Three lines




To access the Direct API, you will need a valid access token from our OAuth service. All calls to leverage OAuth 2.0 with the client_credentials grant type.

OAuth2.0 specification is outlined in RFC 6479

Get an Access Token

To generate an access token, retrieve your application’s client_id and client_secret from the Direct Dashboard.

Direct Dashboard Developers Tab

Authentication Request

The authentication endpoint expects requests to be encoded as application/x-www-form-urlencoded or multipart/form-data

Header Type #1: application/x-www-form-urlencoded

curl --request POST '' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_id=<CLIENT_ID>' \
--data-urlencode 'client_secret=<CLIENT_SECRET>' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'scope=eats.deliveries'

Header Type #2: multipart/form-data

curl --request POST '' \
--header 'Content-Type: multipart/form-data' \
--form 'client_id="<CLIENT_ID>"' \
--form 'client_secret="<CLIENT_SECRET>"' \
--form 'grant_type="client_credentials"' \
--form 'scope="eats.deliveries"'
Parameter Description
client_id The Client ID of your application, retrieved from the Direct Dashboard.
client_secret The Client Secret of your application. This should be treated like your application password.
grant_type To access the Uber Direct API, authenticate your application by setting this to the client_credentials grant type. This will create an OAuth 2.0 access token with the specified scope.
scope Specifies the Uber developer endpoints that this token has access to. For Direct APIs, the scope will always be: eats.deliveries. For Org APIs, the scope will always be: direct.organizations
Authentication Response
  "access_token": "<TOKEN>",
  "expires_in": 2592000,
  "token_type": "Bearer",
  "scope": "eats.deliveries"

The access_token field will contain the token used to authenticate against the Uber Direct APIs.

The expires_in field indicates the lifetime of the access token, provided in seconds. Tokens are valid for 30 days (2,592,000 seconds) and should be cached and re-used across requests until (or shortly before) expiration. It should NOT be re-generated per request. Existing tokens cannot be refreshed, but new tokens can be created as many times as needed.

Note: Client credential grant type requests will be rate limited to 100 requests per hour.

For examples on obtaining the access token using Node.js and Python, please refer to the following resources:

Example Node.js
var request = require('request');

// Set the API endpoint and request options
var options = {
  method: 'POST',
  url: '',
  headers: {
    'Content-Type': 'application/x-www-form-urlencoded',
  form: {
    client_id: '<CLIENT_ID>', // Replace with your actual Client ID
    client_secret: '<CLIENT_SECRET>', // Replace with your actual Client Secret
    grant_type: 'client_credentials',
    scope: 'eats.deliveries', // The scope of access required

// Send the request to Authorization API
request(options, function (error, response) {
  if (error) throw new Error(error);
  console.log(response.body); // Print the response body containing the access token
Example Python
import requests

url = ""

# Set the payload with required parameters
payload = {
    'client_id': '<CLIENT_ID>',         # Replace with your actual Client ID
    'client_secret': '<CLIENT_SECRET>', # Replace with your actual Client Secret
    'grant_type': 'client_credentials',
    'scope': 'eats.deliveries',         # The scope of access required

headers = {
  'Content-Type': 'application/x-www-form-urlencoded'

# Send the request to Authorization API
response =, headers=headers, data=payload)

print(response.text)  # Print the response text containing the access token
Access Token Usage

Pass the access_token returned in the previous step as a bearer token in the Authorization header of other Direct API endpoints.

Note that all Direct endpoints besides Authentication (above) expect requests to be encoded as application/json. See below example in curl for Create Quote API:

curl --request POST '<customer_id>/delivery_quotes' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer <TOKEN>' \
--data-raw '{
    "pickup_address": "{\"street_address\": [\"20 W 34th St\", \"Floor 2\"],\"state\":\"NY\",\"city\":\"New York\",\"zip_code\":\"10001\",\"country\":\"US\"}",
  "dropoff_address": "{\"street_address\": [\"285 Fulton St\", \"\"],\"state\":\"NY\",\"city\":\"New York\",\"zip_code\":\"10006\",\"country\":\"US\"}"

Parameter Description
customer_id Unique 128-bits UUID for the organization. It can be found under the Developers tab in Direct Dashboard.
TOKEN The access_token returned in the previous step, used to authenticate against the Uber Direct APIs.
Authentication Error Codes
Parameter Description
invalid_request Required parameters were not provided.
invalid_client The client ID or secret provided is invalid.
invalid_scope The scope provided is invalid
server_error The server returned an unknown error.
unauthorized Invalid OAuth 2.0 credentials provided.


© 2023 Uber Technologies Inc.