The task centers on uncovering and integrating the hidden APIs that drive Goethe’s web platform. By inspecting live network traffic, isolating calls, and reverse-engineering request signatures, the goal is to reveal every endpoint required for user authentication, profile management, content and media retrieval, and transaction or payment flows. A solid command of both Python and JavaScript is essential because the proof-of-concept will be delivered in either language (or a mix of both) to demonstrate real-world calls against the newly documented endpoints. Experience dissecting undocumented APIs, tracing obfuscated parameters, and solving unexpected roadblocks will be put to use throughout the engagement. Deliverables • A clearly structured endpoint map, including methods, required headers, parameters, sample payloads, and typical responses. • A runnable script or small module (Python or JavaScript/Node.js) that: – Logs a user in and retrieves profile data. – Pulls at least one piece of content/media. – Executes or emulates a transaction request. • Concise technical notes outlining the discovery approach and any remaining limitations or rate-limits detected. Completion is accepted when the code runs end-to-end on my machine, reproduces the documented results, and the endpoint map allows further expansion without additional reverse-engineering.