This document will help you understand the two forms of authorisation supported by our API: Cognito tokens and API keys. Knowing how to use these authorisation methods will ensure that you can securely access our API.
Authorisation Methods
Cognito Tokens
This is what is used by our app to interact with our API.
You can find these tokens in your browser networking tab
Cognito tokens should be sent in authorisation header with a
Bearerprefix.
API Keys
API keys are available to Uber-admin users.
Keys can be created and managed on the app. Navigate to Admin -> API keys page.
API key should be sent in the
x-api-keyfield in a request header.
Error Handling
When making authorised requests, you may encounter various authorisation-related errors. Here’s how to handle them:
401 Unauthorised:
Check if the token or API key is included in the request and is valid.
Ensure the token is not expired. For Cognito tokens, refresh the token if necessary.
403 Forbidden:
Verify that you have the necessary permissions to access the requested resource.