Authentication

POSThttps://login.uber.com/oauth/v2/token

Access to These APIs May Require Written Approval From Uber

Uber’s APIs are always under development and as such are subject to changes according to our Versioning & Upgrade policy. As part of Uber’s ongoing privacy improvements, we’ve updated our Developer API program with new scope access policies for third party applications. For further information, please refer to our Getting Started guides.

Overview

To access the Direct API, you will need a valid access token from our OAuth service. You can get this token by sending a request to https://login.uber.com/oauth/v2/token.

All calls to https://api.uber.com/ leverage OAuth 2.0 with the client_credentials grant type.

To call the Create Organization API, you have to include two scopes: eats.deliveries and direct.organizations

Get an access token

To generate an access token, retrieve your application’s client_id and client_secret from the Direct Dashboard (see the example below).

OAuth2.0 specification is outlined in RFC 6479

Direct Dashboard Developers Tab

Example POST Request

The authentication endpoint expects requests to be encoded as application/x-www-form-urlencoded or multipart/form-data

Header Type #1: application/x-www-form-urlencoded
curl --request POST 'https://login.uber.com/oauth/v2/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_id=<CLIENT_ID>' \
--data-urlencode 'client_secret=<CLIENT_SECRET>' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'scope=eats.deliveries'

OR

curl -X POST 'https://login.uber.com/oauth/v2/token' \
-d 'client_id=<CLIENT_ID>' \
-d 'client_secret=<CLIENT_SECRET>' \
-d 'grant_type=client_credentials' \
-d 'scope=eats.deliveries'
Header Type #2: multipart/form-data
curl --request POST 'https://login.uber.com/oauth/v2/token' \
--header 'Content-Type: multipart/form-data' \
--form 'client_id="<CLIENT_ID>"' \
--form 'client_secret="<CLIENT_SECRET>"' \
--form 'grant_type="client_credentials"' \
--form 'scope="eats.deliveries"'

OR

curl -X POST https://login.uber.com/oauth/v2/token
-F "client_id=<CLIENT_ID>" \
-F "client_secret=<CLIENT_SECRET>" \
-F "grant_type=client_credentials" \
-F "scope=eats.deliveries" \
Parameter Description
client_id The Client ID of your application, retrieved from the Direct Dashboard.
client_secret The Client Secret of your application. This should be treated like your application password.
grant_type To access the Uber Direct API, authenticate your application by setting this to the client_credentials grant type. This will create an OAuth 2.0 access token with the specified scope.
scope Specifies the Uber developer endpoints that this token has access to. For Uber Direct, the scope will always be “eats.deliveries”.
Example Response
{
  "access_token": "<TOKEN>",
  "expires_in": 2592000,
  "token_type": "Bearer",
  "scope": "eats.deliveries"
}

The access_token field will contain the token used to authenticate against the Uber Direct APIs.

The expires_in field indicates the lifetime of the access token, provided in seconds. Tokens are valid for 30 days (2,592,000 seconds) and should be cached and re-used across requests until (or shortly before) expiration – NOT re-generated per request. Existing tokens cannot be refreshed, but new tokens can be created as many times as needed.

Note: Client credential grant type requests will be rate limited to 100 requests per hour.

Other Programming Languages:
NodeJS
var request = require('request');
var options = {
  'method': 'POST',
  'url': 'https://login.uber.com/oauth/v2/token',
  'headers': {
    'Content-Type': 'application/x-www-form-urlencoded'
  },
  form: {
    'client_id': '<CLIENT_ID>',
    'client_secret': '<CLIENT_SECRET>',
    'grant_type': 'client_credentials',
    'scope': 'eats.deliveries'
  }
};
request(options, function (error, response) {
  if (error) throw new Error(error);
  console.log(response.body);
});
Python
import requests

url = "https://login.uber.com/oauth/v2/token"

payload='client_id=<CLIENT_ID>&client_secret=<CLIENT_SECRET>&grant_type=client_credentials&scope=eats.deliveries'
headers = {
  'Content-Type': 'application/x-www-form-urlencoded'
}

response = requests.request("POST", url, headers=headers, data=payload)

print(response.text)

Usage

Pass the access_token returned in the previous step as a bearer token in the Authorization header.

Example POST Request

Note that all Direct endpoints besides Authentication (above) expect requests to be encoded as application/json.

curl --request POST 'https://api.uber.com/v1/customers/<customer_id>/delivery_quotes' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer <TOKEN>' \
--data-raw '{
    "pickup_address": "175 Greenwich St, New York, NY 10007",
    "dropoff_address": "231 Hudson St, New York, NY 10013"
}'

OR

curl -X POST 'https://api.uber.com/v1/customers/<customer_id>/delivery_quotes' \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer <TOKEN>' \
-d '{
  "pickup_address": "175 Greenwich St, New York, NY 10007",
  "dropoff_address": "231 Hudson St, New York, NY 10013"
}'
Parameter Description
customer_id Unique 128-bits UUID for the organization. It can be found under the Developers tab in Direct Dashboard.
TOKEN The access_token returned in the previous step, used to authenticate against the Uber Direct APIs.

Authentication Error Codes

Parameter Description
invalid_request Required parameters were not provided.
invalid_client The client ID or secret provided is invalid.
invalid_scope The scope provided is invalid
server_error The server returned an unknown error.
unauthorized Invalid OAuth 2.0 credentials provided.

© 2023 Uber Technologies Inc.