momo-api
is an unofficial MoMo API written in Go. MoMo is currently #1 digital wallet and mobile payment service in Vietnam.
The API was last updated at Feb, 2023
. Since I've discontinued the development, I decided to open-source this one, have fun :D
momo-api
is provided "as is" without warranties. You assume all risks for legal compliance and licensing. No support is offered for installation or troubleshooting.
momo-api
should only be used for educational and personal projects.
- Edit
utils/constants.go
for phone configuration:- Device: either Android or iPhone (iPhone proves to be more stable)
- App version / App code: see the below section for guidance
The test file contains examples to work with the MoMo API.
Require following environment varables:
- test_phone: Your own phone
- test_pass: Password to login
- receiver_phone: The receiver's phone
- receiver_name: The receiver's name
- You have to store the state by your own (e.g: JSON serialization)
auth#VerifyPhone
should be sent first to validate session- Success: can skip authentication
- Failure: continue with OTP log-in
- MoMo session will expire after a certain time (currently unknown)
auth#RequestOTP
is used to request for OTPauth#VerifyOTP
is used to verify the OTP (given the OTP sent to your phone)auth#Login
is used to log in (given the password)
Note: MoMo disallows concurrent sessions over multiple devices. If you log in to a new device, the old sessions will be expired.
auth#Relogin
can be used to skip OTP and login (if use the same device)auth#Logout
to log out an account
chat/room_api.go
contains stuff to fetch room chatschat/message_api.go
contains stuff fetch message chats in a room
noti/api.go
contains stuff to fetch notifications
noti/trans.go
contains stuff to browse transactionsnoti#InitTransfer
to init the transaction (MoMo will pre-check available balance at this stage)noti#ConfirmTransfer
to confirm the transaction
- If you want to extend the API or simply change the app version, you have to touch the internal code of MoMo. This can be done by downloading the apk of MoMo and use a Java decompiler.
- To analyze the connection, install Charles to capture the packets (both in your phone & PC)
- Phone: connects to your PC's IP
- PC: acts as middleware to filter and analyze network activities
- All common MoMo endpoints are listed at
utils/constants.go
- MoMo uses SSL and some secure APIs may require additional encryption
- To find out the app version, check out the info of an arbitrary request to the MoMo servers
- To work on features, you have to check the network and look at the decompiled app code.
- The MoMo app contains a core written in Java and several modules written in React Native. The React Native module uses Hermes VM instructions so it is much harder to analyze. Recommend tool is https://github.com/P1sec/hermes-dec