Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/ivorpad/mercadona-cli/llms.txt

Use this file to discover all available pages before exploring further.

import-curl extracts a Bearer access token, cookie, and customer ID from a DevTools “Copy as cURL” export and caches them to ~/.mercadona/token.json. It is faster to set up than HAR import — no separate export step — but it provides no refresh token, so the session lasts only as long as the access token (approximately six weeks) with no automatic renewal. Use it for quick one-off authenticated commands; for ongoing use, switch to import-har.

Steps

1

Open DevTools on the Mercadona site

In your browser, navigate to tienda.mercadona.es and make sure you are logged in. Open DevTools (F12 or Cmd+Option+I on macOS) and switch to the Network tab.
2

Find an authenticated API request

Look for any request to /api/customers/… — for example, a cart fetch, a whoami-style call, or any endpoint that carries your authorization header. You can filter by typing /api/customers in the Network filter bar.If no such requests are visible, perform an action on the site (e.g. view your cart) to generate one.
3

Copy the request as cURL

Right-click the request in the Network panel → CopyCopy as cURL. Paste the clipboard contents into a file:
pbpaste > session.txt        # macOS
xclip -o > session.txt       # Linux (xclip)
Or open a text editor and save it as session.txt.
4

Run import-curl

Import the saved cURL command:
mercadona import-curl --file session.txt
To read from stdin directly (no intermediate file):
pbpaste | mercadona import-curl --file -
5

Verify authentication

mercadona whoami
Expected output:
ok — authenticated. customer id=<your-customer-id>

What import-curl extracts

The CLI parses the cURL command text using three regular expressions:
FieldSource in the cURL textExample pattern
Bearer tokenauthorization: Bearer … header-H 'authorization: Bearer eyJ…'
Cookie-b '…' / --cookie '…' flag, or -H 'cookie: …' header-b 'ak_bmsc=…'
Customer IDURL path /api/customers/<id>/.../api/customers/a1b2c3d4-.../
All three fields are written to ~/.mercadona/token.json (0600). The CLI prints only the length of the token and cookie to stderr — never the values — plus the non-secret customer ID. Example output:
imported session: token=312 chars, cookie=841 chars, customer=a1b2c3d4-...
→ verify with: mercadona whoami

Flag reference

FlagDefaultDescription
--file <path>- (stdin)File containing the cURL command. Use - or omit the flag to read from stdin.

Limitations

import-curl does not extract a refresh token — the authorization: Bearer … header carries only the short-lived access token, not the durable refresh token. The access token lasts approximately six weeks; once it expires, whoami starts returning 401 token_not_valid and all authenticated commands fail. There is no automatic renewal. When the token expires:
  1. Return to the browser, find another authenticated request to /api/customers/…, and re-run import-curl.
  2. Or upgrade to import-har to get a refresh token and automatic renewal.
For any setup you intend to use longer than once, prefer import-har. A single browser HAR export seeds a durable refresh token that renews headlessly on every future run — you never need to return to the browser unless Mercadona rotates the token server-side or you explicitly log out.

Build docs developers (and LLMs) love