Authentication
To use the Shippit APIs, you need an API Key to authenticate calls. To view your API secret, log in to your Shippit account, and navigate to Settings → Integrations.
Your API key is allocated to a single account, with each account assigned to a single store location. If you are planning to book orders and ship from multiple locations, you need to use multiple Shippit accounts, using multiple API keys. For more information about how to do this, see the Get Started with Shippit APIs article. To get your location allocation set up correctly, talk to your Shippit account manager, or contact Shippit support.
Authentication header
Shippit’s API uses bearer authentication. This means you need to include your API Secret in the Authorization header of every request you send. The header should look like this:
Authorization: Bearer <YOUR_API_SECRET>
Important: Don’t include your API secret directly in the URL of your requests. Doing this is insecure and isn’t supported.
Additional request headers
When you use Shippit APIs, we require you to provide additional information in your request headers. This table shows the additional headers that you need to provide:
| Request Header | Purpose | Example | Type and limits | Mandatory? |
|---|---|---|---|---|
user-agent | A string to help identify technical information about the integration. Useful information includes software library names, release versions, and dates. | Shippit_Shipping for Magento2 v1.5.3 | 200 chars | Recommended |
x-shippit-partner | A string to identify the entity developing and maintaining the integration. This could be a business name for self-maintained integrations, or the name of a technical partner maintaining the integration. | Shopify, Wallymart | 200 chars | Optional |
x-shippit-platform | A string identifying the platform or software making the calls. This helps us identify when all integrations on the same platform require action, or who to contact about known issues with a platform type. | Magento v2, CustomShop2000 | 200 chars | Recommended |
Providing this additional information allows Shippit to better support your integration. Information like this allows us to identify which systems are making API requests, and who to contact with important information about specific integrations or platforms.
Authentication errors
If you encounter authentication errors, check these things first:
- Make sure you’re using the correct API secret and that it hasn’t expired.
- Check that you have included the
Authorizationheader in your request and formatted it correctly. - Make sure you’ve added a valid credit card to your billing details in Shippit.
If you’re still having trouble, contact Shippit Support.