QUICKSTART

API Quick Start

OAuth

Getting Started

Try API Endpoints

CHANGELOG

Migration Guide

REFERENCE

Trackings

Create a tracking

Get a tracking by ID

Update a tracking by ID

Delete a tracking by ID

Retrack an expired tracking by ID

Mark tracking as completed by ID

Get a tracking (Legacy)

Update a tracking (Legacy)

Delete a tracking (Legacy)

Retrack an expired tracking (Legacy)

Mark tracking as completed (Legacy)

Couriers

Get user activated couriers

Get all couriers

Last Checkpoints

Get last checkpoint by tracking ID

Get last checkpoint (Legacy)

Notifications

Get tracking notification by tracking ID

Add a notification by tracking ID

Remove a notification by tracking ID

Get tracking notification (Legacy)

Add a notification (Legacy)

Remove a notification (Legacy)

Estimated delivery date

Batch predict the estimated delivery date

MODEL

ENUM

Additional Tracking Fields

Delivery Statuses

Delivery Sub-statuses

Webhook

Webhook Overview

Webhook Versioning

Webhook Specifications

Webhook Signature

Webhook OAuth 2.0

Webhook Outgoing IPs

Webhook Changelog

OTHERS

Supported Couriers

CSV Upload & CSV Auto-Fetch

SDK

Open Source

Support

Contact Support

Webhook Signature

Check for AfterShip's base64-encoded HMAC generated signature to verify all incoming webhook events to avoid replay attacks.

Webhooks includes a calculated digital signature for verification. Each webhook request includes a aftership-hmac-sha256 header. The signature is a base64-encoded HMAC generated using sha256 algorithm with webhook request body and webhook secret of your account.

Each webhook request could be verified by comparing the computed HMAC digest and the attached HMAC digest in header.

The following Node.js example demonstrates the computation of a webhook signature.

preparing...

Webhook secret can be obtained by going to Settings > Notifications