency': 'AUD', 'current': 100, 'available': 100}, 'status': 'Active', 'id': '695db516-b0e2-4807-baca-77314a6257ce', 'nickname': 'Spend', 'number': '12345678', 'bsb': '670864', 'lastBalanceRefresh': '2024-01-02T00:00:00.000Z', 'openDate': '2024-01-01T00:00:00.000Z', 'isJointAccount': False}, {'label': 'Save', 'type': 'SAVINGS', 'balance': {'currency': 'AUD', 'current': 1200.44, 'available': 1200.44}, 'status': 'Active', 'id': '5bad6edf-247e-4221-9bfc-e7608f5984cb', 'nickname': 'Save', 'number': '23456789', 'bsb': '670864', 'lastBalanceRefresh': '2024-01-02T00:00:00.000Z', 'openDate': '2024-01-01T00:00:00.000Z', 'isJointAccount': False}]}]}Here are some API endpoints to try:
with ubank.Client(device) as client:
with open("device.json", "w") as file:
file.write(client.device.dumps())
print(client.get("/app/v1/accounts").json())
print(client.get("/app/v1/accounts/summary").json())
print(client.get("/app/v1/achievements").json())
print(client.get("/app/v1/campaigns").json())
print(client.get("/app/v1/cards").json())
print(client.get("/app/v1/contacts").json())
print(client.get("/app/v1/customer-details").json())
print(client.get("/app/v1/insights").json())
print(client.get("/app/v1/insights/interest").json())
print(client.get("/app/v1/products").json())
print(client.get("/app/v1/promotions").json())
print(client.get("/app/v1/savings-goals").json())
print(client.get("/app/v1/tfn").json())Pull credentials from AWS:
aws-vault exec brodie@oasis -- python
Opening the SSO authorization page in your default browser (use Ctrl-C to abort)
https://device.sso.ap-southeast-2.amazonaws.com/?user_code=YMMV-CUMT>>> import json
>>>
>>> import boto3
>>>
>>> import ubank
>>>
>>>
>>> def get_device(parameter_name="/portfolio/ubank-device"):
... """Returns ubank enrolled device from AWS Parameter Store."""
... return ubank.Device(
... **json.loads(
... # Retrieve JSON string from decrypted parameter value.
... boto3.client("ssm", region_name="us-east-1").get_parameter(
... Name=parameter_name, WithDecryption=True
... )["Parameter"]["Value"]
... )
... )
...
>>>
>>> def save_device(device, parameter_name="/portfolio/ubank-device"):
... """Saves ubank device credentials to AWS Parameter Store."""
... return boto3.client("ssm", region_name="us-east-1").put_parameter(
... Name=parameter_name,
... Value=device.dumps(),
... Type="SecureString",
... Overwrite=True,
... )
...
>>>
>>> # Get ubank account balances and trusted cookie.
>>> device = get_device()
>>> with ubank.Client(device) as client:
... # Update stored device credentials.
... save_device(client.device)
... for account in client.get("/app/v1/accounts/summary").json()["linkedBanks"][0][
... "accounts"
... ]:
... print(account)
...
{'Version': 77, 'Tier': 'Standard', 'ResponseMetadata': {'RequestId': '1dd6cfff-dead-beef-asdf-123ead7e3ba0', 'HTTPStatusCode': 200, 'HTTPHeaders': {'server': 'Server', 'date': 'Thu, 1 Nov 1970 01:23:45 GMT', 'content-type': 'application/x-amz-json-1.1', 'content-length': '32', 'connection': 'keep-alive', 'x-amzn-requestid': '1dd6cfff-dead-beef-asdf-123ead7e3ba0'}, 'RetryAttempts': 0}}
{'label': 'Spend account', 'type': 'TRANSACTION', 'balance': {'currency': 'AUD', 'current': 1000.00, 'available': 1000.00}, 'status': 'Active', 'id': '9a293f00-c000-45b2-b21e-28cf09453f73', 'nickname': 'USpend', 'number': '00000000', 'bsb': '000000', 'lastBalanceRefresh': '1970-01-01T01:23:45.678Z', 'openDate': '1970-01-01T01:23:45.678Z', 'isJointAccount': False, 'depositProductData': {'interestTiers': [{'interestRate': 0, 'minimumRange': 0}]}}
{'label': 'Save account', 'type': 'SAVINGS', 'balance': {'currency': 'AUD', 'current': 1000000.00, 'available': 1000000.00}, 'status': 'Active', 'id': '88bcd861-21ad-48d9-8c3d-d789c5845252', 'nickname': 'USave', 'number': '00000000', 'bsb': '000000', 'lastBalanceRefresh': '1970-01-01T01:23:45.678Z', 'openDate': '1970-01-01T01:23:45.678Z', 'isJointAccount': False, 'depositProductData': {'interestTiers': [{'interestRate': 5.5, 'minimumRange': 0, 'maximumRange': 100000}, {'interestRate': 5, 'minimumRange': 100000.01, 'maximumRange': 250000}, {'interestRate': 0, 'minimumRange': 250000.01}], 'interestPaymentFrequency': {'interestPaymentCountPerPeriod': 1, 'interestPeriod': '1 Month', 'interestPaymentSchedule': 'End'}}}
>>>Bump project version. e.g.,
$ poetry version patch
Bumping version from 0.1.1 to 0.1.2Publish to PyPI:
$ read -s PASSWORD
$ poetry publish --build -u __token__ -p "$PASSWORD"- Set
x-api-versionto fix #4 (thanks @jakepronger!)
- Drop Playwright requirement.
- Re-implement with simpler and lightweight httpx libary.
- Easier access to full ubank API.
- Automate ubank access using Playwright headless browser.