Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/steipete/ordercli

CLI for Foodora and Deliveroo
https://github.com/steipete/ordercli

cli deliveroo foodora

Last synced: 3 months ago
JSON representation

CLI for Foodora and Deliveroo

Awesome Lists containing this project

README 

          
# 🛵 ordercli — Your takeout timeline, in the terminal.



Providers:

- `foodora` (working)

- `deliveroo` (work in progress; requires `DELIVEROO_BEARER_TOKEN`)



Concepts (shared CLI UX; provider-specific implementations):

- `history` (past orders)

- `orders` (active orders)

- `order` / `history show` (details)



Config lives in your OS config dir by default; override for testing:



```sh

./ordercli --config /tmp/ordercli.json foodora config show

```



## Build



```sh

go test ./...

go build ./cmd/ordercli

```



## foodora



### Configure country / base URL



Bundled presets (from the APK):



```sh

./ordercli foodora countries

./ordercli foodora config set --country HU

./ordercli foodora config set --country AT

./ordercli foodora config show

```



Manual:



```sh

./ordercli foodora config set --base-url https://hu.fd-api.com/api/v5/ --global-entity-id NP_HU --target-iso HU

```



### Login



`oauth2/token` needs a `client_secret` (the app fetches it via remote config). `ordercli` auto-fetches it on first use and caches it locally.



Optional override (keeps secrets out of shell history):



```sh

export FOODORA_CLIENT_SECRET='...'

./ordercli foodora login --email you@example.com --password-stdin

```



If MFA triggers and you're running in a TTY, `ordercli` prompts for the OTP code and retries automatically. Otherwise it stores the MFA token locally and prints a safe retry command (`--otp `).



### Client headers



Some regions (e.g. Austria/mjam `mj.fd-api.com`) expect app-style headers like `X-FP-API-KEY` / `App-Name` / app `User-Agent`. `ordercli` uses an app-like header profile for `AT` by default.



For corporate flows, you can override the OAuth `client_id`:



```sh

./ordercli foodora login --email you@example.com --client-id corp_android --password-stdin

```



### Cloudflare / bot protection



Some regions (e.g. Austria/mjam `mj.fd-api.com`) may return Cloudflare HTML (`HTTP 403`) for plain Go HTTP clients.



Use an interactive Playwright session (you solve the challenge in the opened browser window; no auto-bypass):



```sh

./ordercli foodora login --email you@example.com --password-stdin --browser

```



Prereqs: `node` + `npx` available. First run may download Playwright + Chromium.



Tip: use a persistent profile to keep browser cookies/storage between runs (reduces re-challenges):



```sh

./ordercli foodora login --email you@example.com --password-stdin --browser --browser-profile "$HOME/Library/Application Support/ordercli/browser-profile"

```



### Import cookies from Chrome (no browser run)



If you already solved bot protection / logged in in Chrome, you can import the cookies for the current `base_url` host:



```sh

./ordercli foodora cookies chrome --profile "Default"

./ordercli foodora orders

```



If the bot cookies live on the website domain (e.g. `https://www.foodora.at/`), import from there and store them for the API host:



```sh

./ordercli foodora cookies chrome --url https://www.foodora.at/ --profile "Default"

```



If you have multiple profiles, try `--profile "Profile 1"` (or pass a profile path / Cookies DB via `--cookie-path`).



### Import session from Chrome (no password)



If you’re logged in on the website in Chrome, you can import `refresh_token` + `device_token` and then refresh to an API access token:



```sh

./ordercli foodora session chrome --url https://www.foodora.at/ --profile "Default"

./ordercli foodora session refresh --client-id android

./ordercli foodora history

```

If `session refresh` errors with “refresh token … not found”, that site session isn’t valid for your configured `base_url` (common for some regions).



### Orders



```sh

./ordercli foodora orders

./ordercli foodora orders --watch

./ordercli foodora history

./ordercli foodora history --limit 50

./ordercli foodora history show 

./ordercli foodora history show  --json

./ordercli foodora order 

./ordercli foodora logout

```



### Reorder (add to cart)



Safe default (preview only):



```sh

./ordercli foodora reorder 

```



Actually call `orders/{orderCode}/reorder` (adds to cart; does not place an order):



```sh

./ordercli foodora reorder  --confirm

```



If you have multiple saved addresses, you must pick one:



```sh

./ordercli foodora reorder  --confirm --address-id 

```



## deliveroo (WIP)



`history` still requires a valid bearer token. `orders` can now fall back to a public Deliveroo status/share page from your local browser history.



```sh

export DELIVEROO_BEARER_TOKEN='...'

export DELIVEROO_COOKIE='...' # optional

./ordercli deliveroo config set --market uk

./ordercli deliveroo history

./ordercli deliveroo orders # bearer-token path if set

./ordercli deliveroo orders --browser atlas

./ordercli deliveroo orders --status-url 'https://deliveroo.co.uk/orders/.../status?...'

```



`orders` looks for the most recent Deliveroo status URL in Atlas or Chrome history when no bearer token is present, then renders the page in headless Chromium and extracts the order details.



## Safety



This talks to private APIs. Use at your own risk; rate limits / bot protection may block requests.