New here? Start with Quickstarts
Generate credentials, make your first call, and subscribe to status updates. You can always return to this hub to find the next section you need.
Choose your language
Pick a language-specific track, or follow the universal curl quickstart below.
JavaScript / TypeScript
Node.js with fetch/axios, token caching, retries, and idempotency helpers.
Prefer a universal path? Start with curl
Five steps: create an app → get a token → call Offers → (optional) create a Reservation → verify in analytics.
1) Create an app & credentials
- Go to Get Access → register/sign in → My Apps → New App.
- Select Sandbox environment and required APIs/scopes.
- Copy your
CLIENT_IDandCLIENT_SECRET.
2) Know your base URLs
- Sandbox:
<SANDBOX_BASE_URL> - Production:
<PROD_BASE_URL>Keep Production for later—do all first tests in Sandbox.
3) Get an access token (OAuth 2.1 Client Credentials)
curl -X POST "$SANDBOX_AUTH_URL/oauth2/token" \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "grant_type=client_credentials&client_id=$CLIENT_ID&client_secret=$CLIENT_SECRET&scope=offers.read reservations.write"
Response (example)
{
"access_token": "eyJhbGciOiJSUzI1NiIs...",
"token_type": "Bearer",
"expires_in": 3600,
"scope": "offers.read reservations.write"
}
4) Make your first call (Offers search)
ACCESS_TOKEN="paste_token_here"
curl -X GET "$SANDBOX_BASE_URL/v1/offers/search?pickupStationId=FR-PAR-001&pickupDate=2025-10-01T09:00:00Z&returnDate=2025-10-03T09:00:00Z" \
-H "Authorization: Bearer $ACCESS_TOKEN" \
-H "Accept: application/json" \
-H "x-correlation-id: quickstart-$(uuidgen)"
Response (trimmed)
{
"offers": [
{
"offerId": "off_123",
"vehicle": {"category":"ECMN","brand":"Peugeot","model":"208"},
"price": {"currency":"EUR","total": 86.40},
"rate": {"ref":"NRF_BUNDLE_A","refundable": false}
}
]
}
5) (Optional) Create a reservation (idempotent POST)
curl -X POST "$SANDBOX_BASE_URL/v1/reservations" \
-H "Authorization: Bearer $ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-H "Idempotency-Key: $(uuidgen)" \
-d '{
"offerId":"off_123",
"driver":{"firstName":"Ana","lastName":"Martinez","email":"ana@example.com"},
"payment":{"mode":"PREPAID","instrument":"TOKEN_abc"},
"extras":[{"code":"GPS"}]
}'
Tip: Re-using the same Idempotency-Key safely retries a create without duplicates.
Verify & next steps
Check Workspace → Usage & Analytics to see your requests. Explore Use Cases for end-to-end flows, or jump to API Reference for exact contract details. Read Security & Compliance for scopes, rate limits, and data handling.
What you’ll learn in each language quickstart
All tracks cover the same essentials so teams can mix languages with confidence.
Auth & Secrets
- OAuth2 Client Credentials flow
- Token refresh & caching
- Scopes & least privilege
HTTP Resilience
- Timeouts, retries, backoff
- Idempotency on POST
- Circuit-breaking hints
API Patterns
- Pagination & filtering
- Error model & correlation IDs
- Webhook signature verification
Common pitfalls & troubleshooting
Quick fixes for the top issues new integrations hit.
- 401/403: Check scopes selected when creating the app; ensure you’re using a Sandbox key on Sandbox.
- Expired token: expires_in is usually ~3600s. Cache and refresh before expiry.
- 429 rate-limit: Respect Retry-After header; implement exponential backoff.
- Clock skew: If using mTLS/JWT validation on your side, sync system time (NTP).
- CORS (browser apps): Use server-side token exchange; do not expose secrets in the browser.
- POST retries: Always send Idempotency-Key for create/update operations.
Where to next?
Go deeper with end-to-end flows, exact contracts, and policy details.