API Authentication
The Parcelpoint API requires authentication by HTTP Bearer Token headers. Your token should be included in the Authentication header for your API request.
The actual header that is used will be a string of hexadecimal characters like this:
Bearer eyJraWQiOiJFNm1aT2c0OW9KRkRLemU2bXVQckcrdnNSNnhTUUtvSk9UUHU3Y2RldGo0PSIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiIycmdhdmNjYnZqYnEzdTQ5aGJqdTZyNTNuMiIsInRva2VuX3VzZSI6ImFjY2VzcyIsInNjb3BlIjoib3JkZXItYXBpXC9jcmVhdGUiLCJhdXRoX3RpbWUiOjE1OTc5ODI4ODYsImlzcyI6Imh0dHBzOlwvXC9jb2duaXRvLWlkcC5hcC1zb3V0aGVhc3QtMi5hbWF6b25hd3MuY29tXC9hcC1zb3V0aGVhc3QtMl9heMost endpoints provided in the Parcelpoint API are in relation to a specific retailer. You'll need to provide your HTTP Bearer Token and include it in the Authentication header of the API Request.
Visit OAuth for more information on how OAuth 2.0 works.
Generating your token
You can generate your token by sending a request to the endpoint below. You’ll need a Client ID and Secret, which you can receive by sending an email to our tech team.
Staging Request
curl --location --request POST 'https://staging-pp.auth.ap-southeast-2.amazoncognito.com/oauth2/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'client_id={YOUR_CLIENT_ID}' \
--data-urlencode 'client_secret={YOUR_CLIENT_SECRET}'Production Request
curl --location --request POST 'https://auth.parcelpoint.com.au/oauth2/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'client_id={YOUR_CLIENT_ID}' \
--data-urlencode 'client_secret={YOUR_CLIENT_SECRET}'Parameters
| Name | Type | Required | Description |
|---|---|---|---|
| grant_type | String | Yes | Type of token you want to generate. By default, use client_credentials |
| client_id | String | Yes | Your client_id as provided by Parcelpoint. |
| client_secret | String | Yes | Your client_secret as provided by Parcelpoint. |
⚠️ Security Note
Treat your Client ID and Client Secret as a password and never make it available outside of your direct control. The Bearer Token by design enables direct access to the Parcelpoint API on your behalf, therefore making it inappropriate and unsafe to share your Bearer Token among multiple parties.
SFTP Authentication
For integrations that use a flat-file you will need to use the SFTP details that we sent to you to get the list of Parcelpoint locations. The SFTP details consist of the following parameters:
| Parameter | Description |
|---|---|
sftp.parcelpoint.com.au |
The hostname of the SFTP where you upload your manifest files |
username |
The username supplied by Parcelpoint to connect to the SFTP |
password |
The password supplied by Parcelpoint to connect to the SFTP (for the username above) |
| root directory | used for uploading CSV and XML files to create your delivery/deliveries |
| processed directory | all files will automatically be moved into this folder within 5 minutes if they were successfully processed |
When uploading your file to the SFTP, use the following naming convention:
{retailerName}_delivery_YYYYMMDD_HHMMExample
jojam_delivery_20200712_1332The maximum file size for uploading to our SFTP is 450KB.