The Uber for Business API supports OAuth 2.0. We support both the client_credentials grant type and authorization_code type.

¶ Overview

Third party authentication is designed to establish a reliable mechanism to authorize U4B business organizations to authorize a third party (3P) business. Once the U4B organization authorizes the 3P application, the 3P will have the ability to access the U4B APIs.

¶ Scope

organizations.voucher_programs.aggregator

¶ Authorizing 3P

The U4B organization can authorize the 3P application via authorization endpoint.

Host	https://business.uber.com
Authorization Endpoint	https://business.uber.com/authorize

¶ Query Parameters

Parameter	Description
client_id	Client ID of the 3P application
scope	organizations.voucher_programs.aggregator
redirect_uri	Once the authorization is successful, it will be redirected to the URL provided here.
app_name	The name of the 3P application

¶ Example

https://business.uber.com/authorize?client_id=<CLIENT_ID>&scope=<SCOPE>&redirect_uri=<REDIRECT_URI>&app_name=<APPLICATION_NAME>

Note: Replace the all the with respective values. All the parameters mentioned in the above endpoint are mandatory. Accessing the authorization endpoint takes the user to a secure login page where the U4B organization can login and authorize the third party application. Upon successful authorization, Uber for Business will issue an HTTP 302 redirect to the redirect_uri. On the redirect URL, there will be an Organization UUID(org_uuid) appended. (as shown below)

GET https://your-redirect-uri/?org_uuid=<ORGANIZATION_UUID>

The query parameter org_uuid can be used for creating voucher programs by third party apps. Please note that the vouchers will be billed to the respective Organization based on the org_uuid used at the time of voucher program creation.

¶ Revoking 3P

The U4B organization can revoke the 3P application via revoke endpoint.

Host	https://business.uber.com
Authorization Endpoint	https://business.uber.com/revoke

¶ Query Parameters

Parameter	Description
client_id	Client ID of the 3P application
org_uuid	The organization UUID received in the redirect URI.
app_name	The name of the 3P application
redirect_uri	Once the access is revoked, it will be redirected to the URL provided here.

¶ Example

https://business.uber.com/revoke?org_uuid=<ORGANIZATION_UUID>&client_id=< CLIENT_ID>&app_name=<APPLICATION_NAME>

Note: Replace the all the with respective values. All the parameters mentioned in the above endpoint are mandatory.

¶ Re-authorizing 3P

Use this endpoint if the application was previously authorized and revoked. If you have the org UUID stored when the application was previously authorized, please leverage this endpoint to directly choose the org. When using this endpoint, the list of orgs will not be provided and will directly get the consent from the org UUID provided in the query parameter.

Host	https://business.uber.com
Authorization Endpoint	https://business.uber.com/authorize/consent

¶ Query Parameters

Parameter	Description
client_id	Client ID of the 3P application
scope	organizations.voucher_programs.aggregator
redirect_uri	Once the authorization is successful, it will be redirected to the URL provided here.
app_name	The name of the 3P application
org_uuid	The organization UUID which previously authorized the 3P

https://business.uber.com/authorize/consent?org_uuid=<ORGANIZATION_UUID>&client_id=<CLIENT_ID>&scope=<SCOPE>&redirect_uri=<REDIRECT_URI>&app_name=<APPLICATION_NAME>

Note: Replace the all the with respective values. All the parameters mentioned in the above endpoint are mandatory.

¶ Errors

Error	Description
Invalid Request	The authorization request is invalid. Required parameters were not provided or in the wrong format.