Authentication

Learn how to authenticate your API requests in a few easy steps. There are 3 different types of API authentication methods.


  1. Log in to your AfterShip account. (If you don’t have it, click Create account at the bottom of the login page to create one for FREE.)
  2. Visit API keys.
  3. Click Create an API key and follow the given instructions to generate your API key.

The API Key method is a more straightforward authentication method that only verifies whether the API Key value is correct or not.

Header NameDescriptionExample
as-api-keyThe API key retrieved from the developer portal6e759c509d174859be1fb856c4ab646e
Header NameDescriptionExample
as-api-keyThe API key retrieved from the developer portal6e759c509d174859be1fb856c4ab646e
as-signature-hmac-sha256Computed signaturebcfba53d95454ada96b9658c4f178764
dateUTC time in RFC 1123 format.

Kindly note that the calculated signature is only valid for 3 minutes before or after the datetime indicated in this key.
Sun, 06 Nov 1994 08:49:37 GMT
content-typeContent type string.

If the request body is empty, set content_type to an empty string
application/json

Calculate the signature using the flow given below:

  1. Construct SignString.
  2. Get the required API secret from the API key generation page.
  3. Calculate the hash of SignString with hmac-sha256 algorithm.
  4. Encode the result in base64 format; the output will be the required signature.
Header NameDescriptionExample
as-api-keyThe API key retrieved from the developer portal6e759c509d174859be1fb856c4ab646e
as-signature-rsa-sha256Computed signaturebcfba53d95454ada96b9658c4f178764
dateUTC time in RFC 1123 format.

Kindly note that the calculated signature is only valid for 3 minutes before or after the datetime indicated in this key.
Sun, 06 Nov 1994 08:49:37 GMT
content-typeContent type string.

If the request body is empty, set content_type to an empty string
application/json

An RSA key pair (public and private) is required for generating this API key.

Follow these steps to generate an RSA key pair:

  1. If using Mac or Linux, open Terminal. For Windows, use Git Bash or WSL2.

  2. Run:

    preparing...

    Leave the passphrase blank.

  3. This creates RSA key pair files (key and key.pub)

  4. Generate the public key:

    preparing...

    This create key.pem

  5. View key.pem content by typing cat key.pem. Copy it, and paste it into the Enter the public API secret box in the AfterShip Organization portal. webhook_version.png

Follow this flow:

  1. Construct SignString.
  2. Get the private key (the pair of the public key configured in the AfterShip Organization portal).
  3. Calculate the digest of SignString with the RSA_SIGN_PSS_2048_SHA256 algorithm using the previously generated private key. Refer to RFC 8017 for RSASSA-PSS signature details.
  4. Encode the result in base64 format; this gives you the required signature.