Must be old fashioned, not seeing the need.<p>My flow was always:<p>1) Look at the site (nowadays using your browser console)<p>2) Evaluate whether the "interesting" data is server-side or client side. Seems nowadays a client side request is more normal, typically resulting in structured data.<p>3) "copy as curl"<p>4) Code<p>Admit I have never used Charles or heard of it. The mobile app debugging looks useful though I have used a MITM proxy in the past for the same advantages.<p>Generally the process is simply that, figuring out the requests of a site. More effort may be needed to circumvent rate limiting, but to me that's an almost entirely separate issue.
Charles was my go-to. After the lifetime license expired I surveyed what was available and settled on OWASP's ZED/ZAP. <a href="https://owasp.org/www-project-zap/" rel="nofollow">https://owasp.org/www-project-zap/</a><p>For the Charles license, I got many years of service from, I think, $40. If the product fits you, I suggest it.