OAuth 2.0 with Uber Eats API - Getting "Unauthorized" Error on Store API Calls

Hi Retool community,

I’m trying to integrate with the Uber Eats API using OAuth 2.0 in Retool, but I’m running into some issues. I’ve successfully set up the OAuth 2.0 flow in Retool and was able to generate the access token. However, when I attempt to make API calls to the https://api.uber.com/v1/eats/stores endpoint, I keep getting an "unauthorized" error.

Here’s what I’ve done so far:

I’ve configured OAuth 2.0 with the following settings:

  • Authorization URL: https://auth.uber.com/oauth/v2/authorize
  • Token URL: https://auth.uber.com/oauth/v2/token
  • Client ID and Client Secret are correct and provided by the Uber Developer Dashboard.
  • I’ve included the scope eats.pos_provisioning in the OAuth setup.
  • The Redirect URI in Retool matches the one set in the Uber Developer Dashboard.
  • I’ve created a query for the stores API (https://api.uber.com/v1/eats/stores) and included the Authorization header as Bearer {{oauth2_token}}.

Issue:

Despite successfully generating an OAuth token, every time I run the getStores API query, I receive the following error:

css

Copy code

{
  "code": "unauthorized",
  "message": "Invalid OAuth 2.0 credentials provided."
}

What I’ve Tried:

  • Tested the OAuth flow, and I am able to generate and store the token.
  • Added the Authorization: Bearer {{oauth2_token}} header in the API query.
  • Double-checked the Client ID, Client Secret, and scope.
  • Checked the Uber Developer Dashboard to ensure the correct permissions and redirect URI.

Question:

Is there something I might be missing in the OAuth configuration or API request setup in Retool? Are there additional steps I need to take to ensure the token is passed correctly in API calls?

Any help or guidance would be greatly appreciated!

Thanks in advance!

2 Likes

Hey @Shans! Welcome to the community. :slightly_smiling_face:

Without digging into this too much, my initial reaction is that the value of your Authorization header should be Bearer OAUTH2_TOKEN. This is a little counter-intuitive, given the wide use of double curlies across the platform, but OAUTH2_TOKEN is a "magic" variable that Retool recognizes and replaces when querying the resource from the backend server.

Let me know if the issue persists and I'll take a closer look at this!

1 Like