Finding Private APIs with Chrome Developer Tools

Will Y
4 min readJul 13, 2017

Every good project starts out with a good idea. Here was mine:

Why not integrate ratings within my college’s class registration page?

For the uninitiated, is a 3rd party site that lets students rate their professors.

In order to do this, I needed to search the professor’s name to RateMyProfessors (abbreviated as RMP) and get the professor’s data like average student rating, number of ratings etc. However, a slight problem presented itself — RMP didn’t have an API.

No public API, at least. Time to go digging on the actual RMP site and find some requests. Essentially, we want to find some actions on the RMP site that fires a request which returns the data of a specific professor, preferably in a nice JSON format, and get the details of said request so we can run it in code. Let’s head over to and hunt for some requests!

The Search Begins!

Now that we’re here, we need to think of an action that would take a professor’s name and give us their ratings. The obvious answer is searching up a professor using the search bar. RMP searches for professors as we type, so it has to return a JSON to display the results in the same page. Let’s navigate to my university’s page and open the search function:

Searching for professors

Now, let’s open up Chrome Developer Tools and click the Network tab:

Network tab open

If the network tab isn’t blank, hit the grey circle with the line through it to clear it. We want to isolate our action (searching) so we can find the request.

Now, let’s search up any professor. I’m going to be using my Econ 101 professor, “Fullenkamp”.

After searching

Immediately, requests populate the network tab. However, only one of them is of use to us.

The requests

It should be pretty obvious which request we want. However, in other cases it’s not so obvious, so you may have to click on each request one by one. For this case, we can tell just by observing the properties on the top row.

The first one has a failed status, not the one we want. The second has 307 status — not what we want since successful requests have a 2xx status. The third is a gif, not that either. But the last request looks promising. Its initiator is jQuery, which has AJAX functions — sounds like it could be a GET/POST request. Let’s click on it and check out its headers and response details.


Nice! The URL itself tells us we have the right request. Notice our search query “fullenkamp” in the middle of the second line. Furthermore, we have other goodies like “schoolid”, which indicates which school we searched from. What about the response? Let’s go ahead and click on the “response” tab:


Perfect! All the data we want is returned in a nice JSON response. Now we can open our code, copy and paste the URL into a GET request function, and replace “fullenkamp” in the URL with whatever professor we want.

The Ethics and Legality

There are a few conversations on how legal it is to use a fully accessible URL for unintended purposes. While a service may let you use its hidden API or remain unaware its API is being used in other ways, RateMyProfessors wasn’t one of them. A few days after testing my extension, I received this email:

Not wanting to cause any trouble, I complied with the email and binned the project. There are always risks when using private APIs (or anything private, really), so it would be a good idea to find an open alternative or ask for permission. Otherwise, stick to keeping a project small, and develop like it may be thrown out the next day.