Authentication
After you’ve registered your developer account and application, you’ll be able to access the following parameters for your application on the Applications page to use for authorization.
client_id
: The ID of your application, this should be treated as your application’s user name.client_secret
: The secret for your application, this should be treated like your application’s password. Never share this with anyone, check this into source code, or post in any public forum. Additionally, this should not be distributed on client devices where users could decompile your code and access the secret. If you suspect your client_secret has been compromised you may generate a new one in your application’s dashboard which will immediately invalidate the old secret.
¶ Scopes
Use the business.receipts
scope for the Uber for Business Receipts API.
¶ Client Credentials Flow
To access the Business API, instead of authenticating as a user, authenticate as your application using the client credentials grant type. This will create an OAuth 2.0 access token with the specified scopes. These tokens cannot be refreshed, but they can be created as many times as needed.
To create a client credential token, use the POST /token
endpoint as follows, using your app’s client ID and secret from the developer dashboard:
curl -X POST \
-F 'client_id=<CLIENT_ID>' \
-F 'client_secret=<CLIENT_SECRET>' \
-F "grant_type=client_credentials" \
-F "scope=business.receipts" \
"https://auth.uber.com/oauth/v2/token"
The access_token
is good for a limited period of time described by the expires_in
field (in seconds):
Status-Code: 200 OK
{
"access_token": "xxx",
"token_type": "Bearer",
"expires_in": 2592000,
"scope": "business.receipts"
}
The access_token
is good for a limited period of time described by the expires_in
field (in seconds).
¶ Error Responses
Here are common error responses and the possible reason for each response.
Status Code: 401 Unauthorized
{
"error": "invalid_grant"
}
- You are using an invalid
refresh_token
. You can generate multiple access tokens, but you can only use the latest generatedrefresh_token
. - You supplied an invalid
code
when exchanging an authorizationcode
for anaccess_token
.
Status Code: 400 Bad Request
{
"error": "unsupported_grant_type"
}
You supplied an invalid string for grant_type
field. Only refresh_token
, authorization_code
and client_credentials
are valid values.
Status Code: 401 Unauthorized
{
"error": "invalid_client"
}
Either your client_id
or client_secret
is invalid.