Authentication

The atoship API uses API keys to authenticate requests. You can view and manage your API keys in the Dashboard.

API Keys

Your API keys carry many privileges, so be sure to keep them secure. Do not share your secret API keys in publicly accessible areas such as GitHub, client-side code, etc.

Live

sk_live_...

Use live mode keys when you're ready to go live with real shipping labels.

Test

sk_test_...

Use test mode keys for development and testing. No real labels will be created.

Authenticating Requests

Authentication is performed via the Authorization header using Bearer token authentication.

Authorization: Bearer sk_live_abc123...

Security Best Practices

Use environment variables

Store API keys in environment variables, not in code

Rotate keys regularly

Generate new keys periodically and revoke old ones

Use test keys for development

Never use live keys in development or test environments

Restrict key permissions

Create separate keys with limited scopes for different services

Authentication Errors

401

Unauthorized

No valid API key provided or the key has been revoked

403

Forbidden

The API key doesn't have permissions for the requested resource

GET

Authenticated Request

1	"text-emerald-400">curl https://atoship.com/api/v1/account "text-emerald-400">\
2	"text-blue-400">-H "Authorization: Bearer sk_live_abc123..."

Required Headers

Authorization:Bearer sk_live_...

Content-Type:application/json

Key Prefixes

sk_live_Live mode secret key

sk_test_Test mode secret key

pk_live_Live mode publishable key

pk_test_Test mode publishable key