CODEWITHSUNDEEP
walmart-api
Russell
Russell

Reputation: 21

Receipt API availability?

I see that the Walmart Android app has an ability to capture the receipt barcode (seems to be the traditional 1D barcode and not the 2D QR code), then retrieve the electronic version of that receipt. It then adds that receipt to your "purchase history" in the app. Is this receipt API available? I'd like to capture data from Walmart receipts, but the poor quality of the receipts themselves causes numerous OCR problems.

I've looked at the WalmartLabs Walmart.io APIs and do not see the receipt API. I tried to ask this question there, but their "ask a question" form is broken (Submit button does nothing).

Upvotes: 2

Views: 2074

Answers (2)

lonesoac0
lonesoac0

Reputation: 21

I wrote a Django Management Command that utilizes this API. Enjoy.

import requests
import json
from django.core.management.base import BaseCommand

class Command(BaseCommand):
    help = 'Fetches a receipt from Walmart and prints the details.'

    def add_arguments(self, parser):
        parser.add_argument('storeId', type=int, help='The ID of the Walmart store')
        parser.add_argument('purchaseDate', type=str, help='The purchase date (MM-DD-YYYY)')
        parser.add_argument('cardType', type=str, help='The type of card used (e.g., "visa")')
        parser.add_argument('total', type=float, help='The total amount of the purchase')
        parser.add_argument('lastFourDigits', type=str, help='The last four digits of the card')

    def handle(self, *args, **kwargs):
        store_id = kwargs['storeId']
        purchase_date = kwargs['purchaseDate']
        card_type = kwargs['cardType']
        total = kwargs['total']
        last_four_digits = kwargs['lastFourDigits']

        url = 'https://www.walmart.com/chcwebapp/api/receipts'
        headers = {
            'sec-ch-ua': '"Chromium";v="98", " Not A;Brand";v="99", "Google Chrome";v="98"',
            'accept': 'application/json',
            'Referer': 'https://www.walmart.com/receipt-lookup',
            'content-type': 'application/json',
            'sec-ch-ua-mobile': '?0',
            'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.102 Safari/537.36',
            'sec-ch-ua-platform': '"Mac OS X"',
        }

        payload = {
            'storeId': store_id,
            'purchaseDate': purchase_date,
            'cardType': card_type,
            'total': total,
            'lastFourDigits': last_four_digits,
        }

        response = requests.post(url, headers=headers, data=json.dumps(payload))

        if response.status_code == 200:
            receipt_data = response.json()
            self.stdout.write(self.style.SUCCESS('Receipt data fetched successfully:'))
            self.stdout.write(json.dumps(receipt_data, indent=4))
        else:
            self.stdout.write(self.style.ERROR(f'Failed to fetch receipt: {response.status_code} {response.text}'))

Upvotes: 0

Adam Taylor
Adam Taylor

Reputation: 509

Found this while investigating a similar question, and stumbled upon an answer. I am trying to build a tool that allows me to auto-categorize some purchases. Unfortunately, Walmart takes their security quite seriously and has implemented several measures to prevent running automated tools on their website (even with things like puppeteer-stealth)

However, today I found out that if you go to https://walmart.com/receipt-lookup, and check out the network tab—you can actually see a request goes out to https://walmart.com/chcwebapp/api/receipts and it only requires a few parameters:

{
   "storeId": number;
   "purchaseDate": string - MM-DD-YYYY;
   "cardType": string (ex. "visa")
   "total": number (ex. 100.89)
   "lastFourDigits": string (ex. "1234")
}

For completeness, an example cURL request:

curl 'https://www.walmart.com/chcwebapp/api/receipts' \
  -H 'sec-ch-ua: "Chromium";v="98", " Not A;Brand";v="99", "Google Chrome";v="98"' \
  -H 'accept: application/json' \
  -H 'Referer: https://www.walmart.com/receipt-lookup' \
  -H 'content-type: application/json' \
  -H 'sec-ch-ua-mobile: ?0' \
  -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.102 Safari/537.36' \
  -H 'sec-ch-ua-platform: "Mac OS X"' \
  --data-raw '{"storeId":"123","purchaseDate":"02-19-2022","cardType":"visa","total":"100.00","lastFourDigits":"1234"}' \
  --compressed

It doesn't appear to require any type of authentication as a quick glance at the request shows no cookies!

I am ecstatic to have found this. I'm not totally sure if it will fit your needs, but since my tool already has access to the total, last 4, and date all I need is the storeId which I can easily hard-code since we only shop at one Walmart!

As an aside, if anyone from Walmart's engineering team ever sees this—please consider allowing the develop community access to their own data. I totally get implementing PerimeterX Bot Defense for things like PS5 releases, but blocking login attempts just to look at my own receipts? It seems like taking out an anthill with a bazooka.

Upvotes: 5

Related Questions