Skip to content

Uber Server Token

Service Name: Uber

Service Description: Uber is a technology platform that connects riders with drivers through a mobile application, offering ride-hailing, food delivery (Uber Eats), package delivery, and freight transportation services globally.

Service Address: https://developer.uber.com/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured in the Uber Developer Dashboard for API access

Secret Access Scope: Server tokens grant access to Uber's API endpoints for server-to-server communication, allowing applications to access services like ride requests, price estimates, and user data based on the permissions granted.

Secret Revokement URL: https://developer.uber.com/dashboard/

Secret Example: SerVer_ToKeN-UbEr.aPi.123456abcdef

Suspicious Activity Investigation Instructions:

  • Review API call logs in the Uber Developer Dashboard for unusual activity
  • Check for unexpected ride requests or data access from unfamiliar IP addresses
  • Monitor for increased API usage or calls to endpoints not typically used by your application
  • Verify if there are any unauthorized changes to your application's configuration
  • Review webhook notifications for unexpected events

Mitigation Instructions:

  • Log in to the Uber Developer Dashboard at

https://developer.uber.com/dashboard/

  • Navigate to your application settings
  • Revoke the compromised server token immediately
  • Generate a new server token with appropriate permissions
  • Update your application code with the new token
  • Review and update IP restrictions for API access if applicable
  • Enable additional security measures like webhook verification
  • Consider implementing token rotation policies for regular security maintenance