Hi lovely people! 👋 Most people who know me in person know that I love running. I try to run at least twice a week. I properly started running in May 2017 and have been running more or less consistently since then. I have been using the Nike Run Club app to log all of my run data. When I started using it I had no idea that I was getting sucked into a walled garden and there was no official way to move my data out of the Nike ecosystem.

Now we know that the app loads data from the server so this means that there is definitely a remote API endpoint which we can access to get raw data. While I was trying to reverse engineer the NRC app to allow sniffing of SSL traffic, I came across a GitHub gist which contained NikePlus API description.

The author of that gist has put up a bash script which you can use to download all of your data from the Nike ecosystem and save it locally in json files.

Now the tricky part is that the endpoint requires Authorization Bearer token which we don’t already know. As it turns out the online Nike website also uses the same authentication backend and uses the same Authorization token as the Nike app. So all we have to do is go to the NikePlus membership website and open the developer tools. With the developer tools open, log in to your same Nike account which you use with the mobile app.

Now search for a request to api.nike.com and scroll down to the request headers. You should be able to see the Authorization header.

#data visualization