Back to Blog

Pwning on Foursquare

One of our newest team members, Sean Ryan recently got a new phone and has been talking up a storm about one of the latest internet fads called Foursquare. It’s basically an app that allows you to “check-in” at any business, restaurant, gym, etc. The person who checks in at a location the most times becomes the mayor of that location. Sean had become the mayor of all of our favorite locations nearby including a great soup place called Eddington’s and our neighbors Equity Corporate Housing.

I figured, I’m a developer, there’s got to be a way to beat the system and show Sean who’s boss. Usually mobile apps like this will need some sort of API to connect and communicate with the service’s servers, so I started searching. Sure enough, within a few minutes, I found the documentation here. Their API allows you to use basic authentication through HTTP, so this would be a breeze.

CURL is a program that allows you to issue very dynamic requests through HTTP. CURL has an option to specify a username and password in the HTTP request, and you can specify which location you want to check in to inside the URL. A simple command such as

curl -u username:password http://api.foursquare.com/v1/checkin?vid=xxx

would allow you to arbitrarily check in. Foursquare enforces rate limiting, so we can’t checkin 100 times in a row. That’s where cron comes in handy, which allows me to checkin every hour and make sure that I’m the mayor and Sean isn’t.