Uber Server Token
Service Name: Uber
Service Description: Uber is a technology platform that connects riders with drivers through a mobile application, offering ride-hailing, food delivery (Uber Eats), package delivery, and freight transportation services globally.
Service Address: https://developer.uber.com/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured in the Uber Developer Dashboard for API access
Secret Access Scope: Server tokens grant access to Uber's API endpoints for server-to-server communication, allowing applications to access services like ride requests, price estimates, and user data based on the permissions granted.
Secret Revokement URL: https://developer.uber.com/dashboard/
Secret Example: SerVer_ToKeN-UbEr.aPi.123456abcdef
Suspicious Activity Investigation Instructions:
- Review API call logs in the Uber Developer Dashboard for unusual activity
- Check for unexpected ride requests or data access from unfamiliar IP addresses
- Monitor for increased API usage or calls to endpoints not typically used by your application
- Verify if there are any unauthorized changes to your application's configuration
- Review webhook notifications for unexpected events
Mitigation Instructions:
- Log in to the Uber Developer Dashboard at
https://developer.uber.com/dashboard/
- Navigate to your application settings
- Revoke the compromised server token immediately
- Generate a new server token with appropriate permissions
- Update your application code with the new token
- Review and update IP restrictions for API access if applicable
- Enable additional security measures like webhook verification
- Consider implementing token rotation policies for regular security maintenance