Documentation Index
Fetch the complete documentation index at: https://mintlify.com/ivorpad/mercadona-cli/llms.txt
Use this file to discover all available pages before exploring further.
import-har is the preferred authentication method for Mercadona CLI. It parses a browser HAR export (an archive of all network activity captured by DevTools), extracts the refresh token from the POST /api/auth/tokens/ or POST /api/auth/social/google/ response, seeds it into ~/.mercadona/config.toml, and caches the full session — access token, cookie, and customer ID — to ~/.mercadona/token.json. From that point on, every 401 token_not_valid response triggers an automatic headless refresh and retry. You never need to open a browser again.
Steps
Sign in at tienda.mercadona.es in your browser
Open tienda.mercadona.es in your local browser on a residential IP — not from a cloud VM, serverless environment, or VPN exit node. Either authentication method works:
- Email + password — standard login form, resolves to
POST /api/auth/tokens/ - Google Sign-In — “Continuar con Google” button, resolves to
POST /api/auth/social/google/
refresh_token that import-har can extract. You only need to complete this step once.Export a HAR file from DevTools
While still on the site (stay on the logged-in page — do not close the tab):
- Open DevTools (
F12orCmd+Option+Ion macOS) - Switch to the Network tab
- Click the download icon (⤓) in the Network toolbar — the tooltip reads “Export HAR…”
- Save the file; the default name is usually
tienda.mercadona.es.har
What import-har does
import-har reads the HAR entirely in memory and scans it for Mercadona auth material:
- Auth responses — entries matching
/api/auth/with HTTP 200: extractsaccess_token,refresh_token,customer_id(email login) orcustomer_uuid(Google login). The request body — which contains the password — is deliberately never read. - Authenticated request headers — entries matching
mercadona.es/api/: extracts theAuthorization: Bearer …header (freshest access token) and theCookie:header (Akamai clearance). Also reads?wh=and?lang=query parameters to detect your warehouse and language.
- Writes
access_token,refresh_token,cookie, andcustomer_idto~/.mercadona/token.json(0600) — the cached session, usable immediately. - If
--saveistrue(the default), writes[auth] refresh_tokento~/.mercadona/config.toml(0600) so the CLI can refresh headlessly on every future run. - If a warehouse was detected in the HAR, saves it as
[defaults] warehouseinconfig.toml— authoritative for your delivery address, overridable with--wh. - If a language was detected and none was already set, saves it as
[defaults] lang.
Flag reference
| Flag | Default | Description |
|---|---|---|
--file <path> | "" (stdin) | Path to the .har file. Use - or omit the flag to read from stdin. Can also be passed as a positional argument. |
--save | true | Seed the extracted refresh token into ~/.mercadona/config.toml for headless auto-renewal. Set --save=false to cache the session only without touching config.toml. |
Example output
A successful import prints to stderr (secrets are never echoed — only lengths):(google/social login) instead of (password login).
If the HAR does not contain a login response — only authenticated API requests were captured — The session works immediately but cannot auto-renew. To get a refresh token, either re-export a HAR that includes the login request (log out, start recording, log in again), or copy the token from DevTools and seed it with
import-har falls back to extracting the Bearer token and cookie from request headers. In this case the output reads refresh=(none) and the CLI prints:set-refresh.