Providers:
foodora(working)deliveroo(work in progress; requiresDELIVEROO_BEARER_TOKEN)
Concepts (shared CLI UX; provider-specific implementations):
history(past orders)orders(active orders)order/history show(details)
Config lives in your OS config dir by default; override for testing:
./ordercli --config /tmp/ordercli.json foodora config showgo test ./...
go build ./cmd/ordercliBundled presets (from the APK):
./ordercli foodora countries
./ordercli foodora config set --country HU
./ordercli foodora config set --country AT
./ordercli foodora config showManual:
./ordercli foodora config set --base-url https://hu.fd-api.com/api/v5/ --global-entity-id NP_HU --target-iso HUoauth2/token needs a client_secret (the app fetches it via remote config). ordercli auto-fetches it on first use and caches it locally.
Optional override (keeps secrets out of shell history):
export FOODORA_CLIENT_SECRET='...'
./ordercli foodora login --email [email protected] --password-stdinIf MFA triggers and you're running in a TTY, ordercli prompts for the OTP code and retries automatically. Otherwise it stores the MFA token locally and prints a safe retry command (--otp <CODE>).
Some regions (e.g. Austria/mjam mj.fd-api.com) expect app-style headers like X-FP-API-KEY / App-Name / app User-Agent. ordercli uses an app-like header profile for AT by default.
For corporate flows, you can override the OAuth client_id:
./ordercli foodora login --email [email protected] --client-id corp_android --password-stdinSome regions (e.g. Austria/mjam mj.fd-api.com) may return Cloudflare HTML (HTTP 403) for plain Go HTTP clients.
Use an interactive Playwright session (you solve the challenge in the opened browser window; no auto-bypass):
./ordercli foodora login --email [email protected] --password-stdin --browserPrereqs: node + npx available. First run may download Playwright + Chromium.
Tip: use a persistent profile to keep browser cookies/storage between runs (reduces re-challenges):
./ordercli foodora login --email [email protected] --password-stdin --browser --browser-profile "$HOME/Library/Application Support/ordercli/browser-profile"If you already solved bot protection / logged in in Chrome, you can import the cookies for the current base_url host:
./ordercli foodora cookies chrome --profile "Default"
./ordercli foodora ordersIf the bot cookies live on the website domain (e.g. https://www.foodora.at/), import from there and store them for the API host:
./ordercli foodora cookies chrome --url https://www.foodora.at/ --profile "Default"If you have multiple profiles, try --profile "Profile 1" (or pass a profile path / Cookies DB via --cookie-path).
If you’re logged in on the website in Chrome, you can import refresh_token + device_token and then refresh to an API access token:
./ordercli foodora session chrome --url https://www.foodora.at/ --profile "Default"
./ordercli foodora session refresh --client-id android
./ordercli foodora historyIf session refresh errors with “refresh token … not found”, that site session isn’t valid for your configured base_url (common for some regions).
./ordercli foodora orders
./ordercli foodora orders --watch
./ordercli foodora history
./ordercli foodora history --limit 50
./ordercli foodora history show <orderCode>
./ordercli foodora history show <orderCode> --json
./ordercli foodora order <orderCode>
./ordercli foodora logoutSafe default (preview only):
./ordercli foodora reorder <orderCode>Actually call orders/{orderCode}/reorder (adds to cart; does not place an order):
./ordercli foodora reorder <orderCode> --confirmIf you have multiple saved addresses, you must pick one:
./ordercli foodora reorder <orderCode> --confirm --address-id <id>Requires a valid bearer token (no bypass). Optional cookie for extra auth.
export DELIVEROO_BEARER_TOKEN='...'
export DELIVEROO_COOKIE='...' # optional
./ordercli deliveroo config set --market uk
./ordercli deliveroo history
./ordercli deliveroo orders # best-effort: history --state activeThis talks to private APIs. Use at your own risk; rate limits / bot protection may block requests.