QUICKSTART

API Quick Start

OAuth

Getting Started

CHANGELOG

REFERENCE

Rates

Calculate rates

Labels

Manifests

Create a manifest

Couriers

Get all couriers

Cancel Labels

Get the cancelled labels

Get a cancelled label

Pickups

Create a pickup

Cancel Pickups

Get the cancelled pickups

Cancel a pickup

Get a cancelled pickup

Shipper Accounts

Get shipper accounts

Create a shipper account

Get a shipper account

Delete a shipper account

Update a shipper account's information

Update a shipper account's credentials

Update a shipper account's settings

Address Validations (Beta)

Create an address validation

Locations

MODEL

Envelope

Primitive

PaymentMethodAccount

Resource

AddressValidation (Beta)

Carrier Guide

Supported Carriers

ENUM

Shipper Accounts Credentials

Service Types and Service Options List

All Service Options

Webhook

Webhook Overview

Webhook Specifications

Webhook Signature

Webhook Outgoing IPs

SDK

Open Source

Support

Contact Support

Webhook Signature

Check for AfterShip's base64-encoded HMAC generated signature to verify all incoming webhook events to avoid replay attacks.

Webhooks include a calculated digital signature for verification. Each webhook request includes an am-webhook-signature header. The signature is a base64-encoded HMAC generated using the sha256 algorithm with the webhook request body and the webhook secret of your account.

Each webhook request could be verified by comparing the computed HMAC digest and the attached HMAC digest in the header.

The following Node.js example demonstrates the computation of a webhook signature.

preparing...

Webhook secret can be obtained by going to Settings > Webhooks