3rd Party Authentication
The Uber for Business API supports OAuth 2.0. We support both the client_credentials grant type and authorization_code type.
¶ Overview
Third party authentication is designed to establish a reliable mechanism to authorize U4B business organizations to authorize a third party (3P) business. Once the U4B organization authorizes the 3P application, the 3P will have the ability to access the U4B APIs.
¶ Scope
business.receipts
¶ Authorizing 3P
The U4B organization can authorize the 3P application via the authorization endpoint.
Host | https://business.uber.com |
---|---|
Authorization Endpoint |
https://business.uber.com/authorize |
¶ Query Parameters
Parameter | Description |
---|---|
client_id |
Client ID of the 3P application |
scope |
business.receipts |
redirect_uri |
The URI we will redirect back to after an authorization by the resource owner. |
app_name |
The name of the 3P application |
¶ Example
https://business.uber.com/authorize?client_id=<CLIENT_ID>&scope=<SCOPE>&redirect_uri=<REDIRECT_URI>&app_name=<APPLICATION_NAME>
Note: Replace the all the redirect_uri
. On the redirect URL, there will be an Organization UUID(org_uuid
) appended. (as shown below)
GET https://your-redirect-uri/?org_uuid=<ORGANIZATION_UUID>
¶ Revoking 3P authorization
The U4B organization can revoke the 3P authorization via the revoke endpoint.
Host | https://business.uber.com |
---|---|
Authorization Endpoint |
https://business.uber.com/revoke |
¶ Query Parameters
Parameter | Description |
---|---|
client_id |
Client ID of the 3P application |
org_uuid |
The organization UUID received in the redirect URI. |
app_name |
The name of the 3P application |
redirect_uri |
The URI we will redirect back to after the authorization is revoked by the resource owner. |
¶ Example
https://business.uber.com/revoke?org_uuid=<ORGANIZATION_UUID>&client_id=< CLIENT_ID>&app_name=<APPLICATION_NAME>
Note: Replace the all the
¶ Errors
Error | Description |
---|---|
invalid_request | The authorization request is invalid. Required parameters were not provided or in the wrong format. |
revoke_canceled | The organization admin has denied revoke authorization request |
invalid_client | The client ID is invalid. |
invalid_scope | The scope parameter provided is not a valid subset of scopes. |
access_denied | The organization has denied your authorization request. |