Origin of tokens in Google trends API call

Question

When I download a CSV from a Google trends query (e.g. here), I see a HTTP GET request to

https://www.google.com/trends/api/widgetdata/multiline/csv
         


        

Answer 1

This token is generated for result widgets, each widget will have its own token.

Where is this token come from?

When page https://trends.google.com/trends/explore?q=trump is opened, an Ajax GET request is sent to https://trends.google.com/trends/api/explore, with query parameters:

In the response of this Ajax request, there is a widgets field which contains all result widget data. Each widget will have a unique token:

When Download CSV operation is triggered (on specific widget, GET request to https://trends.google.com/trends/api/widgetdata/multiline/csv), the token information of that widget is extracted and delivered as query parameter:

Please note the token in the response and the token in the download csv request is identical (for the same widget).

How is the token generated?

Theoretically, all random and unique string can be used as token to protect widget. Google may have its own algorithm.