Documentation Index
Fetch the complete documentation index at: https://mintlify.com/ivorpad/mercadona-cli/llms.txt
Use this file to discover all available pages before exploring further.
set-refresh writes a refresh token directly to [auth] refresh_token in ~/.mercadona/config.toml. Use it when you already have the token — copied from a DevTools network response or from browser local storage — and want to skip the full HAR export step. Once seeded, every authenticated command auto-refreshes the session on 401 token_not_valid with no browser interaction required.
How to get your refresh token
There are two ways to find the refresh token in a logged-in browser session: From the network response (most reliable):- Open DevTools (
F12orCmd+Option+I) → Network tab - Log out and log back in on tienda.mercadona.es, or filter the Network panel for
tokens - Find the
POST /api/auth/tokens/request (email login) orPOST /api/auth/social/google/(Google login) - Click the request → Response (or Preview) tab
- Copy the value of the
refresh_tokenfield from the JSON body
- In a logged-in tab, open DevTools → Application tab → Local Storage →
https://tienda.mercadona.es - Look for a key that stores the auth session (the exact key name may vary) and find the
refresh_tokenvalue
Seeding the token
Always prefer--stdin to keep the token out of your shell history and the process argument list:
Flag reference
| Flag | Description |
|---|---|
--stdin | Read the refresh token from stdin. Keeps the token out of the process argument vector (argv) and shell history. Recommended whenever the token is available on stdin. |
What happens after seeding
set-refresh writes the following section to ~/.mercadona/config.toml (creating the file at 0600 permissions if it does not exist):
~/.mercadona/token.json, it calls POST /api/auth/tokens/ with {refresh_token}, stores the returned access_token (and any rotated refresh_token) back to token.json, and proceeds. The original request is retried transparently — no further action is needed.
When to re-seed
The refresh token is durable but not permanent. You will need to perform a fresh browser login and re-seed in these situations:- You explicitly logged out in the browser — Mercadona invalidates the refresh token server-side on logout.
- Server-side rotation — Mercadona may rotate refresh tokens periodically. The CLI rotates its local copy on every use (writing the new value back to
token.json), but if the stored token has been invalidated remotely, the refresh call returns401and the CLI cannot recover automatically. whoamikeeps failing after an auto-refresh attempt — this signals the refresh token itself is no longer valid.
refresh_token from the POST /api/auth/tokens/ response, and re-run: