POST /token
¶ API Authentication: OAuth 2.0 Token Endpoint
The POST /token endpoint allows you to authorize your application and get an access_token
using the authorization_code
or client_credentials
grant. You can also refresh the access_token
using the refresh_token
grant.
¶ Resource
POST https://auth.uber.com/oauth/v2/token
¶ Authorization
None
¶ POST Parameters
Parameter | Type | Description |
---|---|---|
client_id |
string |
The Client ID of your application. |
client_secret |
string |
The Client Secret of your application. |
grant_type |
string |
The Grant Type is either authorization_code , client_credentials , or refresh_token . |
redirect_uri |
string |
The URI we will redirect back to after an authorization by the resource owner. The base of the URI must match the redirect_uri used during the registration of your application. |
code |
string |
The authorization code. |
scope |
string |
The space delimited list of scopes. |
¶ Example Request - Access Token (authorization_code)
Exchange an authorization code for an access_token
, which will allow you to make requests on behalf of a user.
curl -F 'client_secret=<CLIENT_SECRET>' \
-F 'client_id=<CLIENT_ID>' \
-F 'grant_type=authorization_code' \
-F 'redirect_uri=<REDIRECT_URI>' \
-F 'scope=profile' \
-F 'code=<AUTHORIZATION_CODE>' \
https://auth.uber.com/oauth/v2/token
¶ Example Request - Refresh Token
If you requested the access token with the offline_access
scope the response will include a refresh_token
which can be used to refresh the access_token
.
curl -F 'client_secret=<CLIENT_SECRET>' \
-F 'client_id=<CLIENT_ID>' \
-F 'grant_type=refresh_token' \
-F 'refresh_token=<REFRESH_TOKEN>' \
https://auth.uber.com/oauth/v2/token
¶ Example Request - Access Token (client_credentials)
Some Uber API endpoints require scopes that are only available via Client Credentials grant. Generally, these scopes don’t control access to any individual users’ information, but instead provide the application itself the authorization to perform certain tasks in the API.
curl
-X POST
-F "client_id=<CLIENT_ID>" \
-F "client_secret=<CLIENT_SECRET>" \
-F "grant_type=client_credentials" \
-F "scope=SPACE_DELIMITED_LIST_OF_SCOPES" \
"https://auth.uber.com/oauth/v2/token"
¶ Response
Status-Code: 200 OK
{
"access_token": "xxx",
"token_type": "Bearer",
"expires_in": 2592000,
"refresh_token": "xxx",
"scope": "profile history"
}
The access_token
is good for a limited period of time described by the expires_in
field (in seconds).
¶ Error Responses
Here are common error responses and the possible reason for each response.
Status Code: 401 Unauthorized
{
"error": "invalid_grant"
}
- You are using an invalid
refresh_token
. You can generate multiple access tokens, but you can only use the latest generatedrefresh_token
. - You supplied an invalid
code
when exchanging an authorizationcode
for anaccess_token
.
Status Code: 400 Bad Request
{
"error": "unsupported_grant_type"
}
You supplied an invalid string for grant_type
field. Only refresh_token
, authorization_code
and client_credentials
are valid values.
Status Code: 401 Unauthorized
{
"error": "invalid_client"
}
Either your client_id
or client_secret
is invalid.