amitness · June 9, 2026 06:53
diff --git a/get_authkey.py b/get_authkey.py
 #!/usr/bin/env -S uv run
 # /// script
 # dependencies = ["curl-cffi"]
 # ///
 import base64

 from curl_cffi import requests

 s = requests.Session(impersonate="chrome")

 # Note: trailing slash matters! Auth must have it, device list must NOT.
 auth_base = "https://c.fossil.com/v2.1/rpc/auth/"  # use for fossil watches
 device_base = (
    "https://c.fossil.com/v2/users/me/devices"  # no trailing slash, v2 not v2.1
 )

 # For Skagen:
 # auth_base = "https://api.skagen.linkplatforms.com/v2.1/rpc/auth/"
 # device_base = "https://api.skagen.linkplatforms.com/v2/users/me/devices"

 # For Citizen:
 # auth_base = "https://api.citizen.linkplatforms.com/v2.1/rpc/auth/"
 # device_base = "https://api.citizen.linkplatforms.com/v2/users/me/devices"

 # Login
 payload = {
    "clientId": "unknown",
    "email": "<email>",
    "password": "<password>",
 }
 headers = {"x-ratelimit-value": "<enter-email>"}

 response = s.post(auth_base + "login", json=payload, headers=headers)
 if response.status_code < 300:
    token = response.json()["accessToken"]
 else:
    print(response.status_code, response.text)
    raise Exception(f"Bad status code: {response.status_code}")

 auth_headers = {"Authorization": "Bearer " + token}

 # Get list of devices
 response = s.get(device_base, headers=auth_headers)
 if response.status_code >= 300:
    print(response.text)
    raise Exception(f"Bad status code: {response.status_code}")

 devices = response.json()["_items"]

 # Fetch secret key for each device individually
 for dev in devices:
    dev_id = dev["id"]
    resp = s.get(f"{device_base}/{dev_id}/secret-key", headers=auth_headers)
    if resp.status_code < 300:
        secret_key_b64 = resp.json()["secretKey"]
    else:
        print(f"  Failed to get key for {dev_id}: {resp.status_code}")
        continue

    key_bytes = base64.b64decode(secret_key_b64)
    key = key_bytes.hex()[:32]
    print(dev_id, key)
	#!/usr/bin/env -S uv run
	# /// script
	# dependencies = ["curl-cffi"]
	# ///
	import base64

	from curl_cffi import requests

	s = requests.Session(impersonate="chrome")

	# Note: trailing slash matters! Auth must have it, device list must NOT.
	auth_base = "https://c.fossil.com/v2.1/rpc/auth/" # use for fossil watches
	device_base = (
	"https://c.fossil.com/v2/users/me/devices" # no trailing slash, v2 not v2.1
	)

	# For Skagen:
	# auth_base = "https://api.skagen.linkplatforms.com/v2.1/rpc/auth/"
	# device_base = "https://api.skagen.linkplatforms.com/v2/users/me/devices"

	# For Citizen:
	# auth_base = "https://api.citizen.linkplatforms.com/v2.1/rpc/auth/"
	# device_base = "https://api.citizen.linkplatforms.com/v2/users/me/devices"

	# Login
	payload = {
	"clientId": "unknown",
	"email": "<email>",
	"password": "<password>",
	}
	headers = {"x-ratelimit-value": "<enter-email>"}

	response = s.post(auth_base + "login", json=payload, headers=headers)
	if response.status_code < 300:
	token = response.json()["accessToken"]
	else:
	print(response.status_code, response.text)
	raise Exception(f"Bad status code: {response.status_code}")

	auth_headers = {"Authorization": "Bearer " + token}

	# Get list of devices
	response = s.get(device_base, headers=auth_headers)
	if response.status_code >= 300:
	print(response.text)
	raise Exception(f"Bad status code: {response.status_code}")

	devices = response.json()["_items"]

	# Fetch secret key for each device individually
	for dev in devices:
	dev_id = dev["id"]
	resp = s.get(f"{device_base}/{dev_id}/secret-key", headers=auth_headers)
	if resp.status_code < 300:
	secret_key_b64 = resp.json()["secretKey"]
	else:
	print(f" Failed to get key for {dev_id}: {resp.status_code}")
	continue

	key_bytes = base64.b64decode(secret_key_b64)
	key = key_bytes.hex()[:32]
	print(dev_id, key)
No results found