Developer Docs

Getting Started
  • Quick Start
  • Getting Started
  • Authentication
API Reference
  • Overview
  • Orders
  • Products
  • Inventory
  • Shipments
  • Customers
  • Returns
  • Tracking
Integrations
  • Shopify
  • WooCommerce
  • BigCommerce
  • Custom API
Webhooks
  • Overview
  • Webhook Events
Resources
  • Rate Limits
  • Error Codes
  • API Playground
  • SDK Libraries
  • Changelog
  • API Status
Support
  • Community
  • GitHub
  • Support
HomeDeveloper HubDocsAuthentication
Authentication

Secure API Authentication

Learn how to authenticate your API requests with API keys, OAuth 2.0, and implement security best practices.

Authentication Methods

3PL SHIP API supports multiple authentication methods to fit your use case:

API Keys

Recommended for server-to-server integration

OAuth 2.0

For app marketplace integrations

JWT Tokens

For client-side applications

API Key Authentication

Getting Your API Keys

  1. 1Log in to your 3PL SHIP Dashboard
  2. 2Navigate to Settings → API Keys
  3. 3Click "Generate New API Key"
  4. 4Copy and securely store your Public and Secret keys

Making Authenticated Requests

Include your API key in the Authorization header as a Bearer token:

curl https://app.3plship.com/api/v1/orders \
  -H "Authorization: Bearer zl_live_a1b2c3d4e5f6..." \
  -H "Content-Type: application/json"

Security Best Practices

Store Keys Securely

Never hardcode API keys in your source code. Use environment variables or a secure key management service.

Use HTTPS Only

All API requests must be made over HTTPS. Plain HTTP requests will be rejected.

Rotate Keys Regularly

Generate new API keys periodically and revoke old ones. We recommend rotation every 90 days.

Use Separate Keys per Environment

Maintain separate API keys for development, staging, and production environments.

Monitor API Usage

Regularly review API logs and set up alerts for unusual activity patterns.

Key Rotation

Regular key rotation is essential for maintaining security. Follow these steps:

  1. 1

    Generate New Key

    Create a new API key in your dashboard

  2. 2

    Update Applications

    Deploy the new key to all your services

  3. 3

    Monitor for Issues

    Ensure all systems are working with the new key

  4. 4

    Revoke Old Key

    Safely remove the old key after 24-48 hours

Environment Separation

3PL SHIP uses the same API endpoint for both testing and production. The environment is determined by your API key prefix:

Test Environment

Safe environment for testing without affecting real data or triggering fulfillment

https://app.3plship.com/api/v1

API Keys start with: zl_test_

Example: zl_test_a1b2c3d4e5f6...

Production Environment

Live environment with real fulfillment operations and shipping

https://app.3plship.com/api/v1

API Keys start with: zl_live_

Example: zl_live_a1b2c3d4e5f6...

Note: Simply swap your API key to switch between test and production environments. All endpoints and functionality are identical.

Common Authentication Errors

401 Unauthorized

Missing or invalid API key. Check that your Authorization header is correctly formatted.

403 Forbidden

Valid key but insufficient permissions. Check your key's access level.

429 Too Many Requests

Rate limit exceeded. Implement exponential backoff and respect rate limit headers.

Ready to start building?

Quick Start GuideAPI Reference