alt Hacker NewsShow HN: CLI to order groceries via reverse-engineered REWE API (Haskell)
I just had the best time learning about the REWE (German supermarket chain) API, how they use mTLS and what the workflows are. Also `mitmproxy2swagger`[1] is a great tool to create OpenAPI spec automatically.
And then 2026 feels like the perfect time writing Haskell. The code is handwritten, but whenever I got stuck with the build system or was just not getting the types right, I could fall back to ask AI to unblock me. It was never that smooth before.
Finally the best side projects are the ones you actually use and this one will be used for all my future grocery shopping.
Comments
the mTLS part is interesting. they're using it not for security in the traditional sense -- REWE knows what their own app is doing -- but as a fingerprinting mechanism. the client cert is how they distinguish their official app from third-party access. the weak point is that the cert has to live somewhere in the app binary, which is why mitmproxy can intercept it. it's less about encryption and more about making ToS enforcement slightly harder.
As a SWE at Rewe (at a completely different department), I can say that I find this pretty cool. I wonder if this is going to be a wakeup to management to relax the API restrictions.
This reminds me of pizza party cli app way back late 90s or early 2000
I want to add something else to this. In the process of writing this, I also played with formal verification and formally verified the suggestion engine, which was a really nice side discovery.
The basic idea is to write a prove in Lean4 and then test both the production implementation (Haskell) and the Lean implementation against random inputs. Compare if the results are the same.
If that is the case -> you can be pretty sure the unproven production version is as correct as the proven lean version.
https://www.dev-log.me/formal_verification_in_any_language_f...
Evaluation in LLM applications is still an unsolved problem. Most teams rely on vibes-based assessment. Rigorous evaluation frameworks that correlate with real-world performance remain elusive.
Serious good use of an AI. Just let them do the grey area (like repeated purchase). I'd even let an algo pick better groceries for me. Cools tuff!
That's funny, I've just built the same thing for Asda in the UK https://github.com/markDunne/asdabot
It can search for items, add them to the basket, picks a delivery slot and does the checkout.
With a little more scaffolding in markdown files, this now takes care of my weekly shopping.
I remember a friend and I in college were looking into ways to do this in the US but major grocery chains here are pretty sensitive about their product data being accessible by open APIs and web scraping...
It would have been a cool project!
Surprised how little the B2C and even B2B e-commerce segment is providing API access for automation and agentic coding. One could easily set up rate limits, fraud detection and KYC checks upfront initial access.
I love the idea of a CLI for groceries. Do you have plans to support 're-order' scripts or meal-plan integration? I can imagine a workflow where a recipes.yaml file gets piped into your CLI to automatically fill the cart with everything needed for the week. Much faster than clicking through a mobile UI.
It’s one step closer to have an agent to go shopping for my recipes or dinner, but hopefully unlike the Son of Anton
this feels a bit like Sandra Bullock ordering pizza in „The Net“, impressive
Nice! Do you know if the Austrian billa (REWE's subsidiary) is using the same api?
Funny enough I was looking at rewe network requests for a personal app that suggests weekly meals and automatically orders the ingredients for you
Very cool! Thanks for sharing, I’ll try it out.
Haskell is indeed an interesting choice. ;)
Really cool, but this is also how you end with 300 avocados and 500 L of detergent.
Really cool to see things still being built in Haskell! How do you find using it compared to some of the newer languages that have more modern tooling?
Did you implement your own OAUTH2 flow in haskell for this?
Love this! Super cool.
> Finally the best side projects are the ones you actually use and this one will be used for all my future grocery shopping.
Until it breaks in a few weeks.
[dead]
[dead]
Cool project, but have mixed feelings about publishing ever easier ways to access this API. They've locked down the API a while ago for a reason.
Also there already exists this reverse engineered project: https://github.com/ByteSizedMarius/rewerse-engineering/
I do have a suggestion for your app though: Have it compare your basket of goods across different markets in your region to show you the cheapest option. I'm pretty sure this possibility is actually one of the reasons they locked down the API.
I've used Data from REWE in the past and made a comparison between a couple of cities in Germany (I believe it was Frankfurt, cologne, Berlin, Munich and Hamburg). Hamburg was by far the most expensive, often as much as 10-20% more expensive.