These endpoints receive native HTML form POSTs (not XHR/JSON). Each successful submission results in an HTTP redirect, creating a distinct two-request pattern that bot defenses can inspect: the POST and the subsequent page navigation.
| Scenario | Method | Endpoint | Triggered by | Bot behavior to test |
|---|---|---|---|---|
| Credential stuffing | POST |
/mpa/api/login |
Login form submit | Form-encoded credential stuffing, cookie-jar session tracking, redirect following. |
| Fake registration | POST |
/mpa/api/register |
Registration form submit | Automated signup with form encoding, disposable email patterns, repeated requests. |
| Catalog scraping | GET |
/mpa/api/catalog |
Direct endpoint request | JSON API scraping alongside HTML page scraping at /mpa/catalog. |
| Search automation | POST |
/mpa/api/catalog/search |
Catalog search or sort | Form-encoded search enumeration, POST+redirect patterns, repeated query automation. |
| Catalog carting | POST |
/mpa/api/cart/add |
Product add-to-cart | Cart cookie manipulation, product hoarding, cookie-jar state across page loads. |
| Sneaker bot | POST |
/mpa/api/drop/add-to-cart |
Sneaker Drop add-to-cart | Rapid size probing with form POSTs, queue bypass, redirect-loop automation. |
| Carding | POST |
/mpa/api/payment |
Payment form submit | Form-encoded card submissions, checkout automation with cookie session state. |
| Gift card cracking | POST |
/mpa/api/gift-card/check |
Gift Card form submit | High-velocity form-encoded PIN enumeration, balance lookup automation. |
| Form abuse | POST |
/mpa/api/comments |
Comments form submit | Spam posting via form encoding, synthetic identity, high-volume submission. |