Authentication and Key Management

The EasyPost API requires secure authentication and careful management of API Keys to access its features.

API Key Access

Before accessing and generating API keys, users must

Set up an EasyPost Wallet
Add a ship-from address

These preliminary steps ensures all transactions are tied to a verified location, enhancing security and fraud protection.

Authentication

Each request must be authenticated using an API Key, which serves as the Basic Authentication username (no password is required). All communications with the EasyPost API must be secured via TLS v1.2. Improper authentication methods, such as HTTP requests or missing API Keys, will result in request failures.

API Key Types

EasyPost offers Test and Production keys:

Test: Enables functionality testing at no cost post-signup.
Production: Used for live application operations.

API Key Management

API Keys can be managed through the EasyPost Dashboard, allowing users to maintain control over their API access.

Security Practices

API Keys should be treated with the same level of security as passwords and kept confidential. They allow full account access; therefore, exposure to public code or communications should be avoided. A compromised key can be immediately disabled via the API Keys page on the EasyPost Dashboard.