MPA test surface

Endpoint Reference

Guest session

Protected endpoint map

MPA Endpoint Reference

These endpoints receive native HTML form POSTs (not XHR/JSON). Each successful submission results in an HTTP redirect, creating a distinct two-request pattern that bot defenses can inspect: the POST and the subsequent page navigation.

Scenario Method Endpoint Triggered by Bot behavior to test
Credential stuffing POST /mpa/api/login Login form submit Form-encoded credential stuffing, cookie-jar session tracking, redirect following.
Fake registration POST /mpa/api/register Registration form submit Automated signup with form encoding, disposable email patterns, repeated requests.
Catalog scraping GET /mpa/api/catalog Direct endpoint request JSON API scraping alongside HTML page scraping at /mpa/catalog.
Search automation POST /mpa/api/catalog/search Catalog search or sort Form-encoded search enumeration, POST+redirect patterns, repeated query automation.
Catalog carting POST /mpa/api/cart/add Product add-to-cart Cart cookie manipulation, product hoarding, cookie-jar state across page loads.
Sneaker bot POST /mpa/api/drop/add-to-cart Sneaker Drop add-to-cart Rapid size probing with form POSTs, queue bypass, redirect-loop automation.
Carding POST /mpa/api/payment Payment form submit Form-encoded card submissions, checkout automation with cookie session state.
Gift card cracking POST /mpa/api/gift-card/check Gift Card form submit High-velocity form-encoded PIN enumeration, balance lookup automation.
Form abuse POST /mpa/api/comments Comments form submit Spam posting via form encoding, synthetic identity, high-volume submission.