Labsco
AriOliv logo

Ifood MCP

β˜… 3

from AriOliv

Unofficial Model Context Protocol server for iFood β€” browse, search, cart and order food via AI

πŸ”₯πŸ”₯πŸ”₯βœ“ VerifiedAccount requiredAdvanced setup

iFood MCP Server <img src="assets/logo.png" align="right" width="102"/>

License: MIT Node.js TypeScript MCP

Unofficial Model Context Protocol server for iFood β€” Brazil's largest food delivery platform. Browse restaurants, search food, manage your cart and place orders through any AI assistant that speaks MCP.

Not affiliated with iFood. Wraps the public consumer web API for personal use.

What This MCP Server Does

This MCP server gives AI assistants (Claude Code, Claude Desktop, Cursor, Codex, etc.) access to your iFood account. It exposes 25 tools that let an AI:

  • πŸ” Search restaurants and food items near you
  • πŸ” Browse merchants, full catalogs, item details and customer reviews
  • πŸ›’ Build a cart with items, delivery method and payment
  • πŸ’³ List your saved payment methods and addresses
  • πŸ“¦ List past orders, get order details, and reorder
  • 🎁 Check loyalty cards, wallet benefits and coupons
  • πŸ“ Explore the home feed, categories and curated browse pages

Two Authentication Modes

ModeTransportLoginBest for
HTTP + OAuth 2.1Streamable HTTPReal iFood OTP (e‑mail / SMS / WhatsApp) on a hosted login pageMulti‑user deploys, remote MCP, sharing with friends
stdioStandard input / outputTokens pasted from browser DevTools into a .env fileLocal single‑user setup, fastest to wire up

You can run either mode independently; the same tool definitions back both.

Available Tools

πŸ‘€ Customer

ToolDescription
ifood_customer_meAuthenticated customer profile
ifood_addressesSaved delivery addresses
ifood_contact_methodsVerified e‑mails and phones
ifood_external_identitiesLinked identity providers (Google, Apple, OTP)

πŸ“¦ Orders

ToolDescription
ifood_orders_listPast orders, paginated
ifood_order_detailFull details of a single order
ifood_reorderPre-fill cart with items from a previous order

πŸ” Discovery

ToolDescription
ifood_searchSearch restaurants and items by term + location
ifood_filter_optionsAvailable search filters (categories, dietary, price)
ifood_homeLocalized home feed
ifood_browse_pageCurated browse pages linked from the home feed
ifood_categoriesTop-level categories (restaurants, groceries, drugstore, …)

πŸ” Merchants

ToolDescription
ifood_merchant_infoDelivery fees, methods, hours, rating, address
ifood_merchant_catalogFull menu with items, prices, add-ons
ifood_item_detailSingle item details (price, description, options)
ifood_customer_merchant_itemsCustomer's previously‑ordered items at a merchant
ifood_reviewsCustomer reviews/ratings, paginated
ifood_merchant_payment_methodsPayment methods accepted by a specific merchant

🎁 Loyalty & Wallet

ToolDescription
ifood_loyalty_cardsiFood Club, stamps, etc.
ifood_benefitsWallet benefits, coupons and promotions near a location
ifood_payment_methodsCustomer's saved payment methods

πŸ›’ Cart & Checkout

ToolDescription
ifood_cart_createCreate a new cart with items for a merchant
ifood_cart_set_delivery_methodDEFAULT / PRIORITY / TAKEOUT
ifood_cart_set_payment_methodApply payment method UUIDs to the cart
ifood_checkoutPlace the order (final step)

Example Prompts

Once connected, ask your AI assistant:

"encontre opΓ§Γ΅es de aΓ§aΓ­ perto de -23.59182, -46.648688"

"qual Γ© o cardΓ‘pio da hamburgueria mais bem avaliada na minha regiΓ£o?"

"liste meus 5 ΓΊltimos pedidos e me mostre o status de cada um"

"crie um carrinho no Burger King com 2 Whoppers e finalize com Pix"

"me mostre as avaliaΓ§Γ΅es do restaurante <id> nas ΓΊltimas 30 reviews"

"existe algum cupom ativo na minha carteira pra delivery agora?"

[!TIP] If a tool needs latitude/longitude and you don't know yours, ask the AI to call ifood_addresses first β€” your saved addresses include coordinates.

Architecture

β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”    OAuth 2.1     β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”    Bearer JWT     β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
β”‚  AI assistant    │◄────────────────►│   ifood-mcp server  │◄─────────────────►│  iFood API      β”‚
β”‚  (Claude/Cursor) β”‚   /mcp endpoint  β”‚   (Express + MCP)   β”‚   site-api / wsl. β”‚  (consumer web) β”‚
β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜                  β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜                   β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜
                                              β”‚
                                              β–Ό
                                      β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
                                      β”‚  /login      β”‚  HTML β€” iFood OTP
                                      β”‚  (browser)   β”‚  e‑mail / SMS / WhatsApp
                                      β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜
  • Stateless transport: each /mcp call creates a fresh StreamableHTTPServerTransport + McpServer bound to the authenticated user's session β€” handles concurrent users without sticky sessions.
  • In‑memory token stores: per‑user iFood JWT pairs auto‑refreshed every 60s. Single‑process; for horizontal scaling move to Redis.
  • OAuth 2.1 + PKCE S256, audience‑bound HS256 JWTs, opaque rotating refresh tokens.
  • 5‑step iFood OTP flow wrapped in src/http/ifood-auth.ts: /authorization-codes β†’ /access-tokens β†’ /challenges β†’ /authentications.

Development

npm run dev          # http-server with auto-reload (tsx watch)
npm run dev:stdio    # stdio with auto-reload
npm run build        # tsc β†’ build/
npm run typecheck    # tsc --noEmit

Project layout:

src/
  index.ts              tool definitions + executeTool dispatcher + stdio entry
  http-server.ts        Express + OAuth + Streamable HTTP transport
  http/
    store.ts            in-memory OAuth + iFood token stores
    provider.ts         OAuthServerProvider implementation
    session-provider.ts SessionTokenProvider + background refresh loop
    login-router.ts     OTP login HTML pages
    ifood-auth.ts       chained iFood OTP HTTP client

Security & Disclaimer

  • πŸ”’ In HTTP mode, iFood tokens live only in memory β€” never written to disk. Process restart = re‑login.
  • 🚫 Don't commit .env, HAR files or any DevTools captures β€” they contain bearer tokens. The .gitignore blocks all common spots.
  • ⚠️ Unofficial. iFood does not publish a public API. This wraps the consumer website's endpoints, which can change without notice. Use at your own discretion and respect iFood's Terms of Service.
  • πŸ›‘οΈ The login flow may eventually trip iFood's bot‑detection. If you see opaque errors during login, try the /login/paste fallback to provide tokens manually.

Contributing

Issues and PRs welcome. When opening an issue please include:

  • Output of npm run typecheck
  • Whether you're using stdio or HTTP+OAuth mode
  • Redacted request/response (no tokens) when reporting an API failure

License

Released under the MIT License.


Made by Ari and Claude a.k.a ClaudΓ£o.