POST https://lsapi.flysas.com/api/retro-r...ation/eb-retro HTTP/1.1
Host: lsapi.flysas.com
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br, zstd
Content-Type: application/json
authorization: Bearer BEARERTOKEN
authtoken: COOKIETOKEN
membertoken: COOKIETOKEN
Ocp-Apim-Subscription-Key: d109ae4a27a8468a91a700db965d0b1b
x-request-id: d43eae7a-7d65-44c5-bb3c-d1ed83bd4c8b
Content-Length: 1176
Origin: https://www.sas.no
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Priority: u=0

{"flights":[{"airlineCode":"KL","ticketNumber":"TICKETNUMBER", "firstName":"FIRSTNAME","lastName":"LASTNAME","boo kingClass":"J","departureDate":"2024-10-01","flightNumber":"123","destinationAirport":"BBB ","originAirport":"AAA"}],"recaptcha":{"token":"RECAPTCHATOKEN"},"ipqs":{"r equestId":"SCRIPT_BLOCKED"}}

BEARERTOKEN: This is returned by the https://sasgrowth.azure-api.net/api/profile/auth/login endpoint
COOKIETOKEN: This is the value of the LOGIN_AUTH cookie
Ocp-Apim-Subscription-Key: This is some key that is relevant for SAS' Azure subscription. Don't change this.
X-Request-Id: This is just a random GUID, its contents don't matter - you can create one on https://guidgenerator.com if you like
airlineCode: The code of the airline you're claming, e.g. KL for a KLM flight KL123
ticketNumber: The ticketnumber, all digits, no dashes, e.g. 1234567890123
firstName: Your first name
lastName: Your last name
booking class: The booking class of your ticket
departureDate: The departure date of your flight
flightNumber: The flight number of your flight, e.g. 123 for a flight KL123
destinationAirport: The destination airport code (three letters)
originAirport: The origin airport code (three letters)
RECAPTCHATOKEN: The token returned by the https://www.google.com/recaptcha/api2/userverify endpoint. It returns something like this:
["uvresp","RECAPTCHATOKEN",1,120,null,null,null,nul l,null,"TOKEN_TO_IGNORE",null,0]
We only care about the first token.

curl --location 'https://lsapi.flysas.com/api/retro-registration/eb-retro' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer BEARERTOKEN' \
--header 'authtoken: COOKIETOKEN' \
--header 'membertoken: COOKIETOKEN' \
--header 'Ocp-Apim-Subscription-Key: d109ae4a27a8468a91a700db965d0b1b' \
--header 'x-request-id: 863c1a94-fe13-4a0c-bc06-2b22ec4f3fff' \
--header 'Origin: https://www.sas.no' \
--header 'Sec-Fetch-Dest: empty' \
--header 'Sec-Fetch-Mode: cors' \
--header 'Sec-Fetch-Site: cross-site' \
--header 'Priority: u=0' \
--data '{"flights":[{"airlineCode":"KL","ticketNumber":"1234567890123" ,"firstName":"James","lastName":"Bond","bookingCla ss":"J","departureDate":"2024-10-01","flightNumber":"123","destinationAirport":"CDG ","originAirport":"AMS"}],"recaptcha":{"RECAPTCHATOKEN"},"ipqs":{"requestId ":"SCRIPT_BLOCKED"}}'