Skip to main content

Authentication

The Shipping Channels API uses API keys to authenticate requests. API keys provide a simple and secure way to authenticate your requests to the Shipping Channels API.

API Keys

API keys are long, random strings that identify your application when making API requests. Each API key is associated with a specific user account and has specific permissions.

API keys are associated with your user account and provide access to your resources within the Shipping Channels platform.

Obtaining an API Key

To obtain an API key:

  1. Log in to your Shipping Channels dashboard
  2. Navigate to Settings → API Keys
  3. Click "Create API Key"
  4. Enter a descriptive name for your key
  5. Select the desired permissions
  6. Click "Generate API Key"
  7. Copy your API key immediately — you won't be able to see it again!

Using API Keys

To authenticate API requests, include your API key in the Authorization header using the Bearer authentication scheme:

Authorization: Bearer YOUR_API_KEY

Example with cURL:

curl -X GET \
  https://api.shipping-channels.com/v1/shipping-channels \
  -H "Authorization: Bearer YOUR_API_KEY"

API Key Security

Your API keys carry many privileges, so be sure to keep them secure! Here are some best practices:

  • Never share your API keys in publicly accessible areas such as GitHub, client-side code, etc.
  • Keep your API keys secure in environment variables or a secure key store
  • Use different API keys for different environments (development, staging, production)
  • Rotate your API keys periodically for enhanced security
  • Use the minimum required permissions for each API key

Key Expiration and Rotation

API keys do not expire automatically. However, for security reasons, we recommend rotating your API keys periodically. To rotate an API key:

  1. Generate a new API key with the same permissions
  2. Update your applications to use the new key
  3. Delete the old key when you've confirmed the new key is working

Revoking API Keys

If an API key is compromised or no longer needed, you should revoke it immediately:

  1. Log in to your Shipping Channels dashboard
  2. Navigate to Settings → API Keys
  3. Find the API key you want to revoke
  4. Click "Revoke"

Once an API key is revoked, it cannot be used to authenticate API requests anymore.

Rate Limiting

API requests are rate-limited based on your API key. By default, each API key is allowed 100 requests per minute. If you exceed this limit, you'll receive a 429 Too Many Requests response with information about when you can resume making requests.

The rate limit headers included in API responses are:

  • X-RateLimit-Limit: Maximum number of requests allowed per minute
  • X-RateLimit-Remaining: Number of requests remaining in the current rate limit window
  • X-RateLimit-Reset: Time in UTC epoch seconds when the rate limit window resets

If you need higher rate limits, please contact our support team.