Authentication and authorization for the EasyPost API are handled via Basic Auth, using an API key as the username without a password. All communications with the EasyPost API must be secured via TLS v1.2. Improper authentication methods, such as HTTP requests or missing API Keys, will result in request failures.
Prerequisites
- Sign up for an EasyPost account.
- Set up the EasyPost Wallet.
API Key Types
EasyPost offers Test and Production keys:
- Test: Enables functionality testing at no cost post-signup.
- Production: Used for live application operations.
Security Practices
API Keys should be treated with the same level of security as passwords and kept confidential. They allow full account access; therefore, exposure to public code or communications should be avoided. A compromised key can be immediately disabled via the API Keys page on the EasyPost Dashboard.
Obtaining API Keys
- Login to the EasyPost Dashboard.
- Navigate to Account Settings.
- Select the API Keys tab.
- Click the Add Additional API Key dropdown and select Production or Test.
The API Keys will be displayed on the dashboard.
Disabling API Keys
- Login to the EasyPost Dashboard.
- Navigate to Account Settings.
- Select the API Keys tab.
- Find the API Key to be disabled and move the Status toggle switch to Disabled.
- Once the API key is disabled. Select the delete icon to remove the API Key from the dashboard.
- Confirm deletion.