ahusan/fksar
1
0
Fork 0
forked from shihaam/thijooree
Code Pull Requests Activity

add support to detect dhiraagu and ooredoo packages

Browse Source
This commit is contained in:
Shihaam Abdul Rahman
2026-05-17 00:25:48 +05:00
parent 93405aade2
commit ccc9e11d55
9 changed files with 781 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
docs/dhiraaguapi/01-number-lookup.md
+172
View File
@@ -0,0 +1,172 @@
# Number Lookup
Validate a Dhiraagu mobile number and determine whether it is prepaid (reload) or postpaid (bill pay).
This is a two-step process: first fetch the Easy Pay page to extract the nonce, then POST the number to the IO API.
---
## Step 1 — Fetch Nonce
### Endpoint
```
GET https://www.dhiraagu.com.mv/services/easy-pay
```
### Request Headers
```
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:150.0) Gecko/20100101 Firefox/150.0
```
### curl Example
```bash
curl --request GET \
--url 'https://www.dhiraagu.com.mv/services/easy-pay' \
--header 'User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:150.0) Gecko/20100101 Firefox/150.0'
```
### Response
The server returns an HTML page. The nonce is embedded in a `<script>` block:
```html
<script>
var nonce = "feb6acb9-a532-428e-a4d6-c4e5515b4bc3";
...
</script>
```
**Extraction regex:**
```
var nonce = "([^"]+)"
```
The nonce is a UUID (36-char string). It is tied to this page load and must be used immediately in Step 2.
---
## Step 2 — Number Lookup
### Endpoint
```
POST https://www.dhiraagu.com.mv/api/sdk-dhr-webapi.ashx?website_id=CA2BB809-3A22-485B-A518-DA6B6DE653A5&sub=dhiraaguIO&act=infoUnlisted
```
### Request Headers
| Header | Value |
|---|---|
| `Content-Type` | `application/json` |
| `User-Agent` | `Mozilla/5.0 (X11; Linux x86_64; rv:150.0) Gecko/20100101 Firefox/150.0` |
| `nonce` | UUID extracted from Step 1 |
| `Origin` | `https://dhiraagu.com.mv` |
### Request Body
```json
{
"number": "7654321"
}
```
| Field | Type | Notes |
|---|---|---|
| `number` | `string` | 7-digit Dhiraagu mobile number (local format, no country code) |
### curl Example
```bash
curl --request POST \
--url 'https://www.dhiraagu.com.mv/api/sdk-dhr-webapi.ashx?website_id=CA2BB809-3A22-485B-A518-DA6B6DE653A5&sub=dhiraaguIO&act=infoUnlisted' \
--header 'Content-Type: application/json' \
--header 'User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:150.0) Gecko/20100101 Firefox/150.0' \
--header 'nonce: feb6acb9-a532-428e-a4d6-c4e5515b4bc3' \
--header 'Origin: https://dhiraagu.com.mv' \
--data '{"number":"7654321"}'
```
---
## Responses
### Success — Prepaid (Reload)
```json
{
"respStatus": "OK",
"serviceDetails": [
{
"prepaidIndicator": "Y",
"serviceType": "GSM"
}
],
"accountOwnerInfo": {
"name": "Ahmed Mohamed",
"accountNo": "7654321"
}
}
```
| Field | Type | Description |
|---|---|---|
| `respStatus` | `string` | `"OK"` on success |
| `serviceDetails[0].prepaidIndicator` | `string` | `"Y"` = prepaid (reload), `"N"` = postpaid (bill pay) |
| `accountOwnerInfo.name` | `string` | Account holder's full name |
### Success — Postpaid (Bill Pay)
Same structure as above, with `prepaidIndicator: "N"`.
```json
{
"respStatus": "OK",
"serviceDetails": [
{
"prepaidIndicator": "N",
"serviceType": "GSM"
}
],
"accountOwnerInfo": {
"name": "Fatima Ali",
"accountNo": "7123456"
}
}
```
### Failure — Number Not Found
```json
{
"respStatus": "FAILED",
"respMessage": "Number not found"
}
```
`respStatus` is not `"OK"`. Treat any non-OK status as unsupported.
### Failure — Invalid / Expired Nonce
If the nonce is missing, invalid, or has already been used, the server returns an error response (non-OK status or HTTP 4xx). Re-fetch the Easy Pay page to get a fresh nonce.
---
## Result Mapping
| `prepaidIndicator` | Service |
|---|---|
| `"Y"` | Dhiraagu Reload |
| `"N"` | Dhiraagu Bill Pay |
| absent / other | Unsupported — fall back to Ooredoo lookup |
---
&nbsp;
---
[← README](README.md)
docs/dhiraaguapi/README.md
+100
View File
@@ -0,0 +1,100 @@
# Dhiraagu API Documentation
Reverse-engineered from traffic captures of the Dhiraagu Easy Pay web service (`dhiraagu.com.mv`).
---
## Overview
Dhiraagu exposes a number-lookup API used by their Easy Pay web page to validate mobile numbers before payment. The API uses a two-step flow:
1. **Nonce extraction** — fetch the Easy Pay HTML page and extract a one-time nonce token embedded in the page JavaScript.
2. **Number lookup** — POST the mobile number with the nonce to the IO API endpoint, which returns the account type and owner name.
The nonce is single-use and page-session-specific; it must be re-fetched for each lookup.
---
## Base URL
```
https://www.dhiraagu.com.mv
```
---
## Authentication Model
| Value | How obtained | How used |
|---|---|---|
| `nonce` | Extracted from Easy Pay page HTML | Sent as `nonce` request header on the lookup POST |
No persistent session or login is required. The nonce is valid for a single lookup request.
---
## Common Request Headers
```
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:150.0) Gecko/20100101 Firefox/150.0
Origin: https://dhiraagu.com.mv
```
The `User-Agent` header is required; requests without it are rejected by the server.
---
## Number Lookup Flow
```
Client Server
| |
| GET /services/easy-pay | ← fetch page to get nonce
|----------------------------------------->|
| 200 OK (HTML page) |
| var nonce = "feb6acb9-a532-428e-..." |
|<-----------------------------------------|
| |
| POST /api/sdk-dhr-webapi.ashx |
| ?website_id=CA2BB809... |
| &sub=dhiraaguIO&act=infoUnlisted |
| nonce: feb6acb9-a532-428e-... |
| { "number": "7654321" } |
|----------------------------------------->|
| { respStatus: "OK", |
| serviceDetails: [{prepaidIndicator}], |
| accountOwnerInfo: { name } } |
|<-----------------------------------------|
```
---
## Result Interpretation
| `prepaidIndicator` | Meaning |
|---|---|
| `"Y"` | Prepaid — use **Dhiraagu Reload** |
| `"N"` | Postpaid — use **Dhiraagu Bill Pay** |
| absent / other | Number not found or unsupported |
---
## Applicable Numbers
Only Dhiraagu mobile numbers are returned by this API. Dhiraagu numbers in the Maldives start with **7** (7-digit local format, e.g. `7654321`).
---
## Documents
| # | File | Description |
|---|---|---|
| 1 | [Number Lookup](01-number-lookup.md) | Validate a Dhiraagu number and determine account type |
---
&nbsp;
---
> **Next →** [Number Lookup](01-number-lookup.md)
docs/ooredooapi/01-number-validation.md
+113
View File
@@ -0,0 +1,113 @@
# Number Validation
Validate an Ooredoo mobile number and determine its account type (prepaid, postpaid, or hybrid).
---
## Endpoint
```
GET https://www.ooredoo.mv/ooredoo-prod/QuickPayPackage/v1/numberTypeValidation
```
---
## Request
### Query Parameters
| Parameter | Value | Notes |
|---|---|---|
| `action` | `cust_details` | Always `cust_details` |
| `msisdn` | `9607654321` | Full MSISDN — country code `960` + 7-digit local number |
### curl Example
```bash
curl --request GET \
--url 'https://www.ooredoo.mv/ooredoo-prod/QuickPayPackage/v1/numberTypeValidation?action=cust_details&msisdn=9609654321'
```
---
## Responses
### Success — Prepaid
```json
{
"custType": "PRE",
"msisdn": "9609654321"
}
```
| Field | Type | Description |
|---|---|---|
| `custType` | `string` | `"PRE"` = prepaid customer |
| `msisdn` | `string` | The MSISDN that was queried |
→ Offer **Raastas** top-up only.
---
### Success — Postpaid
```json
{
"custType": "POST",
"msisdn": "9609123456"
}
```
→ Offer **Ooredoo Bill Pay** only.
---
### Success — Hybrid
```json
{
"custType": "HYBRID",
"msisdn": "9609789012"
}
```
→ Offer both **Raastas** and **Ooredoo Bill Pay**. The user must select which service to use.
---
### Failure — Number Not Found
```json
{
"custType": null,
"errorMessage": "Data Not Found",
"msisdn": "9609000000"
}
```
| Field | Type | Description |
|---|---|---|
| `custType` | `null` | Number is not an Ooredoo subscriber |
| `errorMessage` | `string` | `"Data Not Found"` |
Treat `custType: null` as unsupported — fall back to Dhiraagu lookup.
---
## Result Mapping
| `custType` | Service(s) |
|---|---|
| `"PRE"` | Raastas only |
| `"POST"` | Ooredoo Bill Pay only |
| `"HYBRID"` | Raastas + Ooredoo Bill Pay (show chip selector) |
| `null` / absent | Unsupported — fall back to Dhiraagu lookup |
---
&nbsp;
---
[← README](README.md)
docs/ooredooapi/README.md
+85
View File
@@ -0,0 +1,85 @@
# Ooredoo API Documentation
Reverse-engineered from traffic captures of the Ooredoo Quick Pay web service (`ooredoo.mv`).
---
## Overview
Ooredoo exposes a number-validation API used by their Quick Pay service to check mobile numbers before payment. It is a single unauthenticated GET request that returns the customer type for a given MSISDN.
The response determines which payment service to offer:
- **PRE** (prepaid) → Raastas top-up only
- **POST** (postpaid) → Ooredoo Bill Pay only
- **HYBRID** → both Raastas and Ooredoo Bill Pay (user must choose)
- No match → number is not an Ooredoo number
---
## Base URL
```
https://www.ooredoo.mv
```
---
## Authentication Model
No authentication required. The endpoint is publicly accessible.
---
## Common Request Headers
No special headers are required. Standard HTTP/HTTPS headers apply.
---
## Number Lookup Flow
```
Client Server
| |
| GET /ooredoo-prod/QuickPayPackage/v1/ |
| numberTypeValidation |
| ?action=cust_details |
| &msisdn=9607654321 |
|------------------------------------------->|
| { custType: "PRE" } |
|<-------------------------------------------|
```
---
## Result Interpretation
| `custType` | Meaning |
|---|---|
| `"PRE"` | Prepaid — offer **Raastas** top-up |
| `"POST"` | Postpaid — offer **Ooredoo Bill Pay** |
| `"HYBRID"` | Both prepaid and postpaid — offer both (user selects) |
| `null` / absent | Not an Ooredoo number |
---
## Applicable Numbers
Only Ooredoo mobile numbers are returned by this API. Ooredoo numbers in the Maldives start with **9** (7-digit local format, e.g. `9654321`). The API expects the full MSISDN including country code `960`.
---
## Documents
| # | File | Description |
|---|---|---|
| 1 | [Number Validation](01-number-validation.md) | Validate an Ooredoo number and determine account type |
---
&nbsp;
---
> **Next →** [Number Validation](01-number-validation.md)