Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
Show HN: CLI to order groceries via reverse-engineered REWE API (Haskell)(github.com)
127 points by wazHFsRy 2 days ago | 48 comments

I just had the best time learning about the REWE (German supermarket chain) API, how they use mTLS and what the workflows are. Also `mitmproxy2swagger`[1] is a great tool to create OpenAPI spec automatically.

And then 2026 feels like the perfect time writing Haskell. The code is handwritten, but whenever I got stuck with the build system or was just not getting the types right, I could fall back to ask AI to unblock me. It was never that smooth before.

Finally the best side projects are the ones you actually use and this one will be used for all my future grocery shopping.

[1]https://github.com/alufers/mitmproxy2swagger

volume_tech 3 minutes ago | parent | next [-]

the mTLS part is interesting. they're using it not for security in the traditional sense -- REWE knows what their own app is doing -- but as a fingerprinting mechanism. the client cert is how they distinguish their official app from third-party access. the weak point is that the cert has to live somewhere in the app binary, which is why mitmproxy can intercept it. it's less about encryption and more about making ToS enforcement slightly harder.

Bewelge 4 hours ago | parent | prev | next [-]

Cool project, but have mixed feelings about publishing ever easier ways to access this API. They've locked down the API a while ago for a reason.

Also there already exists this reverse engineered project: https://github.com/ByteSizedMarius/rewerse-engineering/

I do have a suggestion for your app though: Have it compare your basket of goods across different markets in your region to show you the cheapest option. I'm pretty sure this possibility is actually one of the reasons they locked down the API.

I've used Data from REWE in the past and made a comparison between a couple of cities in Germany (I believe it was Frankfurt, cologne, Berlin, Munich and Hamburg). Hamburg was by far the most expensive, often as much as 10-20% more expensive.

wazHFsRy 2 hours ago | parent | next [-]

The existing project was a great inspiration and helped me figure out the mTLS stuff. I totally get your mixed feelings, though.

I really like your suggestion. I will put it in an issue and look into that. https://github.com/yannick-cw/korb/issues/4

Bewelge an hour ago | parent [-]

Just to be clear, my mixed feelings don't come from a moral standpoint. Just hoping they don't lock it down any further heh ;-)

abdusco an hour ago | parent | prev | next [-]

> Compare process across different markets.

Check out smhaggle app on Android

https://play.google.com/store/apps/details?id=com.smhaggle.a...

duskdozer 3 hours ago | parent | prev | next [-]

>I do have a suggestion for your app though: Have it compare your basket of goods across different markets in your region to show you the cheapest option.

I'd settle for just being able to sort items by unit price... I'm sure this is a [regulation-]solved problem in Germany though

Bewelge 2 hours ago | parent [-]

> I'd settle for just being able to sort items by unit price

What do you mean? The official REWE app and website provide just that.

> I'm sure this is a [regulation-]solved problem in Germany though

Not sure what you mean by that.

gigatexal an hour ago | parent | prev [-]

An aggregator like this that could surface the same good for the cheapest price all inclusive of delivery would be something I would pay for!

atollk an hour ago | parent | prev | next [-]

As a SWE at Rewe (at a completely different department), I can say that I find this pretty cool. I wonder if this is going to be a wakeup to management to relax the API restrictions.

kleiba 25 minutes ago | parent | next [-]

...or to tighten them.

wazHFsRy 39 minutes ago | parent | prev [-]

I mean, definitely leads to me buying more stuff on Rewe than before.

hk1337 20 minutes ago | parent | prev | next [-]

This reminds me of pizza party cli app way back late 90s or early 2000

wazHFsRy 2 hours ago | parent | prev | next [-]

I want to add something else to this. In the process of writing this, I also played with formal verification and formally verified the suggestion engine, which was a really nice side discovery.

The basic idea is to write a prove in Lean4 and then test both the production implementation (Haskell) and the Lean implementation against random inputs. Compare if the results are the same.

If that is the case -> you can be pretty sure the unproven production version is as correct as the proven lean version.

https://www.dev-log.me/formal_verification_in_any_language_f...

zephyrwhimsy an hour ago | parent | prev | next [-]

Evaluation in LLM applications is still an unsolved problem. Most teams rely on vibes-based assessment. Rigorous evaluation frameworks that correlate with real-world performance remain elusive.

ramon156 2 hours ago | parent | prev | next [-]

Serious good use of an AI. Just let them do the grey area (like repeated purchase). I'd even let an algo pick better groceries for me. Cools tuff!

wazHFsRy 2 hours ago | parent [-]

Absolutely. For example, I want to ask it: Suggest me some vegetables I haven't ordered in recent weeks or stuff like this, and this is all possible.

aprilnya an hour ago | parent [-]

Could even ask it to find recipes and then have it buy the ingredients needed for them next time it's doing your shopping!

splike 4 hours ago | parent | prev | next [-]

That's funny, I've just built the same thing for Asda in the UK https://github.com/markDunne/asdabot

It can search for items, add them to the basket, picks a delivery slot and does the checkout.

With a little more scaffolding in markdown files, this now takes care of my weekly shopping.

Latitude7973 3 hours ago | parent [-]

Even a CLI interface would be better than the sorry excuse of Asda's website. I wonder if entrusting an LLM is worth the trade off with the tedium of online shopping.

braedonwatkins 2 hours ago | parent | prev | next [-]

I remember a friend and I in college were looking into ways to do this in the US but major grocery chains here are pretty sensitive about their product data being accessible by open APIs and web scraping...

It would have been a cool project!

rmoriz 2 hours ago | parent | prev | next [-]

Surprised how little the B2C and even B2B e-commerce segment is providing API access for automation and agentic coding. One could easily set up rate limits, fraud detection and KYC checks upfront initial access.

wazHFsRy 2 hours ago | parent | next [-]

Yeah, absolutely. I think internally, everyone is cooking up some gigantic commerce. This is just bringing it to myself a bit earlier.

Bewelge 2 hours ago | parent | prev [-]

B2B: Look at chefkoch.de They do use the REWE API, and I'm guessing not without their knowledge

B2C: Is it really surprising that a busines has no interest in providing more price transparency to their customers?

traceroute66 an hour ago | parent | next [-]

> B2C: Is it really surprising that a busines has no interest in providing more price transparency to their customers?

Might I suggest you remove your tin-foil hat and consider that:

   - 99% of REWE customers almost certainly have no clue what an API is
   - 99% of the remaining 1% know what an API is, but their day-job involves messing with APIs, so they don't want to spend their weekend-time messing with the REWE API, they just want to do their shopping at REWE.
   - The final 0.1% are those who come on HN and pretend its all some sort of big conspiracy to minimise transparency by $evil_corp. :)
If you think about it, imagine if REWE officially exposed an API B2C. This would mean they are obligated to provide support.

Do you really want the price of your shopping to increase because REWE now needs to find money to pay for a helpdesk for the millions of B2C API users ?

Businesses and services differentiating between B2C and B2B is nothing new, that is why the two different terminologies exist !

What next, you don't want to fill up your car at the petrol station (B2C) but you want to be permitted to buy a barrel crude oil direct from the drill and refine it yourself (B2B) ?

rmoriz 2 hours ago | parent | prev [-]

When Amazon launches an API everyone cries. Same story over and over. Even better example: TakeAway-Group. The perfect MITM.

Bewelge an hour ago | parent [-]

Think it's context dependent whether it's a good or bad thing.

The owners of German supermarket and car companies are really the richest of the rich in Germany (okay and maybe the SAP guy on top). It would definitely be a net positive if someone manages to scrape and compare their prices.

In the restaurant market it's one player abusing many small players.

And honestly, I think the reason everyone cries when "Amazon launches an API" is because Amazon would not dare to piss off the German supermarket oligopoly.

danielszlaski 4 hours ago | parent | prev | next [-]

I love the idea of a CLI for groceries. Do you have plans to support 're-order' scripts or meal-plan integration? I can imagine a workflow where a recipes.yaml file gets piped into your CLI to automatically fill the cart with everything needed for the week. Much faster than clicking through a mobile UI.

wazHFsRy 2 hours ago | parent [-]

Absolutely, that could just be a small script or something on top that calls the CLI tool

a012 3 hours ago | parent | prev | next [-]

It’s one step closer to have an agent to go shopping for my recipes or dinner, but hopefully unlike the Son of Anton

wazHFsRy 2 hours ago | parent [-]

I am using it exactly like this. I tell Claude: "Add all things for this recipe to the basket."

kls0e 5 hours ago | parent | prev | next [-]

this feels a bit like Sandra Bullock ordering pizza in „The Net“, impressive

wklm 6 hours ago | parent | prev | next [-]

Nice! Do you know if the Austrian billa (REWE's subsidiary) is using the same api?

elAhmo 2 hours ago | parent | next [-]

This could be helpful: https://heisse-preise.io

fractallyte 5 hours ago | parent | prev [-]

My friend works at Billa AT; I could ask her – but that would be cheating ;-)

stavros 3 hours ago | parent [-]

What's the point of this comment!

ramonga 4 hours ago | parent | prev | next [-]

Funny enough I was looking at rewe network requests for a personal app that suggests weekly meals and automatically orders the ingredients for you

wazHFsRy an hour ago | parent | next [-]

Just pipe the items through this CLI, and you can save a ton of work :)

picografix 4 hours ago | parent | prev [-]

tell us more about it

Dominik1001 6 hours ago | parent | prev | next [-]

Very cool! Thanks for sharing, I’ll try it out.

Haskell is indeed an interesting choice. ;)

son3tt 3 hours ago | parent | prev | next [-]

Really cool, but this is also how you end with 300 avocados and 500 L of detergent.

stavros 3 hours ago | parent [-]

Well of course, how else am I going to make my Tideamole?

sigr_ 4 hours ago | parent | prev | next [-]

Really cool to see things still being built in Haskell! How do you find using it compared to some of the newer languages that have more modern tooling?

Did you implement your own OAUTH2 flow in haskell for this?

wazHFsRy an hour ago | parent | next [-]

For me, Haskell is the language of 2026. Having an agent available if you get stuck with some weird type error is a blessing. It also helps with the tooling. Though the modern tooling with cabal is pretty good.

yakshaving_jgt 3 hours ago | parent | prev [-]

Does Haskell not have modern tooling? What would be considered modern in this context?

tietjens 4 hours ago | parent | prev | next [-]

Love this! Super cool.

rvz 4 hours ago | parent | prev [-]

> Finally the best side projects are the ones you actually use and this one will be used for all my future grocery shopping.

Until it breaks in a few weeks.

wazHFsRy an hour ago | parent [-]

I mean, fixing small issues is not a big deal – during my ordering sessions, if something comes up, I actually just let Claude create an issue for it, and then when I have time, I create a fix.

rvz an hour ago | parent [-]

Well you don't control the API so it will still break.