Lookup Tariff Codes
The NZ Post Shipping APIs implement the OAuth 2.0 for secure authentication and authorization. The OAuth 2.0 protocol requires an access token to be submitted with all API calls. There are multiple ways to implement OAuth 2.0 authentication, for most use case we recommend using Client Code Flow. If you would like to use a different method to implement OAuth 2.0 authentication, please contact API Support at api@nzpost.co.nz.
All communication with our servers must be over TLS (https://).
Step 1: Get your authorisation token
To get an authentication token, you will need the client_id and client_secret for your application, these can be found on the developer portal My Application page: https://anypoint.mulesoft.com/apiplatform/nz-post-group#/apps
The first step is to obtain an authorisation token. This is done by making a simple request to our authentication server with your application's client_id and client_secret.
$ curl -d "grant_type=client_credentials\
You will receive a response like this:
"access_token": "{ACCESS TOKEN}",
"token_type": "Bearer",
"expires_in": 86399
Response Parameters
The following lists the required fields in the OAuth token response message.
Parameter | Description |
access_token | OAuth 2.0 access token that you will use for subsequent API calls |
token_type | This is the type of token generated. The default is Bearer token, which can be understood as "give access to whoever brings the bearer token." |
expires_in | Duration that the access token is valid for, in seconds. The default value is 86399 seconds (24 hours). It is the API consumer responsibility to manage token expiry |
Step 2: Use your authorisation token in an API call
Pass the access_token returned in the response in the Authorization header with the type Bearer to make requests on behalf of a user:
curl -H 'Authorization: Bearer YOUR_ACCESS_TOKEN' \
'https://api.nzpost.co.nz/{API CALL}'
Header Example
Point to consider: although not mandatory, it is high encouraged to cache your token and use it until it expires. This improves your applications performance, and reduces the number of requests to NZ Post OAuth servers.