Categories: Application SecurityJavascript

Application Security – Use NPM Request Package for APIs Access

This blog represents code sample and related details that can be used to hack into the system through unprotected APIs. The security vulnerability such as following can be exploited using the code sample given later in this article. Note that the security vulnerabilities mentioned below forms part of OWASP 2017 Top 10 security vulnerabilities.

The code below has made use of NPM request package to send the request to the API hosted ast Paytm Catalog Site. The API below displays electronics items listed on PayTMMall.com.

var request = require('request');

var url = "https://catalog.paytm.com/v2/h/electronics?channel=web&amp;child_site_id=6&amp;site_id=2&amp;version=2&amp;platform_version=S2(New)";
var method = "POST";
var headers = {
"content-type": "application/json",
"accept": "*/*"
};

var data = {"tracking":{"current_page":"https://paytmmall.com/shop/h/electronics","prev_page":""},"context":{"device":{"os":"Linux x86_64","device_type":"PC","browser_uuid":"GA1.2.35123967.1498556341","ua":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:55.0) Gecko/20100101 Firefox/55.0","connection_type":"Unknown"},"channel":"WEB","user":{"ga_id":"GA1.2.35123967.1498556341","user_id":null}}}
var isJSON = true;

request({
url: url,
method: method,
body: data,
json: isJSON,
headers: headers,
},
function (error, response, body) {
if (!error &amp;&amp; response.statusCode == 200) {
console.log(body);
}
console.log("Response: " + JSON.stringify(response));
console.log("Error: " + error);
});

Put the code shown above in a file, say, test.js and execute the file using command such as node test.js. The output would display data retrieved from the website.

Author
Recent Posts

Ajitesh Kumar

I have been recently working in the area of Data analytics including Data Science and Machine Learning / Deep Learning. I am also passionate about different technologies including programming languages such as Java/JEE, Javascript, Python, R, Julia, etc, and technologies such as Blockchain, mobile computing, cloud-native technologies, application security, cloud computing platforms, big data, etc. I would love to connect with you on Linkedin.
Check out my latest book titled as First Principles Thinking: Building winning products using first principles thinking.

Latest posts by Ajitesh Kumar (see all)

Chunking Strategies for RAG with Examples - November 2, 2025
RAG Pipeline: 6 Steps for Creating Naive RAG App - November 1, 2025
Python: List Comprehension Explained with Examples - October 29, 2025

Ajitesh Kumar

I have been recently working in the area of Data analytics including Data Science and Machine Learning / Deep Learning. I am also passionate about different technologies including programming languages such as Java/JEE, Javascript, Python, R, Julia, etc, and technologies such as Blockchain, mobile computing, cloud-native technologies, application security, cloud computing platforms, big data, etc. I would love to connect with you on Linkedin. Check out my latest book titled as First Principles Thinking: Building winning products using first principles thinking.