3rd Party Authentication
The Uber for Business API supports OAuth 2.0. We support both the client_credentials grant type and authorization_code type.
¶ Overview
Third party authentication is designed to establish a reliable mechanism to authorize U4B business organizations to authorize a third party (3P) business. Once the U4B organization authorizes the 3P application, the 3P will have the ability to access the U4B APIs.
¶ Scope
organizations.voucher_programs.aggregator
¶ Authorizing 3P
The U4B organization can authorize the 3P application via authorization endpoint.
Host | https://business.uber.com |
---|---|
Authorization Endpoint |
https://business.uber.com/authorize |
¶ Query Parameters
Parameter | Description |
---|---|
client_id |
Client ID of the 3P application |
scope |
organizations.voucher_programs.aggregator |
redirect_uri |
Once the authorization is successful, it will be redirected to the URL provided here. |
app_name |
The name of the 3P application |
¶ Example
https://business.uber.com/authorize?client_id=<CLIENT_ID>&scope=<SCOPE>&redirect_uri=<REDIRECT_URI>&app_name=<APPLICATION_NAME>
Note: Replace the all the redirect_uri
. On the redirect URL, there will be an Organization UUID(org_uuid
) appended. (as shown below)
GET https://your-redirect-uri/?org_uuid=<ORGANIZATION_UUID>
The query parameter org_uuid
can be used for creating voucher programs by third party apps. Please note that the vouchers will be billed to the respective Organization based on the org_uuid
used at the time of voucher program creation.
¶ Revoking 3P
The U4B organization can revoke the 3P application via revoke endpoint.
Host | https://business.uber.com |
---|---|
Authorization Endpoint |
https://business.uber.com/revoke |
¶ Query Parameters
Parameter | Description |
---|---|
client_id |
Client ID of the 3P application |
org_uuid |
The organization UUID received in the redirect URI. |
app_name |
The name of the 3P application |
redirect_uri |
Once the access is revoked, it will be redirected to the URL provided here. |
¶ Example
https://business.uber.com/revoke?org_uuid=<ORGANIZATION_UUID>&client_id=< CLIENT_ID>&app_name=<APPLICATION_NAME>
Note: Replace the all the
¶ Re-authorizing 3P
Use this endpoint if the application was previously authorized and revoked. If you have the org UUID stored when the application was previously authorized, please leverage this endpoint to directly choose the org. When using this endpoint, the list of orgs will not be provided and will directly get the consent from the org UUID provided in the query parameter.
Host | https://business.uber.com |
---|---|
Authorization Endpoint |
https://business.uber.com/authorize/consent |
¶ Query Parameters
Parameter | Description |
---|---|
client_id |
Client ID of the 3P application |
scope |
organizations.voucher_programs.aggregator |
redirect_uri |
Once the authorization is successful, it will be redirected to the URL provided here. |
app_name |
The name of the 3P application |
org_uuid |
The organization UUID which previously authorized the 3P |
https://business.uber.com/authorize/consent?org_uuid=<ORGANIZATION_UUID>&client_id=<CLIENT_ID>&scope=<SCOPE>&redirect_uri=<REDIRECT_URI>&app_name=<APPLICATION_NAME>
Note: Replace the all the
¶ Errors
Error | Description |
---|---|
Invalid Request | The authorization request is invalid. Required parameters were not provided or in the wrong format. |