Uber Direct - DaaS Authentication Migration
¶ DaaS Authentication Migration
¶ What is changing?
¶ 1. Authentication Method
Currently, the DaaS API uses static credentials that are transmitted via Basic Authentication. We will be moving to an OAuth 2.0 client credentials flow exclusively, and will no longer support Basic Authentication.
To authenticate with OAuth, you will need your Client ID and Client Secret, which are now available in the Uber Direct Dashboard’s devleoper tab (screenshot below).
DaaS Authentication documentation and examples are here.
Note: Your Access Token expires and needs to be renewed every 30 days.
¶ 2. Daas API Endpoint
The DaaS API base path will change from https://api.postmates.com to https://api.uber.com.
¶ 3. JSON content-type is required
Previously, the DaaS API supported both form encoding (application/x-www-form-urlencoded and JSON (application/json). Going forward, only JSON encoding will be supported.
¶ 4. Customer ID
Previously, our endpoint URLs included a customer token (cus_XXXXXXXX). This token will be replaced with the Customer ID, which is a 128-bit UUID.
Example:
- Old URL with the depreated Customer ID:
https://api.postmates.com/v1/customers/*cus_3xmp13*/deliveries
- New URL with the new Customer ID (UUID)
https://api.uber.com/v1/customers/23e4567-1111-12d3-cccc-ffffffffffff/deliveries
The Customer ID is available in the Uber Direct Dashboard along with your Client ID and Client Secret.
¶ Why is it changing?
- OAuth 2.0 is a more secure authentication mechanism than Basic Authentication
- Moving to the standard Uber authentication method will allow for efficiencies with other Uber services (e.g. UberEats marketplace)
¶ When does this change take effect?
Today, the OAuth 2.0 flow and https://api.uber.com endpoint are available in Sandbox and Production environments.
Basic Authentication on the Postmates endpoint will continue to work until October 1, 2022.
¶ Quick reference table
