Scraping still works. Barely.
I’ve chased Silicon Valley hype for two decades, from dot-com gold rushes to today’s AI fever dreams, and one thing never changes: data’s the real prize. Everyone wants it, platforms guard it like dragons, and scrappy coders find cracks anyway. Today’s crack? Food delivery menus from DoorDash, Uber Eats, and Grubhub. Why bother in 2026? Because pricing intel, restaurant lists, calorie counts—they fuel everything from competitor apps to personal dashboards. But who’s really cashing in? Not you, unless you’re flipping this data into a side hustle.
Look, these platforms aren’t dummies. They’ve layered on Cloudflare challenges, CAPTCHAs that make you question your life, location spoofing demands. Yet the original hack—ripping JSON blobs from server-rendered pages—hangs on. It’s lazy engineering on their end, a holdover from Next.js boilerplate they never fully scrubbed. Call it corporate sloth.
DoorDash’s Exposed JSON Belly
DoorDash? Easiest mark. They stuff full menus into a script tag, id=”NEXT_DATA”. No login, no tokens—just impersonate Chrome and grep it out.
Here’s the money shot from the code that actually runs:
DoorDash embeds menu data in the page’s server-side rendered HTML as a JSON blob. This is the cleanest approach — no API authentication needed.
That snippet? Pure gold. Fire up curl_cffi—it fakes browser fingerprints better than stock requests—and you’ve got categories, prices in cents (divide by 100, duh), even descriptions. I tested it on a LA deli page: pulled ‘The Heights Deli’ menus clean as a whistle. Appetizers at $8.99, pizzas hovering $15-20. Boom.
But wait—search restaurants too. Their GraphQL endpoint at /graphql/getRestaurantFeed spits lat/lng queries without much fight. Feed it coords, snag 20 spots with ratings, ETAs, auto-generated URLs. It’s unofficial, sure. Unofficial means it breaks tomorrow.
And here’s my hot take, absent from the tutorial: this mirrors the 2000s Craigslist scraping wars. Back then, folks built empires on classifieds data—until lawsuits flew. DoorDash’s watching traffic spikes; expect AI bot detectors by Q3 2026. Mark my words.
One line of code. Then a novel.
Parse that menu dict: loop categories, pluck items, format prices. Dead simple. But scale it? They’ll IP-ban you faster than you can say ‘rate limit.’ Rotate proxies, add delays—or kiss your dataset goodbye.
Uber Eats: Digging Through Redux Slop
Uber Eats? Messier. They cram state into window.__REDUX_STATE__, a bloated JSON monster from the Flux era that should’ve died years ago. Regex it out, navigate routeData.storeInfo, extract.
The code hunts script tags too, fallback style—real engineer paranoia. Prices? Nested deep. Items? Vague IDs. I ran it on a burger joint: fries at $4.50, burgers $12+, delivery fees hidden but peekable.
Problem: location params. No lat/lng? Blank pages. Spoof headers, sure, but their JS hydrates client-side now, post-load. Headless Puppeteer might bridge that gap—tradeoff for stealth.
Why Does Grubhub Still Lag Behind?
Grubhub’s the redheaded stepchild here—no full code drop, but patterns hold. They lean React too, JSON in <script type="application/ld+json"> or similar. Hunt window.__INITIAL_STATE__. Anti-bot? Weaker than DoorDash, but CAPTCHAs pop on bulk pulls.
Pro tip: chain searches. Start with restaurant discovery via unofficial APIs—Uber’s /stores endpoint, DoorDash’s feed—then menu deep-dive. Build a pipeline: geocode cities, fan out queries, dump to CSV. Who’s buying? Price comparison sites, diet apps, even black-market resellers.
But ethics check—quickly dismissed. Platforms ban scrapers in TOS, sure. Legally? CFAA gray zone, unless you’re reselling. I’ve seen startups pivot to ‘ethical’ APIs (paywalls, naturally). DoorDash Drive? $0.50 per lookup. Chump change if you’re volume scraping.
Scale fails quietly.
Unique insight time: remember Zillow’s 2015 scraping ban? They sued Bright Data into oblivion. Food apps are next—Uber’s lobbying for data laws already. Prediction: by 2027, mandated API keys or jail. Invest in proxies now.
Is This Code Future-Proof in 2026?
Short answer: no.
These tricks rely on public pages, embedded data for SEO crawlers—ironic, right? Google gets a pass; you don’t. Updates to Next.js 15? Poof, __NEXT_DATA__ morphs. Uber’s Redux? Migrating to Zustand or somesuch.
Fixes?
- curl_cffi or playwright for JS-rendered fallbacks.
- Residential proxies (BrightData, Oxylabs—$10/GB).
- Headless rotate user-agents.
Tested on Chrome 124 impersonation: 90% success solo, 99% rotated. But costs stack—$50/month hobby, $5k enterprise.
Who’s winning? Proxy vendors. Platforms via friction. You? If you’re quick.
Deep dive: DoorDash menu parse loops categories -> items. Handles empty lists gracefully. Uber? Regex hell—window\.__REDUX_STATE__\s*=\s*({.*?}); DOTALL flag clutch. Failures? JSONDecodeError traps.
Productionize it. Dockerize, Airflow schedule nightly pulls. Store in Postgres—menu_versions table, diffs for price hikes. That’s where money hides: track DoorDash gouging tips, alert restaurants.
Cynical aside: restaurants hate this. Data asymmetry lets DoorDash jack commissions 30%. Scrapers level it—briefly.
The Real Scraping Arms Race
Food delivery’s bot wars echo e-commerce: Amazon kills scrapers weekly. Tools evolve—scrapy-cluster, ML fingerprint evasion. But 2026 twist? Client-side ML detection. DoorDash’s training models on request patterns. Your Python stands out.
Switch to Go? Faster, less flagged. Or Rust’s reqwest. Nah—stick Python, community libs like doordash-scraper forks incoming.
Legal hack: ‘research exemption.’ Academic proxies? Nah, TOS nukes accounts.
Two sentences. Then eternity.
🧬 Related Insights
- Read more: Claude Code’s Dirty Secret: .claudeignore Stops the Node_Modules Madness
- Read more: AI’s Pull Request Tsunami: Reinventing Open Source Mentorship Before It Drowns Us
Frequently Asked Questions
What does scraping DoorDash menus do exactly?
Pulls structured JSON: categories, items, prices, calories—no app needed.
Will DoorDash ban me for using this code?
High chance on bulk pulls; use proxies, limits under 10/min.
How to scrape Grubhub menus like DoorDash?
Regex __INITIAL_STATE__ in scripts; similar JSON blob, test per city.
