This is the home for Uber’s OAuth 2.0 and OpenID Connect (OIDC) APIs. If you want users to log in with their Uber account or access their data without your app ever handling their credentials, you’re in the right place.

¶ How OAuth Works

With OAuth 2.0, your app never sees the user’s password, so the user logs in on Uber’s side, grants your app a token scoped to what you asked for, and you use that token to make API calls on their behalf.

Here’s what that looks like step by step:

1. Your app sends the user to Uber’s authorization endpoint with the scopes you need, and your redirect URI must already be registered in the Developer Dashboard, since Uber won’t redirect to anything it doesn’t recognize.
2. The user logs in and approves the permissions.
3. Uber sends them back to your app with a short-lived authorization code.
4. Your server trades that code for an access token (and usually a refresh token) at Uber’s token endpoint.
5. Use the access token to make API calls, and when it expires, use the refresh token to get a new one silently, without sending the user through login again.

If you’re building a mobile or single-page app that can’t safely store a client secret, use PKCE (Proof Key for Code Exchange) alongside the Authorization Code Flow, replacing the client secret with a throwaway code pair generated at runtime, keeping the token exchange secure even in public client environments.

OpenID Connect sits on top of OAuth 2.0 and adds an ID token, a signed JWT that carries verified identity claims like the user’s Uber ID and profile info.

¶ What’s in These Docs

Getting Started The setup steps: creating a developer account, registering your app, configuring your redirect URIs and scopes, and getting your integration ready to test.

Guides Once you’re set up, the guides cover the flows and features you’ll actually need. Different auth scenarios, token management, scopes, and more advanced options when your use case calls for them.

Consumer Identity API Interface Endpoint-by-endpoint documentation with real request/response examples, parameter details, and notes on how things behave. Covers the full lifecycle from authorization through token revocation, profile retrieval, and account linking.

API Reference in OpenAPI Standard Machine-readable OpenAPI specs for every Consumer Identity endpoint. Useful for generating client SDKs, importing into tools like Postman, or validating your requests and responses.

Next Step: Head to Getting Started to create your developer account and register your app.