5. Authentication

HTTP basic access authentication on top of SSL is used for authentication. Every request must include an Authorization header with a base64 encoded API key. Go to base64encode.org to convert your key to base64.

GET /somelink HTTP/1.1
Authorization: bearer BASE64_ENCODED_API_KEY

Our API uses API keys for access control. When a Merchant wants to connect an external system to our API he/she needs to create an API key. This API Key will be assigned the Broker role. Currently, the merchant is not able to create or assign another role to an API key. When you want to invalidate an API key you should regenerate it. An intermediate system, such as the MyParcelNL backoffice or SendMyParcel backoffice, has its own API key but cannot access user resources. For this it needs to request a Session Token so that it can perform actions on behalf of the user. The API key and Session Token are sent in the Authorization header.

5.1 Error codes

Our API defines a list of error codes besides the HTTP status codes. Error codes are divided in ranges to make it easier for developers to quickly diagnose and solve problems. Errors are returned as an Error object.

Edit this page
Last updated: 
Contributors Edie Lemoine