Grab Getting Started: API Integration Guide (2026)

Getting started overview

Integrating with Grab's developer platform involves a sequence of steps designed to enable access to its various services, including ride-hailing, food delivery, logistics, and digital payments. The process typically begins with account registration, followed by application creation within the developer portal, and the generation of API keys. These keys are essential for authenticating requests to Grab's endpoints. Developers can then utilize the provided SDKs or directly interact with the RESTful APIs to build and test integrations in a sandbox environment before deploying to production. The platform supports common programming languages and offers comprehensive API documentation to guide the integration process.

The Grab Developer Portal serves as the central hub for all integration activities, providing access to Grab's API documentation, SDKs, and tools necessary for development. This portal is where developers manage their applications, obtain credentials, and monitor API usage.

Here is a quick reference table for the initial steps:

Create an account and get keys

To begin developing with Grab APIs, a developer account is required. Navigate to the Grab Developer Portal and complete the registration process. This typically involves providing an email address, setting a password, and agreeing to the terms of service. Once registered and logged in, you will need to create a new application within the portal.

1. Register for a Grab Developer Account: Visit the Grab Developer Portal and sign up. You will likely need to verify your email address.
2. Create a New Application: After logging in, locate the "My Apps" section. Click on an option to "Create New App" or similar. You'll be prompted to provide details about your application, such as its name, description, and the type of services you intend to use (e.g., Grab Transport, Grab Food). This step registers your application with Grab's system.
3. Obtain API Keys: Upon successful application creation, the portal will generate your API credentials. These typically include a Client ID and a Client Secret. These keys are crucial for authenticating your API requests. The Client Secret should be treated as sensitive information and stored securely, similar to how one would handle a password for a OAuth 2.0 client application. Some APIs may also require additional keys or tokens depending on the specific service and authentication flow (e.g., OAuth 2.0 for user authorization).
4. Configure Redirect URIs (if applicable): If your application uses OAuth 2.0 for user authorization (e.g., for Grab Pay), you will need to configure Redirect URIs in your application settings within the developer portal. These URIs are callback endpoints where Grab will redirect the user after they grant or deny permissions to your application.

It is recommended to start with a sandbox or test environment provided by Grab to develop and test your integrations without affecting live production data or incurring charges. The developer portal typically offers clear instructions on how to switch between sandbox and production environments.

Your first request

After obtaining your API keys, the next step is to make your first authenticated request to a Grab API endpoint. This typically involves using your Client ID and Client Secret to obtain an access token, which is then included in subsequent API calls. Grab's APIs generally follow a RESTful architecture, utilizing JSON for request and response bodies.

Here's a general outline for making a first request, often demonstrated with cURL:

1. Choose an API and Endpoint: Refer to the Grab API Reference to select a simple endpoint for testing. A common starting point is an endpoint that does not require extensive user data, such as checking service availability or retrieving a list of supported countries.
2. Obtain an Access Token: Most Grab APIs require an OAuth 2.0 access token. This token is usually obtained by making a POST request to an authentication endpoint, providing your Client ID and Client Secret. The response will contain the access token and its expiration time.

   curl -X POST \  'https://partner-api.grab.com/auth/v1/oauth2/token' \  -H 'Content-Type: application/x-www-form-urlencoded' \  -d 'client_id=YOUR_CLIENT_ID&client_secret=YOUR_CLIENT_SECRET&grant_type=client_credentials&scope=YOUR_SCOPE'

   Replace YOUR_CLIENT_ID, YOUR_CLIENT_SECRET, and YOUR_SCOPE with your actual credentials and the required scope for the API you are calling. Scopes define the permissions your application requests, as detailed in the Grab API documentation.

3. Make an API Call with the Access Token: Once you have the access token, include it in the Authorization header of your subsequent API requests, typically in the format Bearer YOUR_ACCESS_TOKEN.

   curl -X GET \  'https://partner-api.grab.com/food/v1/merchants?lat=1.3521&lng=103.8198' \  -H 'Authorization: Bearer YOUR_ACCESS_TOKEN' \  -H 'Content-Type: application/json'

   This example demonstrates a GET request to a hypothetical Grab Food endpoint to retrieve merchants near specific coordinates. Adjust the endpoint, method, and parameters according to the specific Grab API you are interacting with.

4. Interpret the Response: A successful response will typically return a 200 OK HTTP status code and a JSON payload containing the requested data. Error responses will have a status code indicating the issue (e.g., 400 Bad Request, 401 Unauthorized, 403 Forbidden, 404 Not Found) and a JSON body with an error message.

Common next steps

After successfully making your first API call, you can proceed with further integration and development:

• Explore More APIs: Dive deeper into the specific Grab APIs relevant to your application, such as Grab Food API for delivery, Grab Transport API for ride-hailing, or Grab Pay API for payment processing.
• Implement SDKs: If developing for mobile or JavaScript-based web applications, consider using the official Grab SDKs (JavaScript, Android, iOS). SDKs often simplify authentication, request formatting, and response parsing, accelerating development.
• Handle Webhooks: For real-time updates and asynchronous events (e.g., status changes for a delivery order), implement Grab webhooks. This involves setting up an endpoint on your server to receive POST requests from Grab when specified events occur. Webhooks are a common pattern in API integrations, as documented by Stripe's webhook implementation guide.
• Error Handling and Retries: Implement robust error handling in your application to gracefully manage API errors, network issues, and rate limits. Consider retry mechanisms for transient errors, often with an exponential backoff strategy.
• Go Live: Once your integration is thoroughly tested in the sandbox environment, follow Grab's guidelines for transitioning to the production environment. This usually involves generating production API keys and updating your application's configuration to point to production endpoints.
• Monitor Usage: Utilize the Grab Developer Portal to monitor your API usage, track performance, and identify any potential issues or anomalies.

Troubleshooting the first call

Encountering issues during your first API call is common. Here are some troubleshooting steps:

• Check API Keys: Ensure that your Client ID and Client Secret are correct and have not been truncated or altered. Verify that you are using the keys generated for the correct environment (sandbox vs. production).
• Authentication Errors (401 Unauthorized): This often indicates an issue with your access token. Ensure it's correctly included in the Authorization: Bearer YOUR_ACCESS_TOKEN header and that it hasn't expired. Re-request a new token if necessary.
• Forbidden Errors (403 Forbidden): A 403 error usually means your application lacks the necessary permissions (scopes) to access the requested resource. Review the scopes requested during token generation and compare them with the requirements listed in the Grab API documentation for the specific endpoint.
• Bad Request Errors (400 Bad Request): This typically points to an issue with your request payload or parameters. Check the API documentation for the endpoint you are calling to confirm the required parameters, their data types, and formatting. Ensure your JSON is valid.
• Network Issues: Verify your internet connection. If making requests from behind a firewall, ensure that traffic to Grab's API endpoints is allowed.
• Rate Limiting: If you receive a 429 Too Many Requests error, you have exceeded the API's rate limits. Implement a backoff strategy and retry your requests after a delay.
• Consult Documentation and Support: The Grab Developer Documentation is the primary resource for specific error codes, troubleshooting guides, and best practices. If issues persist, consider reaching out to Grab Developer Support.