Three lines

Uber

Developers

Authentication

POSThttps://auth.uber.com/oauth/v2/token

Access to These APIs May Require Written Approval From Uber

Uber’s APIs are always under development and as such are subject to changes according to our Versioning & Upgrade policy. As part of Uber’s ongoing privacy improvements, we’ve updated our Developer API program with new scope access policies for third party applications. For further information, please refer to our Getting Started guides.

The Eats API supports OAuth 2.0.

Reference
Key Value
url https://auth.uber.com/oauth/v2/token
scope Space delimited list of scope(s) that you would like to generate a token for.
grant_type Based on scope(s). Either client_credentials for an application generated token (to access Store, Menu, Order and Reporting endpoints) or authorization_code for a user access token (to access POS Provision endpoints).
Scopes

The following scopes are available for use with the Eats APIs. To gain access to scopes in production, your app must first be approved and whitelisted by the Uber Eats team.

Each Eats endpoint requires one of the scopes listed below and the token generated for the scope(s) must be used correspondingly. Note the grant type associated to each scope. Multiple scopes can be authorized using the same access token, provided that the grant type is the same.

Scope Grant Type Description
eats.store client-credentials Indicates a token has permission to update and retrieve store and menu information.
eats.store.status.write client-credentials Indicates a token has permission to set store availability (pause/unpause stores without changing menu hours).
eats.order client-credentials Indicates a token has permission to accept/deny/cancel orders and read v1 orders.
eats.store.orders.read client-credentials Indicates a token has permission to read v2 orders.
eats.report client-credentials Indicates a token has permission to generate reports (e.g. transaction reports) for stores.
eats.pos_provisioning authorization-code Indicates a token has permission to setup/remove pos integration and retrieve stores.
Generating a Client Credentials Token

To generate a client credentials token, retrieve your client_id and client_secret for your app from the Developer Dashboard and see the example below. Note this endpoint expects requests to be encoded as application/x-www-form-urlencoded or multipart/form-data.

Note: Client credentials grant type requests will be rate limited to 100 requests per hour. After generating 100 tokens with the client credentials grant type, creating a new token will invalidate the oldest token.

Example Request
curl -F "client_secret=$CLIENT_SECRET" \
    -F "client_id=$CLIENT_ID" \
    -F "grant_type=client_credentials" \
    -F "scope=eats.store" \
    https://auth.uber.com/oauth/v2/token
Example Response
{
  "last_authenticated": 0,
  "access_token": "KA.ewogICJ2ZXJzaW9uIjogMiwKICAiaWQiOiAiZmFuY3kgc2VlaW5nIHlvdSBoZXJlLCBodHRwOi8vdC51YmVyLmNvbS9kZXYtcGxhdGZvcm0tam9icyIsCiAgImV4cGlyZXNfYXQiOiAxNDk3NzQxNjIyLAogICJwaXBlbGluZV9rZXlfaWQiOiAiZm9vYmFyIiwKICAicGlwZWxpbmVfaWQiOiAxCn0K.9jPtNyS9vHJ9HVmxA4Y6vwIcwv7v1tx1BMYwztpIeID",
  "expires_in": 2592000,
  "token_type": "Bearer",
  "scope": "eats.store",
  "refresh_token": ""
}
Usage

The access_token field will contain the token used to authenticate against the Uber Eats APIs. Once you’ve obtained this token, you can provide it in the “Authorization” header of requests you make to endpoints that require client credentials scopes.

The expires_in field indicates the lifetime of the access token, provided in seconds. Tokens are valid for 30 days (2,592,000 seconds) and should be cached and re-used across requests until (or shortly before) expiration, not re-generated per request.

curl \
  -H 'authorization: Bearer <TOKEN>' \
  https://api.uber.com/v1/eats/stores
Generating a User Access Token

The Uber API uses OAuth 2.0 to allow developers to get a user access token to access a single user’s data or do actions on their behalf. For steps on generating a user access token, refer to our User Access Token guide.

FAQ

Can I use a user access token to execute on Menu and Order endpoints?

No. Menu and Order endpoints require an application-generated (client credentials) access token. It is not possible to generate one token with both eats.pos_provisioning (authorization_code grant type) and eats.order (client_credentials grant type) scopes.

Can my access token have multiple scopes associated?

Yes, if the scopes have the same grant type. For example, a single token can be generated to retrieve a store’s location data (eats.store); update a store’s status (eats.store.status.write); retrieve and accept an order (eats.order); and access a transaction report (eats.report).

Next Steps

See the POS Provision guide for steps to set up programmatic provisioning for your stores.

Uber

Developers
© 2023 Uber Technologies Inc.