Back to all updates

over 8 years ago

Helpful Hints for Hacking

Hello Developers!

Everyone on the Uber API team is thrilled by the amount of enthusiasm we have seen from our challenge participants. Even though its still just the beginning of the hackathon, we thought we’d post some tips and helpful hints to make developing your apps as seamless as possible.


The kind of application you are planning to build and the endpoints that you decide to take advantage of, will essentially determine what methods of authentication you will use to make requests to the Uber API. Basically, it falls into two camps: server_token or OAuth2.

Most integrations to date have only utilized the Product Types, Time Estimates, and Price Estimates endpoints, which only required the use of a server_token.This, in conjunction with deep linking, is how developers introduced Uber to their users.

However, with the introduction of Requests, as well as the User Profile and User Activity endpoints, OAuth2 is becoming a requirement for many apps built on the Uber platform. This is because OAuth2 is the authentication and authorization specification that we use to enable Uber riders to give your applications permission to access some of their information and act on their behalf.

You can learn about using OAuth2 on our developer site or learn more about the OAuth2 spec at This will include a list of client libraries available in different languages.

Creating Your Application

The first thing you will need to do is make sure you have a valid Uber Rider account. If you’ve never used Uber before, you can easily sign up by visiting Be sure to verify your mobile phone number once your account has been created. From there, you can visit and create your first application.

Start by picking a unique name and providing a description that lets us and your users know what your app is all about. If you plan to use OAuth2 you must fill in a value for REDIRECT URL. This is the address a user will get redirected to after authorizing your application to perform actions on their behalf. For development, you can specify this as http://localhost:<PORT> but for all production environments, we only support SSL hosted websites that have a https:// prefix.

If you are planning on building a web application that will be making requests with client side JavaScript, you will need to specify a valid ORIGIN URI. This is to support Cross-origin resource sharing (CORS) and ensure that requests are always made on behalf of your website. The same restrictions described above about REDIRECT URI also apply so be sure not to include a trailing slash (/).

Rate limiting and Whitelisting

While we’ve designed the Uber API to be accessible to all developers, there are a few initial restrictions that apply to new applications. One of those is a rate limit of 1000 requests per hour per OAuth2 user or server_token.

The request scope and the Requests endpoint are also whitelisted only resources. This means that only you, the developer, and any admins you add to your application (up to 5) will be able to use your app to make requests for Ubers to start.

Both of these restrictions can be loosened once you’ve built an application that we determine adheres to our Terms of Use and acts as a good citizen on the Uber platform. Visit our support page for instructions for how to request whitelisting and rate limit increases.

Additional Resources

Lastly, we just wanted to make sure everyone was aware that we have put together a very thorough tutorial section to help you get started with the Uber API.

We’ve also created design guidelines and provided assets to help make your app look as awesome as possible.

You can also use Stack Overflow to get assistance or reach out to our team directly by emailing or visiting our support page. Once again, if you haven’t done so yet, follow us @Uber_API for the latest updates.


-Scott Woolsey Biggart, Developer Evangelist