I do have a suggestion for your app though:
Have it compare your basket of goods across different markets in your region to show you the cheapest option.
I'm pretty sure this possibility is actually one of the reasons they locked down the API.
I've used Data from REWE in the past and made a comparison between a couple of cities in Germany (I believe it was Frankfurt, cologne, Berlin, Munich and Hamburg). Hamburg was by far the most expensive, often as much as 10-20% more expensive.
>I do have a suggestion for your app though: Have it compare your basket of goods across different markets in your region to show you the cheapest option.
I'd settle for just being able to sort items by unit price... I'm sure this is a [regulation-]solved problem in Germany though
As a SWE at Rewe (at a completely different department), I can say that I find this pretty cool. I wonder if this is going to be a wakeup to management to relax the API restrictions.
the mTLS part is interesting. they're using it not for security in the traditional sense -- REWE knows what their own app is doing -- but as a fingerprinting mechanism. the client cert is how they distinguish their official app from third-party access. the weak point is that the cert has to live somewhere in the app binary, which is why mitmproxy can intercept it. it's less about encryption and more about making ToS enforcement slightly harder.
I want to add something else to this. In the process of writing this, I also played with formal verification and formally verified the suggestion engine, which was a really nice side discovery.
The basic idea is to write a prove in Lean4 and then test both the production implementation (Haskell) and the Lean implementation against random inputs.
Compare if the results are the same.
If that is the case -> you can be pretty sure the unproven production version is as correct as the proven lean version.
Evaluation in LLM applications is still an unsolved problem. Most teams rely on vibes-based assessment. Rigorous evaluation frameworks that correlate with real-world performance remain elusive.
Even a CLI interface would be better than the sorry excuse of Asda's website. I wonder if entrusting an LLM is worth the trade off with the tedium of online shopping.
I remember a friend and I in college were looking into ways to do this in the US but major grocery chains here are pretty sensitive about their product data being accessible by open APIs and web scraping...
Surprised how little the B2C and even B2B e-commerce segment is providing API access for automation and agentic coding. One could easily set up rate limits, fraud detection and KYC checks upfront initial access.
> B2C: Is it really surprising that a busines has no interest in providing more price transparency to their customers?
Might I suggest you remove your tin-foil hat and consider that:
- 99% of REWE customers almost certainly have no clue what an API is
- 99% of the remaining 1% know what an API is, but their day-job involves messing with APIs, so they don't want to spend their weekend-time messing with the REWE API, they just want to do their shopping at REWE.
- The final 0.1% are those who come on HN and pretend its all some sort of big conspiracy to minimise transparency by $evil_corp. :)
If you think about it, imagine if REWE officially exposed an API B2C. This would mean they are obligated to provide support.
Do you really want the price of your shopping to increase because REWE now needs to find money to pay for a helpdesk for the millions of B2C API users ?
Businesses and services differentiating between B2C and B2B is nothing new, that is why the two different terminologies exist !
What next, you don't want to fill up your car at the petrol station (B2C) but you want to be permitted to buy a barrel crude oil direct from the drill and refine it yourself (B2B) ?
> Might I suggest you remove your tin-foil hat and consider that:
First up: Read and follow the rules. No need to insult me. Especially considering what you said shows that you both misunderstood AND misrepresented what I've said.
And frankly, my reasoning was simply saying "Company won't publicize internal info if they don't get an advantage from doing so". It's literally the same reason Google doesn't publish all of their source code. I'm struggling to see what part you are misunderstanding but it has to be something extremely basic to conclude I'm a conspiracy nut for basically stating "Company acts in their interest".
Opening an API to the public allows third parties to develop apps that can then be consumed by end-consumers. Not trying to be offensive here, but do you know what an API is? To conclude I meant every single end-consumers building their own app is at best disingenuously twisting my words.
Opening the API would allow new players like you and me to enter the market and take a piece of the pie. Why would a market, dominated and controlled by a few big players, opt for that? You don't even need to know that the German grocery market is incredibly price competitive, to understand that.
> If you think about it, imagine if REWE officially exposed an API B2C. This would mean they are obligated to provide support.
Can you provide a source for that requirement? I'm pretty sure you just made that up.
> Businesses and services differentiating between B2C and B2B is nothing new, that is why the two different terminologies exist !
At this point I'm entirely lost what you read in my comment. Yes I know. I specifically made that distinction.
> What next, you don't want to fill up your car at the petrol station (B2C) but you want to be permitted to buy a barrel crude oil direct from the drill and refine it yourself (B2B) ?
Yeah you definitely misunderstood something... What I said/meant:
The question: Why isn't the API open?
My answer:
For B2B I gave an example where the API is used by another German firm, providing an example that the API is indeed consumed B2B.
For B2C: They have no reason to do so. They have a well functioning app where you can order stuff. They have one of the bigger recipe pages (at least it does very well SEO-wise) in Germany where you can immediately order ingredients from a recipe. The biggest recipe page in Germany (chefkoch) offers a direct link from recipes to their order page. Maybe you're missing this info? Thinking it's an internal API to data that isn't exposed anywhere at all would somehow explain whatever you tried to say here. But again, if you're that uninformed, don't insult people.
Think it's context dependent whether it's a good or bad thing.
The owners of German supermarket and car companies are really the richest of the rich in Germany (okay and maybe the SAP guy on top). It would definitely be a net positive if someone manages to scrape and compare their prices.
In the restaurant market it's one player abusing many small players.
And honestly, I think the reason everyone cries when "Amazon launches an API" is because Amazon would not dare to piss off the German supermarket oligopoly.
I love the idea of a CLI for groceries. Do you have plans to support 're-order' scripts or meal-plan integration? I can imagine a workflow where a recipes.yaml file gets piped into your CLI to automatically fill the cart with everything needed for the week. Much faster than clicking through a mobile UI.
Really cool to see things still being built in Haskell! How do you find using it compared to some of the newer languages that have more modern tooling?
Did you implement your own OAUTH2 flow in haskell for this?
For me, Haskell is the language of 2026. Having an agent available if you get stuck with some weird type error is a blessing. It also helps with the tooling. Though the modern tooling with cabal is pretty good.
I mean, fixing small issues is not a big deal – during my ordering sessions, if something comes up, I actually just let Claude create an issue for it, and then when I have time, I create a fix.
Also there already exists this reverse engineered project: https://github.com/ByteSizedMarius/rewerse-engineering/
I do have a suggestion for your app though: Have it compare your basket of goods across different markets in your region to show you the cheapest option. I'm pretty sure this possibility is actually one of the reasons they locked down the API.
I've used Data from REWE in the past and made a comparison between a couple of cities in Germany (I believe it was Frankfurt, cologne, Berlin, Munich and Hamburg). Hamburg was by far the most expensive, often as much as 10-20% more expensive.
I really like your suggestion. I will put it in an issue and look into that. https://github.com/yannick-cw/korb/issues/4
Check out smhaggle app on Android
https://play.google.com/store/apps/details?id=com.smhaggle.a...
I'd settle for just being able to sort items by unit price... I'm sure this is a [regulation-]solved problem in Germany though
What do you mean? The official REWE app and website provide just that.
> I'm sure this is a [regulation-]solved problem in Germany though
Not sure what you mean by that.
The basic idea is to write a prove in Lean4 and then test both the production implementation (Haskell) and the Lean implementation against random inputs. Compare if the results are the same.
If that is the case -> you can be pretty sure the unproven production version is as correct as the proven lean version.
https://www.dev-log.me/formal_verification_in_any_language_f...
It can search for items, add them to the basket, picks a delivery slot and does the checkout.
With a little more scaffolding in markdown files, this now takes care of my weekly shopping.
It would have been a cool project!
B2C: Is it really surprising that a busines has no interest in providing more price transparency to their customers?
Might I suggest you remove your tin-foil hat and consider that:
If you think about it, imagine if REWE officially exposed an API B2C. This would mean they are obligated to provide support.Do you really want the price of your shopping to increase because REWE now needs to find money to pay for a helpdesk for the millions of B2C API users ?
Businesses and services differentiating between B2C and B2B is nothing new, that is why the two different terminologies exist !
What next, you don't want to fill up your car at the petrol station (B2C) but you want to be permitted to buy a barrel crude oil direct from the drill and refine it yourself (B2B) ?
First up: Read and follow the rules. No need to insult me. Especially considering what you said shows that you both misunderstood AND misrepresented what I've said.
And frankly, my reasoning was simply saying "Company won't publicize internal info if they don't get an advantage from doing so". It's literally the same reason Google doesn't publish all of their source code. I'm struggling to see what part you are misunderstanding but it has to be something extremely basic to conclude I'm a conspiracy nut for basically stating "Company acts in their interest".
Opening an API to the public allows third parties to develop apps that can then be consumed by end-consumers. Not trying to be offensive here, but do you know what an API is? To conclude I meant every single end-consumers building their own app is at best disingenuously twisting my words.
Opening the API would allow new players like you and me to enter the market and take a piece of the pie. Why would a market, dominated and controlled by a few big players, opt for that? You don't even need to know that the German grocery market is incredibly price competitive, to understand that.
> If you think about it, imagine if REWE officially exposed an API B2C. This would mean they are obligated to provide support. Can you provide a source for that requirement? I'm pretty sure you just made that up.
> Businesses and services differentiating between B2C and B2B is nothing new, that is why the two different terminologies exist ! At this point I'm entirely lost what you read in my comment. Yes I know. I specifically made that distinction.
> What next, you don't want to fill up your car at the petrol station (B2C) but you want to be permitted to buy a barrel crude oil direct from the drill and refine it yourself (B2B) ? Yeah you definitely misunderstood something... What I said/meant:
The question: Why isn't the API open?
My answer: For B2B I gave an example where the API is used by another German firm, providing an example that the API is indeed consumed B2B.
For B2C: They have no reason to do so. They have a well functioning app where you can order stuff. They have one of the bigger recipe pages (at least it does very well SEO-wise) in Germany where you can immediately order ingredients from a recipe. The biggest recipe page in Germany (chefkoch) offers a direct link from recipes to their order page. Maybe you're missing this info? Thinking it's an internal API to data that isn't exposed anywhere at all would somehow explain whatever you tried to say here. But again, if you're that uninformed, don't insult people.
The owners of German supermarket and car companies are really the richest of the rich in Germany (okay and maybe the SAP guy on top). It would definitely be a net positive if someone manages to scrape and compare their prices.
In the restaurant market it's one player abusing many small players.
And honestly, I think the reason everyone cries when "Amazon launches an API" is because Amazon would not dare to piss off the German supermarket oligopoly.
Haskell is indeed an interesting choice. ;)
Did you implement your own OAUTH2 flow in haskell for this?
Until it breaks in a few weeks.