Login to PGE website with Google Apps Scripts

Question

I am trying to log in to the pge.com website using Google Apps Scripts, with my username and password, so that I can retrieve my electricity consumption details. The need is similar to this thread

I have inspected network calls during login but I cannot figure out how my username and password are passed.

I can see two subsequent calls to the login service.

First request (doesn't seem to carry a payload):

 **General**
    Request URL: https://apigprd.cloud.pge.com/myaccount/v1/login?ts=1614544850626
    Request Method: OPTIONS
    Status Code: 200 OK
    Remote Address: 130.19.47.120:443
    Referrer Policy: strict-origin-when-cross-origin Response Headers
** Response Headers **    
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Headers: authorization
    Access-Control-Allow-Methods: GET, POST, OPTIONS
    Access-Control-Allow-Origin: https://www.pge.com
    Content-Encoding: gzip
    Content-Length: 59
    Content-Type: text/plain;charset=UTF-8
    Date: Sun, 28 Feb 2021 20:40:50 GMT
    Set-Cookie: TS01ef76cb=015399e11<...>dc1f; Path=/; Domain=.apigprd.cloud.pge.com
    X-Tracking-ID
    X-Transaction-ID: 00000177b2ec4203-10baebc

** Request Headers **
    Accept: */*
    Accept-Encoding: gzip, deflate, br
    Accept-Language: en-US,en;q=0.9
    Access-Control-Request-Headers: authorization
    Access-Control-Request-Method: GET
    Connection: keep-alive
    Host: apigprd.cloud.pge.com
    Origin: https://www.pge.com
    Referer: https://www.pge.com/
    Sec-Fetch-Dest: empty
    Sec-Fetch-Mode: cors
    Sec-Fetch-Site: same-site
    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 11_2_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.182 Safari/537.36

A subsequent request is then made:

 ** General **
    Request URL: https://apigprd.cloud.pge.com/myaccount/v1/login?ts=1614544850626
    Request Method: GET
    Status Code: 200 OK
    Remote Address: 130.19.47.120:443
    Referrer Policy: strict-origin-when-cross-origin

** Response Headers **
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers
Access-Control-Allow-Origin: https://www.pge.com
Content-Encoding: gzip
Content-Length: 101
Content-Type: application/json;charset=UTF-8
Date: Sun, 28 Feb 2021 20:40:50 GMT
set-cookie: PF=cuLZ7Vh4y6keKdWEzXVaxD4kzuePT0wcOOyvxZ6V3u0K; Path=/; Domain=.cloud.pge.com; Secure; HttpOnly
set-cookie: PA.ToI.CustomerWeb=eyJhb<...>MifQ..8p6<...>iqw.1BewS--tpmP<...>3fo-rbtoh-<...>Egz-acEIN58H-dO<...>rWR-Q<...>w; Path=/; Domain=pge.com; Secure; HttpOnly
Set-Cookie: TS01ef76cb=015399e11<...>ec2d9; Path=/; Domain=.apigprd.cloud.pge.com
Set-Cookie: TS01d056a5=015399e11<...>2fc17; path=/; domain=pge.com
X-Tracking-ID
X-Transaction-ID: 0000017602681258-9359011

** Request Headers **
Accept: */*
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Authorization: Basic bWFy<...>wc2U=
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Cookie: optimizelyEndUserId=oeu1<...>2r0.2464<....>336; oo_inv_percent=0; _gcl_au=1.1.1250622131.1614535637; AMCVS_DF70BB6B55BA62677F000101%40AdobeOrg=1; s_cc=true; _ga=GA1.2.676<...>72.1614535638; _gid=GA1.2.127<...>54.1614535638; _fbp=fb.1.1614535638419.135544411; userLanguageSelected=English; com.silverpop.iMAWebCookie=654ee074-<...>-<...>-0784-4940b13c1dc8; CARE_LANG=English; BIGipServer~Prod~P-itiampingaccess.cloud.pge.com-pool=1796742666.54795.0000; com.silverpop.iMA.session=2764a7b2-1c77-<...>-<...>-b56816c03631; com.silverpop.iMA.page_visit=2144181430:; s_sq=%5B%5BB%5D%5D; PF=dyxdIf<...>wnCDfDTC4EeNVNzFtF3; care_hashed_acct_id=811067339<...>E559C253; PGE_EN=4nx9s6<...>NigxfgqMgNTc/Hs7mt6oL<...>M3oG2lGBv+FNpQhj4U1N8YVv<...>TEUP1x9NU5QJQPcImd/s3FVCFgLy<...>qhrhuv+HQ1J/OANiGah+0exaD2ScPRBd3MQ/+4EqtzOEbpsjjKDKN<...>qe+mOMjkjZ0otbEknx5I7Z1p8w/KxI0fvwT32RBc5U+92j6CxxIDoYwm3KlmCQ==; TS01d056a5=015399e11<...>e65810; TS01ef76cb=015399e11<...>73b336; ADRUM=s=1614544835448&r=https%3A%2F%2Fm.pge.com%2Findex.html%3F35; oo_OODynamicRewrite_weight=0; oo_inv_hit=3; AMCV_DF70BB6B55BA62677F000101%40AdobeOrg=-1303530583%7C<...>Bpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1614552037s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-18694%7CvVersion%7C3.3.0; OptanonConsent=isIABGlobal=false&datestamp=Sun+Feb+28+2021+12%3A40%3A37+GMT-0800+(Pacific+Standard+Time)&version=6.1.0&consentId=749474e8-c692-470b-be09-77aa32646232&interactionCount=0&landingPath=NotLandingPage&groups=C0001%3A1%2CC0002%3A1%2CC0003%3A1%2CC0004%3A1%2CC0005%3A1&hosts=&legInt=&AwaitingReconsent=false; _dc_gtm_UA-64722139-1=1; _gat_UA-77056718-1=1; s_tp=2617; s_ppv=PG%2526E%252C%2520Pacific%2520Gas%2520and%2520Electric%2520-%2520Gas%2520and%2520power%2520company%2520for%2520California%2C35%2C35%2C914; s_plt=3.13; utag_main=v_id:0177e9d2<...>78001407000ac8$_sn:2$_ss:1$_st:1614546650462$vapi_domain:pge.com$dc_visit:8$_pn:1%3Bexp-session$ses_id:1614544836893%3Bexp-session$dc_event:2%3Bexp-session$dc_region:us-east-1%3Bexp-session
Host: apigprd.cloud.pge.com
Origin: https://www.pge.com
Referer: https://www.pge.com/
sec-ch-ua: "Chromium";v="88", "Google Chrome";v="88", ";Not A Brand";v="99"
sec-ch-ua-mobile: ?0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 11_2_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.182 Safari/537.36

How can I use the Google Apps Script to login?

PS I have tried the following:

function loginPge() {
  var baseUrl = "https://apigprd.cloud.pge.com/myaccount/v1/login";
  var now =  Date.now();
  var url = baseUrl + '?ts=' + now;

  var payload =
   {
     "username" : "xxx",
     "password" : "xxx",
   };

  var headers =
    {
    "Accept":"*/*",
    "Accept-Encoding": "gzip, deflate, br",
    "Accept-Language": "en-US,en;q=0.9",
    "Access-Control-Request-Headers": "authorization",
    "Access-Control-Request-Method": "GET",
    "Connection": "keep-alive",
    "Origin": "https://www.pge.com",
    "Referer": "https://www.pge.com/",
    "Sec-Fetch-Dest": "empty",
    "Sec-Fetch-Mode": "cors",
    "Sec-Fetch-Site": "same-site",
    "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 11_2_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.182 Safari/537.36"
   };

  var options =
   {
     "headers":headers,
     "method" : "get",
     "payload" : payload,
     "followRedirects" : false
   };
  var login = UrlFetchApp.fetch(url, options);
  return;
}

But I am getting an error message

Exception: Request failed for https://apigprd.cloud.pge.com returned code 400. Truncated server response: {"user": "unknown", "errorCode":"33"}

Answer 1

I am a little late, but maybe it helps someone else.

The username and password are sent in 'Authorization' header. I figured out the value for this header by inspecting the login page source where it appears as:

<set-header value="Basic base64($username:$password)" name="Authorization"></set-header>

Below is Python code to login and get user details:

import requests
import base64

username = 'test'
password = 'test'

session = requests.Session()

auth = ':'.join([username, password]).encode('utf8')

headers = {
    'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:88.0) Gecko/20100101 Firefox/88.0',
    'Accept': '*/*',
    'Accept-Language': 'en-US,en;q=0.5',
    'Content-Type': 'application/x-www-form-urlencoded',
    'Authorization': 'Basic {}'.format(
        base64.b64encode(auth).decode('utf8')
    ),
    'Origin': 'https://www.pge.com',
    'Connection': 'keep-alive',
    'Referer': 'https://www.pge.com/',
}

resp = session.get(
    'https://apigprd.cloud.pge.com/myaccount/v1/login',
    headers=headers
)
print(resp.json())  # get the json response

headers = {
    'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:88.0) Gecko/20100101 Firefox/88.0',
    'Accept': 'application/json, text/javascript, */*; q=0.01',
    'Accept-Language': 'en-US,en;q=0.5',
    'Content-Type': 'application/json',
    'X-RAS-API-USERKEY': 'pgecocmobile',
    'cocGUID': 'null',
    'Origin': 'https://m.pge.com',
    'Connection': 'keep-alive',
    'Referer': 'https://m.pge.com/',
}

params = (
    ('userId', username),
)
resp = session.get(
    'https://apigprd.cloud.pge.com/myaccount/v1/cocaccount/secure/account/retrieveMyEnergyAccounts',
    params=params, headers=headers
)

print(resp.json())  # get the json response with acc details