QUICKSTART
API Quick Start
Authentication
SignString
OAuth
Overview
Getting Started
Scope List
Versioning
Rate Limit
Body Envelope
Request Errors
Try API Endpoints
CHANGELOG
Changelog
Migration Guide
REFERENCE
API Overview
Trackings
Get trackings
get
Create a tracking
post
Get a tracking by ID
get
Update a tracking by ID
put
Delete a tracking by ID
delete
Retrack an expired tracking by ID
post
Mark tracking as completed by ID
post
Get a tracking (Legacy)
get
Update a tracking (Legacy)
put
Delete a tracking (Legacy)
delete
Retrack an expired tracking (Legacy)
post
Mark tracking as completed (Legacy)
post
Couriers
Get user activated couriers
get
Detect courier
post
Get all couriers
get
Last Checkpoints
Get last checkpoint by tracking ID
get
Get last checkpoint (Legacy)
get
Notifications
Get tracking notification by tracking ID
get
Add a notification by tracking ID
post
Remove a notification by tracking ID
post
Get tracking notification (Legacy)
get
Add a notification (Legacy)
post
Remove a notification (Legacy)
post
Estimated delivery date
Batch prediction for the Estimated Delivery Date
post
MODEL
Tracking
Courier
Checkpoint
Notification
ENUM
Additional Tracking Fields
Delivery Statuses
Delivery Sub-statuses
Slug Groups
Events
Confidence Codes
Webhook
Webhook Overview
Webhook Versioning
Webhook Specifications
Webhook Signature
Webhook OAuth 2.0
Webhook Outgoing IPs
Webhook Changelog
OTHERS
Supported Couriers
CSV Upload & CSV Auto-Fetch
Shipment CSV Export
Order CSV Export
SDK
Android SDK
iOS SDK
Java SDK
Node.js SDK
.NET SDK
Python SDK
Ruby Gem
PHP SDK
Golang SDK
Open Source
phone
email-verifier
Support
Contact Support

Authentication

Learn how to authenticate your API requests in a few easy steps. There are 3 different types of API authentication methods.


  1. Log in to your AfterShip account. (If you don’t have it, click Create account at the bottom of the login page to create one for FREE.)
  2. Visit API keys.
  3. Click Create an API key and follow the given instructions to generate your API key.

The API Key method is a more straightforward authentication method that only verifies whether the API Key value is correct or not.

Header NameDescriptionExample
as-api-keyThe API key retrieved from the developer portalasat_a76eb8a2af3547df8a3c0c480f7f23d5
Header NameDescriptionExample
as-api-keyThe API key retrieved from the developer portalasat_a76eb8a2af3547df8a3c0c480f7f23d5
as-signature-hmac-sha256Computed signaturebcfba53d95454ada96b9658c4f178764
dateUTC time in RFC 1123 format.

Kindly note that the calculated signature is only valid for 3 minutes before or after the datetime indicated in this key.
Sun, 06 Nov 1994 08:49:37 GMT
content-typeContent type string.

If the request body is empty, set content-type to an empty string
application/json

Calculate the signature using the flow given below:

  1. Construct SignString.
  2. Get the required API secret from the API key generation page.
  3. Calculate the hash of SignString with hmac-sha256 algorithm.
  4. Encode the result in base64 format; the output will be the required signature.
Header NameDescriptionExample
as-api-keyThe API key retrieved from the developer portalasat_a76eb8a2af3547df8a3c0c480f7f23d5
as-signature-rsa-sha256Computed signaturebcfba53d95454ada96b9658c4f178764
dateUTC time in RFC 1123 format.

Kindly note that the calculated signature is only valid for 3 minutes before or after the datetime indicated in this key.
Sun, 06 Nov 1994 08:49:37 GMT
content-typeContent type string.

If the request body is empty, set content-type to an empty string
application/json

An RSA key pair (public and private) is required for generating this API key.

Follow these steps to generate an RSA key pair:

  1. If using Mac or Linux, open Terminal. For Windows, use Git Bash or WSL2.

  2. Run:

    preparing...

    Leave the passphrase blank.

  3. This creates RSA key pair files (key and key.pub)

  4. Generate the public key:

    preparing...

    This create key.pem

  5. View key.pem content by typing cat key.pem. Copy it, and paste it into the Enter the public API secret box in the AfterShip Organization portal. webhook_version.png

Follow this flow:

  1. Construct SignString.
  2. Get the private key (the pair of the public key configured in the AfterShip Organization portal).
  3. Calculate the digest of SignString with the RSA_SIGN_PSS_2048_SHA256 algorithm using the previously generated private key. Refer to RFC 8017 for RSASSA-PSS signature details.
  4. Encode the result in base64 format; this gives you the required signature.