Three lines





The Driver API supports the OAuth 2.0 authentication mechanism to gain access to a driver’s data.

User Access Token authentication

The Uber API uses OAuth 2.0 to allow developers to get a user access token to access a single driver’s data. OAuth 2.0 is a specification outlined in RFC 6749 that allows third-party services to make requests on behalf of a driver without accessing passwords and other sensitive information. If you are unfamiliar with OAuth 2.0, check out Aaron Parecki’s “OAuth 2 Simplified” guide.

We strongly recommend that you use a pre-built library to perform the authorization grant and token exchanges for OAuth 2.0. If you go this route, all you will need are the endpoints below and to specify your redirect URL in the application dashboard.

OAuth 2.0 endpoints

Authorization Host
Authorization Endpoint
Token Exchange Endpoint
Step 1: Authorize

The first step of the flow is to direct your driver to the authorization URL and supply the query parameters described below.

First, the driver has to grant your app permission to access their data or do actions on their behalf. Uber provides an authorization page where drivers can securely sign in with their Uber username and password to grant permissions to your app. This authorization page is accessed through the authorization URL. To ensure that the driver grants permission to your app properly, supply query parameters to that URL as described below.<CLIENT_ID>&response_type=code&redirect_uri=<REDIRECT_URI>
Parameter Description
response_type OAuth 2.0 response type. code is the only acceptable input at this time.
client_id The client ID of your application.
scope Space delimited list of grant scopes you would like to have permission to access on behalf of the driver. Check out Scopes to see the valid subset of scopes for the Driver API. If none is provided the default is the set selected in your application’s dashboard. It is invalid to provide no scopes and have none selected in the dashboard.
redirect_uri The URI we will redirect back to after an authorization by the resource owner. The base of the URI must match the redirect_uri used during the registration of your application. If none is provided the default is the first redirect URI provided in the dashboard.
state (optional) State which will be passed back to you to prevent tampering.

After you’ve supplied the needed parameters, present this authorization URL as a link for the driver to visit. Usually, this link will say “Sign in with Uber”.

When drivers visit the authorization page and sign in, they will see a page that looks like this, asking them to authorize your app with the scopes you provided above.


Step 2: Receive redirect

Once the driver authenticates and authorizes your app, Uber will issue an HTTP 302 redirect to the redirect_uri passed in or the default when none is explicitly provided. On that redirect, you will receive a single-use authorization code which expires in 10 minutes.

GET https://your-redirect-uri/?code=AUTHORIZATION_CODE
Step 3: Get an access token

Use the Token Exchange Endpoint to exchange this authorization code for an access_token which will allow you to make requests on behalf of the user.

Example Request:

curl -F 'client_secret=<CLIENT_SECRET>' \
     -F 'client_id=<CLIENT_ID>' \
     -F 'grant_type=authorization_code' \
     -F 'redirect_uri=<REDIRECT_URI>' \

Example Response:

    "access_token": "<TOKEN>",
    "expires_in": 2592000,
    "token_type": "Bearer",
    "refresh_token": "REFRESH_TOKEN",
    "scope": "partner.accounts partner.payments partner.trips"

The access_token is valid for the time described by expires_in (in seconds). The refresh_token expires after one year and can be used to obtain a new access_token at any time given that your application is still authorized to access the API on behalf of this user.

Step 4: Use bearer token

Pass the access_token returned in the previous step as a bearer token in the Authorization header.

OAuth token (sent in a header)

curl -H 'Authorization: Bearer <TOKEN>' ''
Refreshing tokens

When the driver’s access_token has expired, obtain a new access_token by exchanging the refresh_token associated with the access_token. Note: The client ID must match the client ID from the authorization code flow.

curl -F 'client_secret=<CLIENT_SECRET>' \
     -F 'client_id=<CLIENT_ID>' \
     -F 'grant_type=refresh_token' \
     -F 'refresh_token=REFRESH_TOKEN' \

A refresh_token is valid for one year and tokens that have been inactive for more than one year will be invalidated. The client ID must match the client ID from the authorization code flow.

Revoking tokens

There are two ways that a user access token can be revoked: either you revoke it yourself upon the driver’s request, or the driver can go to the Riders Profile page and click ‘Disconnect’ on your app.

Drivers can use their account to login to the Rider dashboard. The Driver Dashboard does not currently display connected applications.

Within your app’s interface, you may present the option of “disconnecting” a driver’s Uber account from your app. Use the revoke endpoint to invalidate a user access token:

curl -F 'client_secret=<CLIENT_SECRET>' \
     -F 'client_id=<CLIENT_ID>' \
     -F 'token=<TOKEN>' \

If a driver disconnects your application from the Riders Profile, it will invalidate any existing tokens and your app will not be able to refresh any tokens. To gain access again, you will have to go through the entire flow from Step 1.

Debugging & authentication errors

Expect access token lengths to change over time as Uber makes changes to what is stored in them and how they are encoded. To account for this, please use a variable length data type without a specific maximum size to store access tokens and refresh tokens.

Error Description
invalid_request Required parameters were not provided.
invalid_client The client ID or secret provided is invalid.
invalid_grant Valid grant types are authorization_code and refresh_token
invalid_scope The scope parameter provided is not a valid subset of scopes.
server_error The server returned an unknown error.
temporarily_unavailable The endpoint is temporarily unable to respond.


© 2023 Uber Technologies Inc.