We’re looking for an experienced API specialist to help us analyze and document an older, poorly documented API used by a large gaming platform. The goal is to understand how to: Detect newly created user accounts (global level). Retrieve public profile data such as nickname, ID, and metadata. Identify how automated messages can be sent through the same API. Some endpoints are partially known, others are hidden behind web requests or GraphQL queries. The API mixes HTML-in-JSON responses and inconsistent authentication behavior (cookie-based / token). We’re not looking for a finished script right now — we need someone who can dig into the network traffic, identify undocumented endpoints, test queries, and produce a short technical summary of how the API can be used safely and reliably. Requirements: Strong experience in API reverse-engineering and request tracing (browser devtools, Postman, curl, etc.) Familiarity with cookies, tokens, and session authentication Optional: experience with legacy or undocumented APIs in gaming or social platforms Deliverable: A short technical report (or Postman collection) describing discovered endpoints, required headers/auth, and recommended request patterns.