Food402 - TGO Yemek Food Delivery

Order food from Trendyol GO (TGO Yemek), Turkey's leading food delivery service. This skill enables complete food ordering: browse restaurants, view menus, customize items, manage cart, and checkout with 3D Secure payment.

Setup

OpenClaw

Add the following to your ~/.openclaw/openclaw.json:

{
  "skills": {
    "entries": {
      "food402": {
        "enabled": true,
        "env": {
          "TGO_EMAIL": "your-tgo-email@example.com",
          "TGO_PASSWORD": "your-tgo-password",
          "GOOGLE_PLACES_API_KEY": "your-google-api-key"
        }
      }
    }
  }
}

Claude Code / Cursor / Codex / Gemini CLI

Set environment variables in your shell profile (~/.bashrc, ~/.zshrc, etc.):

export TGO_EMAIL="your-tgo-email@example.com"
export TGO_PASSWORD="your-tgo-password"
export GOOGLE_PLACES_API_KEY="your-google-api-key"  # Optional: for Google Reviews

Then reload your shell or run source ~/.zshrc (or equivalent).

Authentication

The skill automatically handles authentication. When making API calls:

1. Run {baseDir}/scripts/auth.sh get-token to get a valid JWT
2. The script caches tokens in /tmp/food402-token with automatic refresh (60s buffer before expiry)
3. If any API call returns 401, clear the token with {baseDir}/scripts/auth.sh clear-token and retry

Manual authentication check:

{baseDir}/scripts/auth.sh check-token

Required Workflow

IMPORTANT: You MUST follow this order:

1. select_address - REQUIRED first step (sets delivery location for cart)
2. get_restaurants or search_restaurants - Browse/search restaurants
3. get_restaurant_menu - View a restaurant's menu
4. get_product_details - Check customization options (if needed)
5. add_to_basket - Add items to cart
6. checkout_ready - Verify cart is ready for payment
7. place_order - Complete the order with 3D Secure

If add_to_basket fails, try clear_basket first then retry.

Address Management Operations

get_addresses

Get user's saved delivery addresses. Call this first to show available addresses.

TOKEN=$({baseDir}/scripts/auth.sh get-token)
curl -s "https://api.tgoapis.com/web-user-apimemberaddress-santral/addresses" \
  -H "Authorization: Bearer $TOKEN" \
  -H "x-correlationid: $(uuidgen)" \
  -H "pid: $(uuidgen)" \
  -H "sid: $(uuidgen)" | jq

Response fields: id, addressName, addressLine, neighborhoodName, districtName, cityName, latitude, longitude

select_address

MUST be called before browsing restaurants or adding to basket. Sets the shipping address for the cart.

Parameters:

• addressId (required): Address ID from get_addresses

TOKEN=$({baseDir}/scripts/auth.sh get-token)
curl -s -X POST "https://api.tgoapis.com/web-checkout-apicheckout-santral/shipping" \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -H "x-correlationid: $(uuidgen)" \
  -H "pid: $(uuidgen)" \
  -H "sid: $(uuidgen)" \
  -d '{"shippingAddressId": {addressId}, "invoiceAddressId": {addressId}}'

add_address

Add a new delivery address. Use get_cities → get_districts → get_neighborhoods to find location IDs first.

Parameters:

• name (required): First name
• surname (required): Last name
• phone (required): Phone without country code (e.g., "5356437070")
• addressName (required): Label (e.g., "Home", "Work")
• addressLine (required): Street address
• cityId (required): From get_cities
• districtId (required): From get_districts
• neighborhoodId (required): From get_neighborhoods
• latitude (required): Coordinate string
• longitude (required): Coordinate string
• apartmentNumber, floor, doorNumber, addressDescription (optional)
• elevatorAvailable (optional): boolean

TOKEN=$({baseDir}/scripts/auth.sh get-token)
curl -s -X POST "https://api.tgoapis.com/web-user-apimemberaddress-santral/addresses" \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -H "x-correlationid: $(uuidgen)" \
  -H "pid: $(uuidgen)" \
  -H "sid: $(uuidgen)" \
  -d '{
    "name": "{name}",
    "surname": "{surname}",
    "phone": "{phone}",
    "addressName": "{addressName}",
    "addressLine": "{addressLine}",
    "cityId": {cityId},
    "districtId": {districtId},
    "neighborhoodId": {neighborhoodId},
    "latitude": "{latitude}",
    "longitude": "{longitude}",
    "countryCode": "TR",
    "elevatorAvailable": false
  }' | jq

Note: If response is 429, OTP verification is required. Direct user to add the address at tgoyemek.com instead.

get_cities

Get list of all cities for address selection.

TOKEN=$({baseDir}/scripts/auth.sh get-token)
curl -s "https://api.tgoapis.com/web-user-apimemberaddress-santral/cities" \
  -H "Authorization: Bearer $TOKEN" \
  -H "x-correlationid: $(uuidgen)" \
  -H "pid: $(uuidgen)" \
  -H "sid: $(uuidgen)" | jq '.cities[] | {id, name}'

get_districts

Get districts for a city.

Parameters:

• cityId (required): City ID from get_cities

TOKEN=$({baseDir}/scripts/auth.sh get-token)
curl -s "https://api.tgoapis.com/web-user-apimemberaddress-santral/cities/{cityId}/districts" \
  -H "Authorization: Bearer $TOKEN" \
  -H "x-correlationid: $(uuidgen)" \
  -H "pid: $(uuidgen)" \
  -H "sid: $(uuidgen)" | jq '.districts[] | {id, name}'

get_neighborhoods

Get neighborhoods for a district.

Parameters:

• districtId (required): District ID from get_districts

TOKEN=$({baseDir}/scripts/auth.sh get-token)
curl -s "https://api.tgoapis.com/web-user-apimemberaddress-santral/districts/{districtId}/neighborhoods" \
  -H "Authorization: Bearer $TOKEN" \
  -H "x-correlationid: $(uuidgen)" \
  -H "pid: $(uuidgen)" \
  -H "sid: $(uuidgen)" | jq '.neighborhoods[] | {id, name}'

Restaurant Discovery Operations

get_restaurants

List restaurants near the selected address. Requires select_address first.

Parameters:

• latitude (required): From selected address
• longitude (required): From selected address
• page (optional): Page number, default 1
• sortBy (optional): RECOMMENDED (default), RESTAURANT_SCORE, or RESTAURANT_DISTANCE
• minBasketPrice (optional): Pass 400 to filter min order >= 400 TL

Sorting keywords (Turkish & English):

• "önerilen" / "recommended" / "popüler" → RECOMMENDED
• "en yakın" / "closest" / "yakınımdaki" → RESTAURANT_DISTANCE
• "en iyi" / "best rated" / "en yüksek puanlı" → RESTAURANT_SCORE
• "en ucuz" / "cheapest" → Use search_restaurants instead (returns product prices)

TOKEN=$({baseDir}/scripts/auth.sh get-token)
curl -s "https://api.tgoapis.com/web-discovery-apidiscovery-santral/restaurants/filters?openRestaurants=true&latitude={latitude}&longitude={longitude}&pageSize=50&page={page}" \
  -H "Authorization: Bearer $TOKEN" \
  -H "x-correlationid: $(uuidgen)" \
  -H "pid: $(uuidgen)" \
  -H "sid: $(uuidgen)" | jq

Add &sortType=RESTAURANT_SCORE or &sortType=RESTAURANT_DISTANCE for sorting (omit for RECOMMENDED).

Response fields: id, name, kitchen, rating, ratingText, minBasketPrice, averageDeliveryInterval, distance, neighborhoodName, isClosed, campaignText

search_restaurants

Search restaurants and products by keyword. Results include product prices (useful for "cheapest" queries).

IMPORTANT: Always check isClosed field. Never suggest closed restaurants.

Parameters:

• searchQuery (required): Search keyword (e.g., "pizza", "burger", "dürüm")
• latitude (required): From selected address
• longitude (required): From selected address
• page (optional): Page number, default 1

TOKEN=$({baseDir}/scripts/auth.sh get-token)
curl -s "https://api.tgoapis.com/web-restaurant-apirestaurant-santral/restaurants/in/search?searchQuery={searchQuery}&latitude={latitude}&longitude={longitude}&pageSize=50&page={page}" \
  -H "Authorization: Bearer $TOKEN" \
  -H "x-correlationid: $(uuidgen)" \
  -H "pid: $(uuidgen)" \
  -H "sid: $(uuidgen)" | jq

Response includes: Restaurant info plus products[] array with id, name, description, price

Menu & Product Operations

get_restaurant_menu

Get a restaurant's full menu with categories and items.

Parameters:

• restaurantId (required): Restaurant ID
• latitude (required): Coordinate
• longitude (required): Coordinate

TOKEN=$({baseDir}/scripts/auth.sh get-token)
curl -s "https://api.tgoapis.com/web-restaurant-apirestaurant-santral/restaurants/{restaurantId}?latitude={latitude}&longitude={longitude}" \
  -H "Authorization: Bearer $TOKEN" \
  -H "x-correlationid: $(uuidgen)" \
  -H "pid: $(uuidgen)" \
  -H "sid: $(uuidgen)" | jq

Response structure:

• info: Restaurant details (id, name, rating, workingHours, deliveryTime, minOrderPrice)
• categories[]: Menu sections with items[] (id, name, description, price, likePercentage)

get_product_details

Get product customization options (ingredients to exclude, modifier groups for extras/sizes).

Parameters:

• restaurantId (required): Restaurant ID
• productId (required): Product ID from menu
• latitude (required): Coordinate
• longitude (required): Coordinate

TOKEN=$({baseDir}/scripts/auth.sh get-token)
curl -s -X POST "https://api.tgoapis.com/web-restaurant-apirestaurant-santral/restaurants/{restaurantId}/products/{productId}?latitude={latitude}&longitude={longitude}" \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -H "x-correlationid: $(uuidgen)" \
  -H "pid: $(uuidgen)" \
  -H "sid: $(uuidgen)" \
  -d '{}' | jq

Response includes components[]:

• type: INGREDIENTS (items to exclude) or MODIFIER_GROUP (extras/sizes to select)
• modifierGroupId: Use this ID when adding modifiers to basket
• options[]: Available choices with id, name, price, isPopular
• isSingleChoice, minSelections, maxSelections: Selection rules

get_product_recommendations

Get "goes well with" suggestions for products.

Parameters:

• restaurantId (required): Restaurant ID
• productIds (required): Array of product IDs

TOKEN=$({baseDir}/scripts/auth.sh get-token)
curl -s -X POST "https://api.tgoapis.com/web-discovery-apidiscovery-santral/recommendation/product" \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -H "x-correlationid: $(uuidgen)" \
  -H "pid: $(uuidgen)" \
  -H "sid: $(uuidgen)" \
  -d '{
    "restaurantId": "{restaurantId}",
    "productIds": ["{productId1}", "{productId2}"],
    "page": "PDP"
  }' | jq

Cart Management Operations

add_to_basket

Add items to the shopping cart. Requires select_address first.

Parameters:

• storeId (required): Restaurant ID (NUMBER)
• latitude (required): Coordinate (NUMBER, not string)
• longitude (required): Coordinate (NUMBER, not string)
• items[] (required): Array of items to add

Item structure:

{
  "productId": 12345,
  "quantity": 1,
  "modifierProducts": [
    {
      "productId": 111,
      "modifierGroupId": 222,
      "modifierProducts": [],
      "ingredientOptions": {"excludes": [], "includes": []}
    }
  ],
  "ingredientOptions": {
    "excludes": [{"id": 333}],
    "includes": []
  }
}

TOKEN=$({baseDir}/scripts/auth.sh get-token)
curl -s -X POST "https://api.tgoapis.com/web-checkout-apicheckout-santral/carts/items" \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -H "x-correlationid: $(uuidgen)" \
  -H "pid: $(uuidgen)" \
  -H "sid: $(uuidgen)" \
  -d '{
    "storeId": {storeId},
    "items": [{items}],
    "latitude": {latitude},
    "longitude": {longitude},
    "isFlashSale": false,
    "storePickup": false
  }' | jq

If this fails, try clear_basket first then retry.

get_basket

Get current cart contents.

TOKEN=$({baseDir}/scripts/auth.sh get-token)
curl -s "https://api.tgoapis.com/web-checkout-apicheckout-santral/carts" \
  -H "Authorization: Bearer $TOKEN" \
  -H "x-correlationid: $(uuidgen)" \
  -H "pid: $(uuidgen)" \
  -H "sid: $(uuidgen)" | jq

Response includes: storeGroups[] with store info and products, summary[], totalPrice, deliveryPrice, isEmpty

remove_from_basket

Remove an item from the cart.

Parameters:

• itemId (required): Item UUID from get_basket response (the itemId field, NOT productId)

TOKEN=$({baseDir}/scripts/auth.sh get-token)
curl -s -X DELETE "https://api.tgoapis.com/web-checkout-apicheckout-santral/carts/items/{itemId}" \
  -H "Authorization: Bearer $TOKEN" \
  -H "x-correlationid: $(uuidgen)" \
  -H "pid: $(uuidgen)" \
  -H "sid: $(uuidgen)" | jq

clear_basket

Clear the entire cart.

TOKEN=$({baseDir}/scripts/auth.sh get-token)
curl -s -X DELETE "https://api.tgoapis.com/web-checkout-apicheckout-santral/carts" \
  -H "Authorization: Bearer $TOKEN" \
  -H "x-correlationid: $(uuidgen)" \
  -H "pid: $(uuidgen)" \
  -H "sid: $(uuidgen)"

Checkout & Payment Operations

get_saved_cards

Get user's saved payment cards (masked). If no cards, user must add one at tgoyemek.com.

Uses Payment API with different headers:

TOKEN=$({baseDir}/scripts/auth.sh get-token)
curl -s "https://payment.tgoapps.com/v2/cards/" \
  -H "Authorization: bearer $TOKEN" \
  -H "app-name: TrendyolGo" \
  -H "x-applicationid: 1" \
  -H "x-channelid: 4" \
  -H "x-storefrontid: 1" | jq

Response: cards[] with cardId, maskedCardNumber, bankName, cardNetwork, isDebitCard

checkout_ready

Verify cart is ready for checkout. Call this before place_order.

TOKEN=$({baseDir}/scripts/auth.sh get-token)
curl -s "https://api.tgoapis.com/web-checkout-apicheckout-santral/carts?cartContext=payment&limitPromoMbs=false" \
  -H "Authorization: Bearer $TOKEN" \
  -H "x-correlationid: $(uuidgen)" \
  -H "pid: $(uuidgen)" \
  -H "sid: $(uuidgen)" | jq

Check response:

• If totalProductCount is 0, cart is empty
• Check warnings[] for issues (e.g., below minimum order)
• Returns full cart details and totalPrice

set_order_note

Set order note and service preferences. Call before place_order.

Parameters:

• note (optional): Note for courier/restaurant
• noServiceWare (optional): Don't include plastic/cutlery (default: false)
• contactlessDelivery (optional): Leave at door (default: false)
• dontRingBell (optional): Don't ring doorbell (default: false)

TOKEN=$({baseDir}/scripts/auth.sh get-token)
curl -s -X PUT "https://api.tgoapis.com/web-checkout-apicheckout-santral/carts/customerNote" \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -H "x-correlationid: $(uuidgen)" \
  -H "pid: $(uuidgen)" \
  -H "sid: $(uuidgen)" \
  -d '{
    "customerNote": "{note}",
    "noServiceWare": false,
    "contactlessDelivery": false,
    "dontRingBell": false
  }'

place_order

Place the order with 3D Secure payment. This is a 3-step process.

Parameters:

• cardId (required): Card ID from get_saved_cards

Step 1: Get cart with payment context

TOKEN=$({baseDir}/scripts/auth.sh get-token)
curl -s "https://api.tgoapis.com/web-checkout-apicheckout-santral/carts?cartContext=payment&limitPromoMbs=false" \
  -H "Authorization: Bearer $TOKEN" \
  -H "x-correlationid: $(uuidgen)" \
  -H "pid: $(uuidgen)" \
  -H "sid: $(uuidgen)"

Step 2: Select payment method (Payment API)

# Get bin code from card's maskedCardNumber (first 6 digits + **)
BINCODE="${maskedCardNumber:0:6}**"

curl -s -X POST "https://payment.tgoapps.com/v3/payment/options" \
  -H "Authorization: bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -H "app-name: TrendyolGo" \
  -H "x-applicationid: 1" \
  -H "x-channelid: 4" \
  -H "x-storefrontid: 1" \
  -d '{
    "paymentType": "payWithCard",
    "data": {
      "savedCardId": {cardId},
      "binCode": "{binCode}",
      "installmentId": 0,
      "reward": null,
      "installmentPostponingSelected": false
    }
  }'

Step 3: Submit payment (Payment API)

curl -s -X POST "https://payment.tgoapps.com/v2/payment/pay" \
  -H "Authorization: bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -H "app-name: TrendyolGo" \
  -H "x-applicationid: 1" \
  -H "x-channelid: 4" \
  -H "x-storefrontid: 1" \
  -d '{
    "customerSelectedThreeD": false,
    "paymentOptions": [{"name": "payWithCard", "cardNo": "", "customerSelectedThreeD": false}],
    "callbackUrl": "https://tgoyemek.com/odeme"
  }'

3D Secure handling: If response contains json.content (HTML) or redirectUrl:

1. Save HTML to temp file
2. Open in browser: {baseDir}/scripts/3dsecure.sh "$HTML_CONTENT"
3. Inform user to complete verification in browser

Order History Operations

get_orders

Get user's order history with status.

Parameters:

• page (optional): Page number, default 1

TOKEN=$({baseDir}/scripts/auth.sh get-token)
curl -s "https://api.tgoapis.com/web-checkout-apicheckout-santral/orders?page={page}&pageSize=50" \
  -H "Authorization: Bearer $TOKEN" \
  -H "x-correlationid: $(uuidgen)" \
  -H "pid: $(uuidgen)" \
  -H "sid: $(uuidgen)" | jq

Response: orders[] with id, orderDate, store, status, price, products[]

get_order_detail

Get detailed information about a specific order including delivery status.

Parameters:

• orderId (required): Order ID from get_orders

TOKEN=$({baseDir}/scripts/auth.sh get-token)
curl -s "https://api.tgoapis.com/web-checkout-apicheckout-santral/orders/detail?orderId={orderId}" \
  -H "Authorization: Bearer $TOKEN" \
  -H "x-correlationid: $(uuidgen)" \
  -H "pid: $(uuidgen)" \
  -H "sid: $(uuidgen)" | jq

Response includes: Order details, delivery status steps, ETA, products with prices, delivery address

Google Reviews (Optional)

get_google_reviews

Fetch Google Maps rating and reviews for a restaurant. Requires GOOGLE_PLACES_API_KEY env var.

Parameters:

• restaurantId, restaurantName, neighborhoodName, tgoDistance, tgoRating, latitude, longitude

This operation uses Google Places API to find the restaurant and compare ratings. Only use if GOOGLE_PLACES_API_KEY is configured.

Error Handling

Always parse error responses and present the error message clearly to the user.

Guidelines

• Always authenticate before making API calls. Use the auth.sh helper.
• Never expose raw credentials, JWTs, or tokens to the user.
• Confirm destructive operations (clear_basket, place_order) with the user before executing.
• Check isClosed before suggesting restaurants from search results.
• Present results in a clean, readable format rather than raw JSON dumps.
• Follow the required workflow: select_address → browse → menu → add to basket → checkout.
• Handle coordinates correctly: get_restaurants uses STRING coordinates, add_to_basket uses NUMBER coordinates.
• If add_to_basket fails, try clear_basket first then retry.
• For payment, always use the Payment API headers (lowercase "bearer", app-name, x-applicationid, etc.).