This is a lot easier than the Charles MITM proxy I used to intercept the Uber iPhone API calls to determine mine. I feel kind of silly now that I didnt bother checking the web API.
I also made a web scraper to get my uber trip details (incl. route driven), save it to JSON and map the trips all at once. http://i.imgur.com/Q1W59rD.jpg. Here's a quick dump of the code https://github.com/joshhunt/uber. It's pretty rough and it makes a lot of assumptions (e.g. metric system and AUD). I never really plan on looking at it again, so your milage may vary.
I also found their API structure to be quite unusual: They make a call to something like `api.uber.com/` with POST data of something like
and you'll recieve a response back of something like
{
responseData: {
username: 'madeofpalk'
...rest of requested data...
},
vehicles: [
...list of all vehicles and their locations...
]
...other data that wasnt explicitly requested but comes through with every request...
}
I had never seen this pattern before, and thought it was quite unusual (especially for a 'new hip startup' that uses Python and Node.js). Anyone care to comment on why they may have choosen something like this?
This pattern is standard within SOA (Service Oriented Architecture).
You have two classes of services:
1. Technical Services
2. Business Services
The technical services may be REST, SOAP, etc. These deal with the nuts and bolts of: update this one thing, fetch a load of these things (where they are the same thing).
The business services are usually some flavour of RPC JSON or XML, and only occasionally are REST (think of a resource that is actually a composite of other resources, it's usually a business service).
The business service wraps the underlying technical service with the orchestration of which granular services to call, and returns something useful to the user (the client, in this case an app which is also made by the company).
What you quoted was the result of a business service, but you can imagine that behind that are services that individually fetch vehicles, user info, etc. The business service is just wrapping it and doing a useful thing for the user by returning the composite.
It should be noted, there's an idea of a "service catalog". Some people think this is wholly comprised of the business services, but actually it's the superset of both business and technical services. You might have 2 catalogs, one external and one internal... but both are made up of a mix of business and technical services. The goal is simple: Help users to get shit done. In the scenario given, "get shit done" means "perform multiple calls, and because it's mobile and calls are expensive return everything in one call".
If, as another commenter mentioned, they want every request to update all the data in an app, this is quite an elegant pattern.
They don't have to modify any of their restful APIs to fetch or serialize more data than intended. Instead, the / endpoint might act as a wrapper, which does three things:
1. gets the entire app state
2. makes an internal API call of its own (proxies the one from the request)
doesn't seem that strange to me. in the old SOAP days it was easier to run everything through a set of filters and just have what server code specified by a field.
in this case it is pretty clear they sped up requests by returning some generic data every request needed to update the app all at once as well. that's a pretty common requirement. netflix even allows client code to upload server code to pack responses into the least number
My twitter stream is now full of people, some of whom I am sure do not have the skill to evaluate if something is a JavaScript security threat or not, who have copied and pasted a random script they read on the internet into the developer console. Granted, this one is pretty simple and easier to evaluate than most, but still… you really get why Facebook hacked the console to warn people not to do that.
I don't get why Uber doesn't tell me the exterior color of UberX cars coming to pick me up. I have no idea what a "Nissan Versa" is; knowing it's a blue minivan would be helpful.
I'm used to riding Lyft which uses a real picture of the vehicle. Last night, I was waiting for what I "thought" would be a red Hyundai and the driver had to yell to me before I realized that it was the car I was expecting.
I somehow have a 4, the lowest in this thread (that I've seen so far). I wonder what I did, I generally try to be polite to the drivers and I rarely use the service, so I suspect I got one extremely poor rating? I can't imagine when though.
Anyway, looks like you can go and pull the token out of the page and just do
to check it programmatically. Could be interesting to have a service detect somehow that you'd just finished a ride and show you the new score (and possibly the change, etc)
I guess soon enough Chef's and restaurant's will be rating customers as well. In restaurant's there would be cutoff points for being a customer. You didn't pay enough tips in the last restaurant you were a part of - you are now bared from getting into a good restaurant now.
Joking above but the whole concept of dual rating scares me a bit .......
* Compliment their car or music
* Ask them about themselves (how are you doing, where are you from, how long have you been driving)
* Make small talk (how about this crazy weather/traffic/drunk people, do you have any weird stories, have you ever been to place xyz)
* Tell them a little about yourself or where you just came from/are going to
* Have the address of your destination or tell the driver how to get there
* Leave a tip for efficient service
* Don't throw up in the back seat
I have absolutely zero interest in my Uber passenger rating.
If they decide to start being ridiculous, I'll decide to start taking cabs again -- at least the cabbies generally have a clue about how to get to places, and don't bother with questions about "what route would you like me to take you on". The fastest route, thanks.
What city are you in? Here in Boston, my experience has been that the uber drivers are more likely than the taxi drivers to know how to get where I'd like to go.
Here in Chicago, regular cab drivers ask the route question all the time. I've read that this is asked in hopes you tell them a non-optimal route that takes longer. My response is almost always "the fastest way is fine."
The window.Uber variable has a lot of interesting information, like "isAdmin," data about the last vehicle I rode in (interior color, exterior color, model year, capacity), last driver's phone number, "activeExperiments" which I assume are multivariate tests being run against me, etc
I wonder if Lyft shares something similar via their API as well.
`curl -H "Authorization: fbAccessToken <fb access token>" https://api.lyft.com/users/<lyft user id>` provides some basic profile, credit card, location and referral information but nothing about ratings. The lyft user ID can be obtained by logging in at www.lyft.com/login and viewing the source.
I've been aware of my Uber passenger rating for about a year. When I first found out about it, my rating was a 4.9. Once I realized that I was being rated, I worked really hard to be the perfect passenger. I had my rating up to a 5.0 for a few months. Then I got lazy about being perfect and it has since dropped to a 4.8.
I don't get why this is included in the window.Uber pingData. It seems as though your rating is something that isn't necessary and shouldn't be surfaced client-side.
Anyone have some insight into why this data is there in the first place? Is this an accidental leak, some sort of optimization or something else?
What kind of details do you think go into this rating? My guess: how long driver waits for you to get in the car, how drunk and annoying you are, how much you tip (do they see this before rating?), how profitable your ride is.
I suspect most drivers, like most passengers, give a 5.0 to almost everyone, but dock points for being a dick. It just seems there's no other way to differentiate passengers, since they'll be paying the fee regardless.
I've only had a few rides and ive 4.9 (ie someone didnt rate me 5.0). Meh.
Then again, I don't feel bad rating drivers because they sell me a service, I'm rating that (it wouldnt even have to include their name - it probably shouldn't. then again I'm european, we seem to have slightly different ethics).
I feel bad that they rate us because we don't provide them with anything.
That rating is going to be saved, sold and shared eventually.
Does anyone know why Uber doesn't easily just give you your own rating? If I know my rating is low then I know I should work on improving it if I want to continue using Uber...
Seems kind of like a win-win-win for all three parties (Uber, driver, myself)
Hmm. Suspect there is a bug with this - All my ratings are five, besides a handful of zeroes. At least a couple of the zeroes I remember being perfectly amicable rides (I mean, I'd assume something extreme is necessary to get a zero)...
My suspicion is that zero is equivalent to unrated, so shouldn't be in the sum?
I wonder if this reverse-rating system is only for US. Even though I'm from US, I had only get the chance to use it abroad (Jakarta). And when I check it, my rating is null. Is it something to do with the fact that Uber driver in Jakarta are actually professional car-rental driver?
[+] [-] madeofpalk|11 years ago|reply
I also made a web scraper to get my uber trip details (incl. route driven), save it to JSON and map the trips all at once. http://i.imgur.com/Q1W59rD.jpg. Here's a quick dump of the code https://github.com/joshhunt/uber. It's pretty rough and it makes a lot of assumptions (e.g. metric system and AUD). I never really plan on looking at it again, so your milage may vary.
I also found their API structure to be quite unusual: They make a call to something like `api.uber.com/` with POST data of something like
and you'll recieve a response back of something like I had never seen this pattern before, and thought it was quite unusual (especially for a 'new hip startup' that uses Python and Node.js). Anyone care to comment on why they may have choosen something like this?[+] [-] buro9|11 years ago|reply
You have two classes of services:
1. Technical Services
2. Business Services
The technical services may be REST, SOAP, etc. These deal with the nuts and bolts of: update this one thing, fetch a load of these things (where they are the same thing).
The business services are usually some flavour of RPC JSON or XML, and only occasionally are REST (think of a resource that is actually a composite of other resources, it's usually a business service).
The business service wraps the underlying technical service with the orchestration of which granular services to call, and returns something useful to the user (the client, in this case an app which is also made by the company).
What you quoted was the result of a business service, but you can imagine that behind that are services that individually fetch vehicles, user info, etc. The business service is just wrapping it and doing a useful thing for the user by returning the composite.
It should be noted, there's an idea of a "service catalog". Some people think this is wholly comprised of the business services, but actually it's the superset of both business and technical services. You might have 2 catalogs, one external and one internal... but both are made up of a mix of business and technical services. The goal is simple: Help users to get shit done. In the scenario given, "get shit done" means "perform multiple calls, and because it's mobile and calls are expensive return everything in one call".
[+] [-] eiopa|11 years ago|reply
Some of this is remainders from when they just had consultants working on this. Look at hash_password() at client.py :)
[+] [-] amitt|11 years ago|reply
[+] [-] lambtron|11 years ago|reply
[+] [-] chavesn|11 years ago|reply
They don't have to modify any of their restful APIs to fetch or serialize more data than intended. Instead, the / endpoint might act as a wrapper, which does three things:
1. gets the entire app state
2. makes an internal API call of its own (proxies the one from the request)
3. merges the two results and returns them
[+] [-] lnanek2|11 years ago|reply
in this case it is pretty clear they sped up requests by returning some generic data every request needed to update the app all at once as well. that's a pretty common requirement. netflix even allows client code to upload server code to pack responses into the least number
[+] [-] po|11 years ago|reply
edit: This tweet said exactly what I was thinking when I saw all of this. https://twitter.com/s_m_i/status/493609377958723584
"Also this uber thing shows folks will copy and paste commands they don’t understand without a second thought if the incentives are right"
[+] [-] peterwwillis|11 years ago|reply
[+] [-] brador|11 years ago|reply
[+] [-] rdl|11 years ago|reply
[+] [-] calbear81|11 years ago|reply
[+] [-] beggi|11 years ago|reply
[+] [-] lnanek2|11 years ago|reply
[+] [-] tjdetwiler|11 years ago|reply
[+] [-] joshmlewis|11 years ago|reply
[+] [-] jrockway|11 years ago|reply
[+] [-] comrh|11 years ago|reply
[+] [-] maak|11 years ago|reply
[+] [-] finnn|11 years ago|reply
Anyway, looks like you can go and pull the token out of the page and just do
curl https://m.uber.com/cn --data '{"messageType":"PingClient","token":"xxxxx","app":"client"}' | jq .client.ratin
to check it programmatically. Could be interesting to have a service detect somehow that you'd just finished a ride and show you the new score (and possibly the change, etc)
[+] [-] minusSeven|11 years ago|reply
Joking above but the whole concept of dual rating scares me a bit .......
[+] [-] ldd-|11 years ago|reply
I've used Uber only once - to help my mom to a doctor's appointment after she broke her hip.
I guess we were slow and a bit of a burden . . .
[+] [-] peterwwillis|11 years ago|reply
[+] [-] bobbles|11 years ago|reply
[+] [-] politician|11 years ago|reply
If they decide to start being ridiculous, I'll decide to start taking cabs again -- at least the cabbies generally have a clue about how to get to places, and don't bother with questions about "what route would you like me to take you on". The fastest route, thanks.
[+] [-] smeyer|11 years ago|reply
[+] [-] DINKDINK|11 years ago|reply
[+] [-] Vik1ng|11 years ago|reply
[+] [-] rsefer|11 years ago|reply
[+] [-] zoba|11 years ago|reply
[+] [-] antsar|11 years ago|reply
[+] [-] philip1209|11 years ago|reply
[+] [-] valgaze|11 years ago|reply
They'll use lat/long to determine if the user is in China or not and then pull up google maps or baidu.
Beautify this (https://d1a3f4spazzrp4.cloudfront.net/web-mobile-client/js/m...) then check out line 13185 for loadMap (Map loading resources on # 13094)
They also create a gorgeous map "blur" effect when the user is ready to pull the trigger on a ride: http://snag.gy/rlBYX.jpg
[+] [-] cnaut|11 years ago|reply
[+] [-] narsil|11 years ago|reply
`curl -H "Authorization: fbAccessToken <fb access token>" https://api.lyft.com/users/<lyft user id>` provides some basic profile, credit card, location and referral information but nothing about ratings. The lyft user ID can be obtained by logging in at www.lyft.com/login and viewing the source.
[+] [-] korzun|11 years ago|reply
Just ask.
[+] [-] yskchu|11 years ago|reply
window.Uber.pingData.client.firstName, lastName, email all work, but rating is now "undefined".
[+] [-] antongm|11 years ago|reply
[+] [-] akavi|11 years ago|reply
That's where I was able to find it.
[+] [-] the_economist|11 years ago|reply
[+] [-] onedev|11 years ago|reply
[+] [-] aliston|11 years ago|reply
Anyone have some insight into why this data is there in the first place? Is this an accidental leak, some sort of optimization or something else?
[+] [-] chatmasta|11 years ago|reply
I suspect most drivers, like most passengers, give a 5.0 to almost everyone, but dock points for being a dick. It just seems there's no other way to differentiate passengers, since they'll be paying the fee regardless.
[+] [-] zobzu|11 years ago|reply
Then again, I don't feel bad rating drivers because they sell me a service, I'm rating that (it wouldnt even have to include their name - it probably shouldn't. then again I'm european, we seem to have slightly different ethics).
I feel bad that they rate us because we don't provide them with anything.
That rating is going to be saved, sold and shared eventually.
[+] [-] aioprisan|11 years ago|reply
[+] [-] rlu|11 years ago|reply
Seems kind of like a win-win-win for all three parties (Uber, driver, myself)
[+] [-] schnaars|11 years ago|reply
[+] [-] unknown|11 years ago|reply
[deleted]
[+] [-] jwilliams|11 years ago|reply
My suspicion is that zero is equivalent to unrated, so shouldn't be in the sum?
[+] [-] lawrencegs|11 years ago|reply