Authentication

Learn how to authenticate your API requests in a few easy steps. There are 3 different types of API authentication methods.


  1. Log in to your AfterShip account. (If you don’t have it, click Create account at the bottom of the login page to create one for FREE.)
  2. Visit API keys.
  3. Click Create an API key and follow the given instructions to generate your API key.

The API Key method is a more straightforward authentication method that only verifies whether the API Key value is correct or not.

Header NameDescriptionExample
as-api-key
OR
aftership-api-key
The API key retrieved from the developer portal6e759c509d174859be1fb856c4ab646e
Header NameDescriptionExample
as-api-keyThe API key retrieved from the developer portal6e759c509d174859be1fb856c4ab646e
as-signature-hmac-sha256Computed signaturebcfba53d95454ada96b9658c4f178764
dateUTC time in RFC 1123 format.

Kindly note that the calculated signature is only valid for 3 minutes before or after the datetime indicated in this key.
Sun, 06 Nov 1994 08:49:37 GMT
content-typeContent type string.

If the request body is empty, set content_type to an empty string
application/json

Calculate the signature using the flow given below:

  1. Construct SignString.
  2. Get the required API secret from the API key generation page.
  3. Calculate the hash of SignString with hmac-sha256 algorithm.
  4. Encode the result in base64 format; the output will be the required signature.
Header NameDescriptionExample
as-api-keyThe API key retrieved from the developer portal6e759c509d174859be1fb856c4ab646e
as-signature-rsa-sha256Computed signaturebcfba53d95454ada96b9658c4f178764
dateUTC time in RFC 1123 format.

Kindly note that the calculated signature is only valid for 3 minutes before or after the datetime indicated in this key.
Sun, 06 Nov 1994 08:49:37 GMT
content-typeContent type string.

If the request body is empty, set content_type to an empty string
application/json

The signature can be calculated by this flow:

  1. Construct SignString.
  2. Get the required API secret from the API key generation page.
  3. Calculate the digest of SignString with RSA_SIGN_PSS_2048_SHA256 algorithm.
  4. Encode the result in base64 format; the output will be the required signature.

For legacy AfterShip API keys (API keys with tracking API access only), you must set the header key as aftership-api-key:

preparing...

Replace your YOUR_API_KEY with your actual API key.

You can identify a legacy AfterShip API key by this label: image.png