Deliveries API
Search…
Introduction
General
Introduction
Authentication
Quotes
Deliveries
Statuses
Webhooks
Interactive Delivery Tracking
Integrations
Overview
Entities to know
Entities
Upcoming
The new stuff
Powered By GitBook
Authentication
Delivery API access is based on HTTP basic auth
To be able to call our API you need to use your API credentials from the company settings in your dashboard https://dash.shippify.co/settings
The domain to call all the endpoints is https://api.shippify.co
You will get an APP ID and APP SECRET from the dash to request our API using basic auth.
You should not call Server API from your client app to protect your API Token If your API Token is compromised, you might loose all of your data.
If you don't have an account yet, please create one filling up a form in our website

Best practices for securely using API keys

When you use API keys in your applications, take care to keep them secure. Publicly exposing your credentials can result in your account being compromised, which could lead to unexpected charges on your account. To keep your API keys secure, follow these best practices:
  • Do not embed API keys directly in code: API keys that are embedded in code can be accidentally exposed to the public—for example, if you forget to remove the keys from code that you share. Instead of embedding your API keys in your applications, store them in environment variables or in files outside of your application's source tree.
  • Do not store API keys in files inside your application's source tree: If you store API keys in files, keep the files outside your application's source tree to help ensure your keys do not end up in your source code control system. This is particularly important if you use a public source code management system such as GitHub.
  • Restrict your API keys to be used by only the IP addresses, referrer URLs, and mobile apps that need them: By restricting the IP addresses, referrer URLs, and mobile apps that can use each key, you can reduce the impact of a compromised API key. You can specify the hosts and apps that can use each key from the console by opening the Credentials page and then either creating a new API key with the settings you want, or editing the settings of an API key.
  • Delete unneeded API keys: To minimize your exposure to attack, delete any API keys that you no longer need.
  • Review your code before publicly releasing it: Ensure that your code does not contain API keys or any other private information before you make your code publicly available.
General - Previous
Introduction
Next - General
Quotes
Last modified 4yr ago
Copy link
Contents
Best practices for securely using API keys