Skip to content

Instantly share code, notes, and snippets.

@eyecatchup
Last active July 3, 2026 13:12
Show Gist options
  • Select an option

  • Save eyecatchup/2d700122e24154fdc985b7071ec7764a to your computer and use it in GitHub Desktop.

Select an option

Save eyecatchup/2d700122e24154fdc985b7071ec7764a to your computer and use it in GitHub Desktop.
Calculate SAPISIDHASH
// Generates the SAPISIDHASH token Google uses in the Authorization header of some API requests
async function getSApiSidHash(SAPISID, origin) {
function sha1(str) {
return window.crypto.subtle.digest("SHA-1", new TextEncoder("utf-8").encode(str)).then(buf => {
return Array.prototype.map.call(new Uint8Array(buf), x=>(('00'+x.toString(16)).slice(-2))).join('');
});
}
const TIMESTAMP_MS = Date.now();
const digest = await sha1(`${TIMESTAMP_MS} ${SAPISID} ${origin}`);
return `${TIMESTAMP_MS}_${digest}`;
}
const SAPISIDHASH = await getSApiSidHash(document.cookie.split('SAPISID=')[1].split('; ')[0], 'https://photos.google.com');
console.log(SAPISIDHASH);
@a-pav

a-pav commented Jul 3, 2026

Copy link
Copy Markdown

This has stopped working for me on youtube. document.cookie has no SAPISID key in it.

document.cookie.includes('SAPISID=') // false

Although I can see that the hash is still present in Authorization header of requests made by the browser.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment