CPL API
Useful links
  • Developer
  • Sandbox
Useful links
  • Developer
  • Sandbox
Přepni do češtiny
    • Introduction
    • General
    • Creation of orders and shipments
    • Changelog
    • Authentication
      • Getting Bearer token
    • API Methods
    • Examples
      • Response - pick up labels (PDF A4)
      • Response - pickup label (ZPL)
      • Response - pick up label (JPG)
      • Shipment - shipment set items
      • International Shipment with or without COD – Parcels in a Set
      • Multiple shipments in one request
      • Shipment connect
    • FAQ
    • Postman Collection
    • Postman Flows

    Authentication

    CPL API supports an authentication method based on a Bearer token using the OAuth 2.0 protocol. This type of authentication provides a secure and flexible way to access protected API resources.

    Authentication Requirements#

    GET/INFO Method: This method does not require authentication and can be called without logging in.
    All Other Methods: These require HTTP authentication using a valid Bearer token.
    To access the API, you must meet the following requirements:
    1.
    Enable OAuth 2.0:
    Request CPL support to enable OAuth 2.0 access and obtain your client credentials (Client ID and Client Secret).
    2.
    Generate an Access Token:
    Log in to the service using your Client ID and Client Secret.
    Send a request to the URL designated for issuing tokens (https://api.dhl.com/ecs/ppl/myapi2/login/getAccessToken).

    Security Guidelines#

    Due to the nature of this authentication, it is MANDATORY to use the HTTPS protocol exclusively. This ensures encrypted communication and protects sensitive data during transmission.

    Access Token Validity#

    The access token is valid for 30 minutes.
    After expiration, the token must be refreshed.
    The maximum number of tokens that can be generated is 12 tokens per minute.

    Recommendations#

    1.
    Secure Storage of Tokens:
    Access tokens and the Client Secret should never be stored in source code or in publicly accessible locations.
    2.
    Automatic Token Refresh:
    Implement a mechanism to automatically refresh the token before it expires.
    3.
    Use HTTPS for All Requests:
    Never send tokens or credentials over an unencrypted connection (HTTP).

    Common Issues#

    Invalid Token: Check that the access token has been correctly included in the Authorization header.
    Expiration: If the token has expired, generate a new one.
    Authentication Errors: Ensure that you are using the correct Client ID and Client Secret.
    Modified at 2025-02-07 07:04:38
    Previous
    Changelog
    Next
    Getting Bearer token