ParcelTrack API

(0 reviews)


The NZ Post Shipping APIs implement the OAuth 2.0 for secure authentication and authorization. The OAuth 2.0 protocol requires an access token to be submitted with all API calls. There are multiple ways to implement OAuth 2.0 authentication, for most use case we recommend using Client Code Flow.

All communication with our servers must be over TLS (https://).

Step 1:Get your authorisation token

To get an authentication token, you will need the client_id and client_secret for your application, these can be found on the developer portal My Application page:

The first step is to obtain an authorisation token. This is done by making a simple request to our authentication server with your application's client_is and client_secret.

$ curl -d "grant_type=client_credentials\

You will receive a response like this:

    "access_token": "{ACCESS TOKEN}",
    "token_type": "Bearer",
    "expires_in": 86399

Response Parameters

The following lists the required fields in the /labels/domestic response message.

access_tokenOAuth 2.0 access token that you will use for subsequent API calls
token_typeThis is the type of token generated. The default is Bearer token, which can be understood as "give access to whoever brings the bearer token."
expires_inDuration that the access token is valid for, in seconds. The default value is 86399 seconds (24 hours). It is the API consumer responsibility to manage token expiry

Step 2: Use your authorisation token in an API call

Pass the access_token returned in the response in the Authorization header with the type Bearer to make requests on behalf of a user:

curl -X POST \
-H 'Authorization: Bearer YOUR_ACCESS_TOKEN' \
-H 'client_id : YOUR client_id' \
-H 'Content-Type : application/json' \

Header Example

Accept-Encoding: gzip,deflate
Authorization: Bearer eyJhbGciOiJIUzI1NiIsImtpZCI6IlRFU1Qi...
client_id: add9...
Content-Type : application/json
Connection: Keep-Alive
User-Agent: Apache-HttpClient/4.3.1 (java 1.5)