This page documents the backend API endpoints discovered through APK analysis.
| Endpoint | Method | Description |
|---|
/api/appClient/v1/login/pwdLogin | POST | Password login (RSA encrypted) |
/api/appClient/v1/login/codeLogin | POST | SMS code login |
/api/appClient/v1/login/sendLoginCode | POST | Request SMS code |
/api/appClient/v1/login/appleUserLogin | POST | Apple Sign-In |
/api/appClient/v1/login/googleUserLogin | POST | Google Sign-In |
/api/appClient/v1/login/temporaryLogin | POST | Anonymous login |
| Endpoint | Method | Description |
|---|
/auth/rsaPublicKey | GET | Get RSA key for password encryption |
/auth/refreshToken | GET | Refresh access token |
/auth/logout | DELETE | End session |
┌─────────────┐ ┌──────────────────┐
│ Client │ │ app.huepar.com │
└──────┬──────┘ └────────┬─────────┘
| Endpoint | Method | Description |
|---|
/api/appClient/v1/user/userDetail | GET | Get user profile |
/api/appClient/v1/user/updateAvatar | POST | Update profile picture |
/api/appClient/v1/user/updateUsername | POST | Change username |
/api/appClient/v1/user/useTemporary | POST | Convert temp account |
/api/appClient/v1/user/changeBindEmail | POST | Change email |
/api/appClient/v1/user/changeBindPhone | POST | Change phone |
/api/appClient/v1/user/unbind | POST | Unlink account |
/api/appClient/v1/user/accountOperation | POST | Account operations |
/api/appClient/v1/user/accountOperation/relatedAccounts | GET | Linked accounts |
| Endpoint | Method | Auth | Description |
|---|
/api/appClient/v1/product/loadProductTree | GET | No | Product catalog |
/api/appClient/v1/device/connected/{id} | GET | Yes | Connected device list |
Endpoint: GET /api/appClient/v1/product/loadProductTree
No Authentication Required
Response:
"imgUrl": "https://m.media-amazon.com/images/...",
Laser Rangefinder Models:
| Series | Models |
|---|
| Standard | LM50A, LM100A, LM120A |
| S-Series | S60, S80-G, S100, S100-G, S120-G |
| X6 Series | X6-LM50, X6-LM100, X6-LM120 |
| S2 Series | S2-LM60, S2-LM100 |
| Compact | DT30 |
| Endpoint | Method | Description |
|---|
/api/appClient/v1/posts/list | GET | List posts |
/api/appClient/v1/posts/createPost | POST | Create post |
/api/appClient/v1/posts/delete | DELETE | Delete post |
/api/appClient/v1/posts/commentList | GET | List comments |
/api/appClient/v1/posts/commentAdd | POST | Add comment |
/api/appClient/v1/posts/commentDelete | DELETE | Delete comment |
/api/appClient/v1/posts/data/likeCount | PUT | Like post |
/api/appClient/v1/posts/data/collectionCount | PUT | Bookmark post |
/api/appClient/v1/posts/topicList | GET | List topics |
| Endpoint | Method | Description |
|---|
/api/appClient/v1/file/qcloudCos/getToken | GET | Get upload token |
/api/appClient/v1/file/qcloudCos/addCloudFile | POST | Register file |
/api/appClient/v1/file/qcloudCos/BBS_USER_AVATAR | POST | Upload avatar |
| Provider | Usage | Region |
|---|
| Tencent Cloud (qcloudCos) | User uploads | China |
| Amazon CloudFront | Product images | Global |
| Endpoint | Method | Description |
|---|
/api/appClient/v1/event/push/{id} | POST | Push event (telemetry) |
Not Available
Finding: No OTA firmware update system exists for laser distance meters.
Evidence:
- ❌ No DFU endpoints in API
- ❌ No firmware download URLs in APK
- ❌ No Nordic DFU / BLE OTA code
- ❌ Product tree contains only marketing images
Conclusion: Devices are not field-upgradeable via app.
webClientId: '218951563723-ss131ic3rj00hj5hb52hagl313aqok67.apps.googleusercontent.com',
iosClientId: '218951563723-qti3leqvmlbjbmoc78m72esfldl34g0d.apps.googleusercontent.com',
scopes: ['https://www.googleapis.com/auth/drive']
Email: support@huepar.com
