QUICKSTART
API Quick Start
Authentication
SignString
Rate Limit
Body Envelope
Request Errors
CHANGELOG
Changelog
Reference
API Overview
v1
Memberships
Get memberships
get
Create membership
post
Get membership by ID
get
Update membership by ID
patch
Delete membership by ID
delete
Roles
Get roles
get
Model
Envelope
Meta
v1
Error
v1
Pagination
v1
Resource
Membership
v1
Role
v1
Support
Contact Support

Authentication

Learn how to authenticate your API requests in a few easy steps. There are 3 different types of API authentication methods.

How to get your API Key?

  1. Log in to your AfterShip account. (If you don’t have it, click Create account at the bottom of the login page to create one for FREE.)
  2. Visit API keys.
  3. Click Create an API key and follow the given instructions to generate your API key.

1. API Key

The API Key method is a more straightforward authentication method that only verifies whether the API Key value is correct or not.

Required Headers

Header NameDescriptionExample
as-api-keyThe API key retrieved from the developer portal6e759c509d174859be1fb856c4ab646e

2. AES

Required Headers

Header NameDescriptionExample
as-api-keyThe API key retrieved from the developer portal6e759c509d174859be1fb856c4ab646e
as-signature-hmac-sha256Computed signaturebcfba53d95454ada96b9658c4f178764
dateUTC time in RFC 1123 format.

Kindly note that the calculated signature is only valid for 3 minutes before or after the datetime indicated in this key.		Sun, 06 Nov 1994 08:49:37 GMT
content-typeContent type string.

If the request body is empty, set content_type to an empty string		application/json

Calculating the signature

Calculate the signature using the flow given below:

  1. Construct SignString.
  2. Get the required API secret from the API key generation page.
  3. Calculate the hash of SignString with hmac-sha256 algorithm.
  4. Encode the result in base64 format; the output will be the required signature.

3. RSA

Required Headers

Header NameDescriptionExample
as-api-keyThe API key retrieved from the developer portal6e759c509d174859be1fb856c4ab646e
as-signature-rsa-sha256Computed signaturebcfba53d95454ada96b9658c4f178764
dateUTC time in RFC 1123 format.

Kindly note that the calculated signature is only valid for 3 minutes before or after the datetime indicated in this key.		Sun, 06 Nov 1994 08:49:37 GMT
content-typeContent type string.

If the request body is empty, set content_type to an empty string		application/json

Calculating the signature

The signature can be calculated by this flow:

  1. Construct SignString.
  2. Get the required API secret from the API key generation page.
  3. Calculate the digest of SignString with RSA_SIGN_PSS_2048_SHA256 algorithm.
  4. Encode the result in base64 format; the output will be the required signature.