Authentication
¶ Overview
Every API request to the Uber Platform requires an Authentication header with an access token.
Authorization: Bearer {access_token}
- The access token follows the OAuth 2.0 specification.
- The token will authenticate API requests as an application, not as a user.
- The application will need at least one scope activated to generate a token.
- The token will grant the application access to the scopes that are specified at the time of the token generation.
- An application will need a new token:
- every 30 days.
- whenever a new scope is added to the application.
- The token can not be “refreshed”, but new tokens can be created as often or as many times as needed.
- Encrypt your access token and store it only in a secure location.
¶ Token generation
There are two ways to generate an OAuth access token.
¶ Generate via the Developer Dashboard
Your Developer Dashboard will allow you generate a token from within the UI.
Visit your dashboard and select your app.
Then, scroll down to the section titled “GENERATE AN OAUTH ACCESS TOKEN FOR YOUR APPLICATION”.
Follow the instructions to generate a token which can be copied and used as is.
¶ Generate via API
You can generate a token via API by sending a request to https://auth.uber.com/oauth/v2/token
.
This endpoint expects requests to be encoded as application/x-www-form-urlencoded
or multipart/form-data
, JSON encoding is not supported for the request body.
The request will require the following fields:
- client_id: The ID of your application.
- This should be treated as your application’s user name.
- client_secret: The secret for your application.
- This should be treated like your application’s password.
- Never share this with anyone, check this into source code, or post in any public forum.
- Additionally, this should not be distributed on client devices where users could decompile your code and access the secret.
- If you suspect your client_secret has been compromised you may generate a new one in your application’s dashboard which will immediately invalidate the old secret.
- grant_type: The type of access that will be granted.
- For basic authentication, use the client_credentials grant_type.
- scope: This is a list of scopes that the token will provide access to.
- Each scope is separated by a space.
Example cURL API request:
curl -F 'client_secret={CLIENT_SECRET}' \
-F 'client_id={CLIENT_ID}' \
-F 'grant_type=client_credentials' \
-F 'scope=health'
https://auth.uber.com/oauth/v2/token
Example JSON response:
{
"access_token": "{TOKEN_VALUE}",
"token_type": "Bearer",
"expires_in": 2592000,
"scope": "health"
}
¶ API token generation errors
Error code | Description |
---|---|
invalid_request | Required parameters were not provided. |
invalid_client | The client_id or client_secret provided is invalid. |
invalid_grant | The grant_type that was provided is invalid |
invalid_scope | The scope parameter provided is not a valid subset of scopes. |
server_error | The server returned an unknown error. |
temporarily_unavailable | The endpoint is temporarily unable to respond. |