Authenticating with REST oauth APIs
In 2023 most of the shipping carriers released new APIs (UPS-REST, FedEx-REST, USPS-REST) that authenticate with oauth expiring tokens. You no longer can pass static credentials to make API requests. You need to generate a token that is good for ~1-8 hours and use that token for API requests. Unfortunately, this means you need to temporarily store the token.
You can generate this token using the RocketShipIt Authenticate
call.
Examples:
- https://docs.rocketship.it/2-0/examples/#ups-rest-authenticate
- https://docs.rocketship.it/2-0/examples/#fedex-rest-authenticate
- https://docs.rocketship.it/2-0/examples/#usps-rest-authenticate
Example response:
{
"data": {
"access_token": "eyJraWQiOiI2NGM0YjYyM...",
"errors": null,
"expires_in": 14399,
"issued_at": 1714681230731,
"scope": "",
"token_type": "Bearer"
},
"meta": {
"code": 200,
"error_message": ""
}
}
expires_in
is seconds left until expiration. Ex: 14,000 / 60 / 60 = ~4 hours.issued_at
is a standard Unix epoch timestamp. It is the number of seconds since 1/1/1970access_token
this is thekey
you will use in subsequent requests.
Example next request:
{
"carrier": "UPS-REST",
"action": "Track",
"params": {
"key": "eyJraWQiOiI2NGM0YjYyM...",
"tracking_number": "1Z12345E0205271688",
"test": true
}
}
For low volume and quick testing you can have RocketShipIt request a key on each request (not recommended for production):
{
"carrier": "UPS-REST",
"action": "Track",
"params": {
"client_id": "specify this while omitting key",
"client_secret": "and RocketShipIt will make the Authenticate call for you and fill out the key param",
"tracking_number": "1Z12345E0205271688",
"test": true
}
}