Uber Developers

Authentication

Privileged and Confidential This endpoint design has been confidentially shared with you. It is still under development and is subject to change without notice. Please do not share this document or API endpoint details with anyone who is not authorized to have access. For more information read about scopes.

The Uber for Business API supports OAuth 2.0. We support both the client_credentials grant type and authorization_code type.

¶ Token - Client credentials

To generate a client credentials token, retrieve your client_id and client_secret for your app from the developer dashboard and see the example below. Note this endpoint expects requests to be encoded as application/x-www-form-urlencoded or multipart/form-data.

Note: Client credentials grant type requests will be rate limited to 100 requests per hour. After generating 100 tokens with the client credentials grant type, creating a new token will invalidate the oldest token.

¶ Example Request

curl
  -X POST
  -F "client_id=<CLIENT_ID>" \
  -F "client_secret=<CLIENT_SECRET>" \
  -F "grant_type=client_credentials" \
  -F "scope=SPACE_DELIMITED_LIST_OF_SCOPES" \
  "https://auth.uber.com/oauth/v2/token"

¶ Example Response

{
    "access_token": "xxx",
    "token_type": "Bearer",
    "expires_in": 2592000,
    "refresh_token": "xxx",
    "scope": "profile history"
}

¶ Token - Authentication Code

To generate a client credentials token, retrieve your client_id, client_secret, redirect_uri and authorization_code for your app from the developer dashboard and see the example below. Note this endpoint expects requests to be encoded as application/x-www-form-urlencoded or multipart/form-data.

¶ Example Request

curl -F 'client_secret=<CLIENT_SECRET>' \
    -F 'client_id=<CLIENT_ID>' \
    -F 'grant_type=authorization_code' \
    -F 'redirect_uri=<REDIRECT_URI>' \
    -F 'scope=profile' \
    -F 'code=<AUTHORIZATION_CODE>' \
    https://auth.uber.com/oauth/v2/token

¶ Example Response

{
	"access_token":"JA.VUNmGAAAAA...NGNmOGUxOTZlZQ",
	"token_type":"Bearer",
	"expires_in":2592000,
	"scope":"business.employees"
}

¶ Usage

The access_token field will contain the token used to authenticate against the Employees Management APIs.

curl -H 'Authorization: Bearer <TOKEN>' \
     -H 'Accept-Language: en_US' \
     -H 'Content-Type: application/json' \
     -X GET
     'https://api.uber.com/v1.2/me'

¶ Reference

Key	Value
`url`	https://auth.uber.com/oauth/v2/token
`grant_type`	`client_credentials` or `authorization_code`

¶ Scopes

The following scopes are available for use with the employee management APIs.

Scope	Description
business.employees	Indicates a token has permission to create/update/delete/get employees in client_credentials grant type.