Authentication
POSThttps://login.uber.com/oauth/v2/token
¶ Overview
To access the Direct API, you will need a valid access token from our OAuth service. You can get this token by sending a request to https://login.uber.com/oauth/v2/token.
All calls to https://api.uber.com/ leverage OAuth 2.0 with the client_credentials grant type.
To call the Create Organization API, you have to include two scopes: eats.deliveries and direct.organizations
¶ Get an access token
To generate an access token, retrieve your application’s client_id and client_secret from the Direct Dashboard (see the example below).
OAuth2.0 specification is outlined in RFC 6479
¶ Example POST Request
The authentication endpoint expects requests to be encoded as application/x-www-form-urlencoded or multipart/form-data
¶ Header Type #1: application/x-www-form-urlencoded
curl --request POST 'https://login.uber.com/oauth/v2/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_id=<CLIENT_ID>' \
--data-urlencode 'client_secret=<CLIENT_SECRET>' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'scope=eats.deliveries'
OR
curl -X POST 'https://login.uber.com/oauth/v2/token' \
-d 'client_id=<CLIENT_ID>' \
-d 'client_secret=<CLIENT_SECRET>' \
-d 'grant_type=client_credentials' \
-d 'scope=eats.deliveries'
¶ Header Type #2: multipart/form-data
curl --request POST 'https://login.uber.com/oauth/v2/token' \
--header 'Content-Type: multipart/form-data' \
--form 'client_id="<CLIENT_ID>"' \
--form 'client_secret="<CLIENT_SECRET>"' \
--form 'grant_type="client_credentials"' \
--form 'scope="eats.deliveries"'
OR
curl -X POST https://login.uber.com/oauth/v2/token
-F "client_id=<CLIENT_ID>" \
-F "client_secret=<CLIENT_SECRET>" \
-F "grant_type=client_credentials" \
-F "scope=eats.deliveries" \
| Parameter | Description |
|---|---|
client_id |
The Client ID of your application, retrieved from the Direct Dashboard. |
client_secret |
The Client Secret of your application. This should be treated like your application password. |
grant_type |
To access the Uber Direct API, authenticate your application by setting this to the client_credentials grant type. This will create an OAuth 2.0 access token with the specified scope. |
scope |
Specifies the Uber developer endpoints that this token has access to. For Uber Direct, the scope will always be “eats.deliveries”. |
¶ Example Response
{
"access_token": "<TOKEN>",
"expires_in": 2592000,
"token_type": "Bearer",
"scope": "eats.deliveries"
}
The access_token field will contain the token used to authenticate against the Uber Direct APIs.
The expires_in field indicates the lifetime of the access token, provided in seconds. Tokens are valid for 30 days (2,592,000 seconds) and should be cached and re-used across requests until (or shortly before) expiration – NOT re-generated per request. Existing tokens cannot be refreshed, but new tokens can be created as many times as needed.
Note: Client credential grant type requests will be rate limited to 100 requests per hour.
¶ Other Programming Languages:
¶ NodeJS
var request = require('request');
var options = {
'method': 'POST',
'url': 'https://login.uber.com/oauth/v2/token',
'headers': {
'Content-Type': 'application/x-www-form-urlencoded'
},
form: {
'client_id': '<CLIENT_ID>',
'client_secret': '<CLIENT_SECRET>',
'grant_type': 'client_credentials',
'scope': 'eats.deliveries'
}
};
request(options, function (error, response) {
if (error) throw new Error(error);
console.log(response.body);
});
¶ Python
import requests
url = "https://login.uber.com/oauth/v2/token"
payload='client_id=<CLIENT_ID>&client_secret=<CLIENT_SECRET>&grant_type=client_credentials&scope=eats.deliveries'
headers = {
'Content-Type': 'application/x-www-form-urlencoded'
}
response = requests.request("POST", url, headers=headers, data=payload)
print(response.text)
¶ Usage
Pass the access_token returned in the previous step as a bearer token in the Authorization header.
¶ Example POST Request
Note that all Direct endpoints besides Authentication (above) expect requests to be encoded as application/json.
curl --request POST 'https://api.uber.com/v1/customers/<customer_id>/delivery_quotes' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer <TOKEN>' \
--data-raw '{
"pickup_address": "175 Greenwich St, New York, NY 10007",
"dropoff_address": "231 Hudson St, New York, NY 10013"
}'
OR
curl -X POST 'https://api.uber.com/v1/customers/<customer_id>/delivery_quotes' \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer <TOKEN>' \
-d '{
"pickup_address": "175 Greenwich St, New York, NY 10007",
"dropoff_address": "231 Hudson St, New York, NY 10013"
}'
| Parameter | Description |
|---|---|
customer_id |
Unique 128-bits UUID for the organization. It can be found under the Developers tab in Direct Dashboard. |
TOKEN |
The access_token returned in the previous step, used to authenticate against the Uber Direct APIs. |
¶ Authentication Error Codes
| Parameter | Description |
|---|---|
invalid_request |
Required parameters were not provided. |
invalid_client |
The client ID or secret provided is invalid. |
invalid_scope |
The scope provided is invalid |
server_error |
The server returned an unknown error. |
unauthorized |
Invalid OAuth 2.0 credentials provided. |