Three lines

Uber

Developers

Authentication

Privileged and Confidential This endpoint design has been confidentially shared with you. It is still under development and is subject to change without notice. Please do not share this document or API endpoint details with anyone who is not authorized to have access. For more information read about scopes.

Overview

Every API request to the Uber Platform requires an Authentication header with an access token.

Authorization: Bearer {access_token}

  • The access token follows the OAuth 2.0 specification.
  • The token will authenticate API requests as an application, not as a user.
  • The application will need at least one scope activated to generate a token.
  • The token will grant the application access to the scopes that are specified at the time of the token generation.
  • An application will need a new token:
    • every 30 days.
    • whenever a new scope is added to the application.
  • The token can not be “refreshed”, but new tokens can be created as often or as many times as needed.
  • Encrypt your access token and store it only in a secure location.

Token generation

There are two ways to generate an OAuth access token.

Generate via the Developer Dashboard

Your Developer Dashboard will allow you generate a token from within the UI.

Visit your dashboard and select your app.

Then, scroll down to the section titled “GENERATE AN OAUTH ACCESS TOKEN FOR YOUR APPLICATION”.

Follow the instructions to generate a token which can be copied and used as is.

Generate via API

You can generate a token via API by sending a request to https://auth.uber.com/oauth/v2/token.

This endpoint expects requests to be encoded as application/x-www-form-urlencoded or multipart/form-data, JSON encoding is not supported for the request body.

The request will require the following fields:

  • client_id: The ID of your application.
    • This should be treated as your application’s user name.
  • client_secret: The secret for your application.
    • This should be treated like your application’s password.
    • Never share this with anyone, check this into source code, or post in any public forum.
    • Additionally, this should not be distributed on client devices where users could decompile your code and access the secret.
    • If you suspect your client_secret has been compromised you may generate a new one in your application’s dashboard which will immediately invalidate the old secret.
  • grant_type: The type of access that will be granted.
    • For basic authentication, use the client_credentials grant_type.
  • scope: This is a list of scopes that the token will provide access to.
    • Each scope is separated by a space.

Note: Client credentials grant type requests will be rate limited to 100 requests per hour. After generating 100 tokens with the client credentials grant type, creating a new token will invalidate the oldest token.

Example cURL API request:

curl -F 'client_secret=<CLIENT_SECRET>' \
     -F 'client_id=<CLIENT_ID>' \
     -F 'grant_type=client_credentials' \
     -F 'scope=guests.trips'
     https://auth.uber.com/oauth/v2/token

Example JSON response:

{
    "access_token": "{TokenValue}",
    "token_type": "Bearer",
    "expires_in": 2592000,
    "scope": "guests.trips"
}
API token generation errors
Error code Description
invalid_request Required parameters were not provided.
invalid_client The client_id or client_secret provided is invalid.
invalid_grant The grant_type that was provided is invalid
invalid_scope The scope parameter provided is not a valid subset of scopes.
server_error The server returned an unknown error.
temporarily_unavailable The endpoint is temporarily unable to respond.

Uber

Developers
© 2023 Uber Technologies Inc.