# Marketplace Cookies Setup Both Facebook Marketplace and eBay require valid session cookies to bypass bot detection and access listings. ## Cookie Priority Hierarchy All scrapers follow this priority order (highest to lowest): 1. **URL Parameter** - Passed directly in API/MCP request (overrides all) 2. **Environment Variable** - Set as `FACEBOOK_COOKIE` or `EBAY_COOKIE` 3. **Cookie File** - Stored in `facebook.json` or `ebay.json` (fallback) --- ## Facebook Marketplace (`facebook.json`) ### Required Cookies - `c_user`: Your Facebook user ID - `xs`: Facebook session token - `fr`: Facebook request token - `datr`: Data attribution token - `sb`: Session browser token ### Setup Methods **Method 1: Cookie File (Lowest Priority)** 1. Log into Facebook in your browser 2. Open Developer Tools → Application/Storage → Cookies 3. Export cookies as JSON array to `facebook.json` Example `facebook.json`: ```json [ { "name": "c_user", "value": "123456789", "domain": ".facebook.com", "path": "/", "secure": true } ] ``` **Method 2: Environment Variable** ```bash export FACEBOOK_COOKIE='c_user=123; xs=token; fr=request' ``` **Method 3: URL Parameter (Highest Priority)** ``` GET /api/facebook?q=laptop&cookies=[{"name":"c_user","value":"123",...}] ``` --- ## eBay (`ebay.json`) eBay has aggressive bot detection that blocks requests without valid session cookies. ### Setup Methods **Method 1: Cookie File (Lowest Priority)** 1. Log into eBay in your browser 2. Open Developer Tools → Network tab 3. Visit ebay.ca and inspect any request headers 4. Copy the full `Cookie` header value 5. Save as plain text to `ebay.json` (see `ebay.json.example`) Example `ebay.json`: ``` s=VALUE; ds2=VALUE; ebay=VALUE; dp1=VALUE; nonsession=VALUE ``` **Method 2: Environment Variable** ```bash export EBAY_COOKIE='s=VALUE; ds2=VALUE; ebay=VALUE' ``` **Method 3: URL Parameter (Highest Priority)** ``` GET /api/ebay?q=laptop&cookies=s=VALUE;ds2=VALUE;ebay=VALUE ``` --- ## Important Notes - Cookies must be from active browser sessions - Cookies expire and need periodic refresh - **NEVER** commit real cookies to version control - Platforms may still block automated scraping despite valid cookies ## Security All `*.json` files in this directory are git-ignored for security.