DHL Authentication API

v 1.3.0

Division: DHL Group, DHL Freight

This API provides authentication services for some of DHL Group's APIs.

Note: This Authentication API works only for a set of DHL Group's APIs. Please read the documentation of the API you are trying to use to know whether this Authentication API is the one to provide authentication services for you.

Region: Global

Used for: Account

Overview

The DHL Authentication API allows to generate access tokens for DHL Group APIs which use this service as their authentication provider.

What: Generate access tokens, either JWT or Opaque.
Who: for those APIs from DHL Group which explicitly use this service for authentication. Please read the documentation from the API you are trying to access.
How: API Userguide.
When: Obtain an access token from this API prior to consuming the API you are trying to use.

Scope

The API shall be used to generate a time-limited token which can then be used to consume other APIs.

Using the API

2 formats are supported:

Opaque tokens: A proprietary format that usually contain some identifier to information in a server's persistent storage. Needs a validation server to work properly.
JSON Web Token (JWT): Follows the JSON Web Token (JWT) standards and contain information pertaining to an entity given in the form of claims. They are self-contained, thus not requiring a call to a validation server.

Example Use Case

Retrieving a JWT token

DHL Authentication API is a companion API that offers authentication services for other DHL APIs. In effect, any requested app will be given a consumer key (client_id) and a consumer secret (secret_key) which can be used to call this API with Basic Authentication, to generate an access token to consume another API.

Refer to User Guide for a detailed instructions.

User Guide

Using the Authentication API

Get Access

DHL Authentication API is a companion API. Access to this API will be given automatically when you are given access to a different API which uses the Authentication API for authentication services.

AUTHENTICATION

Every call to an API requires a subscription key. To call the Authentication API, the same key as your approved app will be used.

To view your API subscription keys:

From the My Apps screen, click on the name of your app.
The app details page will be shown.
Here you can find:
Consumer Key = client-id
Consumer Secret = secret-key
Click the Show link below the asterisks to show both values.

Get a token

To get a token, this API accepts a POST request with Basic Authentication in which the client-id and secret-key will be sent base64 encoded in the authorization header as follows:

authorization: Basic <base64-encoded-key>

base64 encoded key: this is the base64 encoded of <client-id>:<secret-key>

Example of how to base64 encode a key in linux

$ echo <client-id>:<secret-key> | base64

CURL example to generate an opaque bearer access token

curl -X POST "https://api-sandbox.dhl.com/auth/v1/token?response_type=access_token&grant_type=client_credentials" -H "accept: application/json" -H "authorization: Basic <your-basic-base64-key>"'

Response received should be similar to below:

{
    "access_token": "aVX6xgQSanylwsnVwaANfp8nIC2U",
    "id_token": "",
    "scope": "",
    "token_type": "Bearer",
    "expires_in": 1692
}

CURL example to generate a JWT token

curl -X POST "https://api-sandbox.dhl.com/auth/v1/token?response_type=id_token&grant_type=client_credentials" -H "accept: application/json" -H "authorization: <your-basic-base64-key>"'