Documentation Index
Fetch the complete documentation index at: https://mintlify.com/ivorpad/mercadona-cli/llms.txt
Use this file to discover all available pages before exploring further.
import-curl extracts a Bearer access token, cookie, and customer ID from a DevTools “Copy as cURL” export and caches them to ~/.mercadona/token.json. It is faster to set up than HAR import — no separate export step — but it provides no refresh token, so the session lasts only as long as the access token (approximately six weeks) with no automatic renewal. Use it for quick one-off authenticated commands; for ongoing use, switch to import-har.
Steps
Open DevTools on the Mercadona site
In your browser, navigate to tienda.mercadona.es and make sure you are logged in. Open DevTools (
F12 or Cmd+Option+I on macOS) and switch to the Network tab.Find an authenticated API request
Look for any request to
/api/customers/… — for example, a cart fetch, a whoami-style call, or any endpoint that carries your authorization header. You can filter by typing /api/customers in the Network filter bar.If no such requests are visible, perform an action on the site (e.g. view your cart) to generate one.Copy the request as cURL
Right-click the request in the Network panel → Copy → Copy as cURL. Paste the clipboard contents into a file:Or open a text editor and save it as
session.txt.What import-curl extracts
The CLI parses the cURL command text using three regular expressions:| Field | Source in the cURL text | Example pattern |
|---|---|---|
| Bearer token | authorization: Bearer … header | -H 'authorization: Bearer eyJ…' |
| Cookie | -b '…' / --cookie '…' flag, or -H 'cookie: …' header | -b 'ak_bmsc=…' |
| Customer ID | URL path /api/customers/<id>/ | .../api/customers/a1b2c3d4-.../ |
~/.mercadona/token.json (0600). The CLI prints only the length of the token and cookie to stderr — never the values — plus the non-secret customer ID.
Example output:
Flag reference
| Flag | Default | Description |
|---|---|---|
--file <path> | - (stdin) | File containing the cURL command. Use - or omit the flag to read from stdin. |
Limitations
import-curl does not extract a refresh token — the authorization: Bearer … header carries only the short-lived access token, not the durable refresh token. The access token lasts approximately six weeks; once it expires, whoami starts returning 401 token_not_valid and all authenticated commands fail. There is no automatic renewal.
When the token expires:
- Return to the browser, find another authenticated request to
/api/customers/…, and re-runimport-curl. - Or upgrade to
import-harto get a refresh token and automatic renewal.