Track and Trace (DHL Supply Chain)
v 1.2.4
Division: DHL Supply Chain

Best for:

  • Providing access to the Order information at any time
  • Customer-centric contract logistics solutions
  • Business customers of DHL Supply Chain
Region: Global
Used for: Tracking
Overview

The Track & Trace API comes in two versions that enables you to use services to access Order information provided by DHL Supply Chain in the MySupplyChain Track & Trace visibility solution (previously called Connected View).

Track and Trace - All Orders Types

- This API has two calls, the first returns a list of orders matching the key and country.    A second API is then called with a unique reference to return the order details.
         The order types available are Customer Order, Warehouse Order and Transport Order.

Documents and POD documents

- This API has two calls, the first returns documents and POD documents. A second API is then called with a document identifier to return the Document or POD document details.

Scope

These versions of the All Order Types APIs can return all Order types and Documents or POD documents with detail.

The type of information available through the public API is the same as the one users can find on the MySupplyChain Track & Trace public web search without logging in.

 

Using the API

The All Order Types API takes only 2 key parameters in the first call.  An order reference and country code.
Within the payload returned by this API will be a unique key,  "order_id", this must be used as the required parameter for the second API call.

Calling the second API with the  "order_id" will return the Order Detail information regardless of the Order type.

The Document and POD documents API takes only one key parameter  in the first call.  An select is required with possibility to choose what to retrieve in response documents, pod_documents or both.
Within the payload returned by this API will be a unique key,  "document_identifier", this must be used as the required parameter for the second API call.

Calling the second API with the  "documentId" for Documents or "podId" will return the detail for relevant document.

The MySupplyChain Track & Trace public API is a Restful API which uses GET HTTP requests.

Example Use Cases

Find the location of a shipment
You can use the API to help you build a website or application that enables DPDHL customers to see the location of their shipment.
 

Discover when a shipment will arrive
You can use the API to help you build a website or application that enables DPDHL customers to see when they can expect a delivery.
 

Get information on shipment Status
Some customers want to be informed of the current status of their request.   Is it "Awaiting Dispatch", "In Transit" or "Delivered".  These APIs can provide them with the information regarding shipment Status.   With the "All Order Types" API it is possible to return the status events for Purchase, Customer and Warehouse Orders along with the Transport Order information.  For example: have the goods been picked in the warehouse?
 

Obtain POD document available in Track and Trace

A customer may want to download the POD document available in Track and Trace using the API solution compared to doing so via the web page.

User Guide

 

 

    Get Access

     All Orders Types

    All Orders Types API requires a Work Request in GSN for further engagement of DHL LINK Build team. . A guideline for our Work Request process is available in this wiki page.

     MySupplyChain Track & Trace API – Request Process

    get access

     

    If you are not a DHL Supply Chain Customer, contact one of our experts here.

    Documents and POD documents

    To request access to these API’s, an azure service principal will be required.

    Once created, a request to Track  and Trace support team via the following request form must be submitted so that correct level of access is granted to the service principal. Level of access granted is typically customer/business partner specific

    Using the id and password for the service principal, you can call following API:

    OAuth

    The following API’s can be called using a bearer token provided by OAuth API:

    Documents And POD Documents

    Documents

    Documents Other

    Authentication

    The API Key and the key secret should be sent as HTTP basic authentication credentials. 

     

    DSC Basic Authentication

     

     

    This is the successful response which you will see when successfully authenticated.

    HTTP Response Status Code 200 OK

    This is the failed response which you will see in the browser in case of invalid credentials.

    HTTP Response Status Code 401 Unauthorized
    
    

    Available Authentication Methods

    DHL provides access to its APIs via the following mechanisms:

    • OAuth 2.0
    • Basic Authentication

    Each API will describe its particular access mechanism with regards of how to transmit the authentication within a single request. Credentials to use a certain API can be requested via the DHL Developer Portal.

     

    Resource Owner Password Grant Type

    For Mobile and Desktop apps,  T&T Service supports the Resource Owner Password OAuth 2.0 grant type. This password grant type is for highly trusted apps where resource owners share their credentials directly with the app.

    Resource Owner Password Grant Type Roles - OAuth 2.0

    The Resource Owner Password grant type uses the following roles:

    • Resource Owner: A person or system capable of granting access to a protected resource.
    • App: A client that makes protected requests using the authorization of the resource owner.
    • Authorization Server (T&T): The server that issues access tokens to client apps after successfully authenticating the resource owner.
    • Resource Server (T&T): The server that hosts protected resources and accepts and responds to protected resource requests using access tokens. Apps access the server through APIs.

    Resource Owner Password Flow

    The following diagram shows the flow for the Resource Owner Password grant type

    The diagram shows the flow for the Resource Owner Password grant type

     

    The flow of the Resource Owner Password grant type is:

    1. Authenticate: The user authenticates with the app using their username and password
    2. POST /auth/oauth/token?grant_type=password: The app sends the username and password in Auth section (common technical user for all API calls but different per environment) and username and password in request body (different per customer) to the authorization server for validation.
    3. Response (access_token, token_type, refresh_token, expires_in, scope): The authorization server validates the username and password and response an access token, token_type, refresh_token, expires_in and scope.
    4. Request resource server: The app attempts to access the resource from the resource server by presenting the access token (instead of access token has to be used refresh token if access token expires).
    5. Return Resource: If the access token is valid, the resource server returns the resources that the user authorized the app to receive.

     

    Access Token

    An OAuth Access Token is a string that the OAuth client uses to make requests to the resource server.

    Access tokens may be either "bearer tokens" or "sender-constrained" tokens. Sender-constrained tokens require the OAuth client to prove possession of a private key in some way in order to use the access token, such that the access token by itself would not be usable.

    Access tokens issued for the Management API and access tokens issued for any custom API that you have registered with Auth0 follow the JWT standard, which means that their basic structure conforms to the typical JWT structure, and they contain standard JWT claims asserted about the token itself.

    Refresh Token

    An OAuth Access Token is a string that the OAuth client uses to make requests to the resource server.

     

    Environments

    The addressable API base URL/URI environments are: 

    Environment Usage Description
    https://api-uat.dhl.com POD and Document API Q&A Environment
    https://dsc.api-sandbox.dhl.com Orders API Q&A Environment
    https://api-sandbox.dhl.com Orders API Q&A Environment
    https://api.dhl.com POD, Document API and Orders API Production environment

     

    Rate limits

    Rate limits protect the DHL infrastructure from suspicious requests that exceed defined thresholds.

    The standard spike arrest limit per client is set to 1,000 messages per minute

    Shared limits across all clients also applies. The limit is in terms of a quota, when quota is reached all clients will receive message below

    When the limit is reached, you will receive an HTTP Status code: 

    429: Too many requests.  
    

    Please contact api.dsc@dhl.com to get more information about it.

    It is important that project teams share the expected Customer API volumes on their implementation with LINK team

     

    Additional Information

    There is a rate card in place for the use of the MySupplyChain Track & Trace API.   Please discuss potential commercials with your local MySupplyChain Track & Trace contact prior to API usage.

     

    Example requests - All Order Types API

    The following parameters need to be included in the URL for the All Order Types API:

    API Call 1 (allorders):
    Parameter Description Examples
    num An order reference to search with 20190115
    c 2-letter country code

    GB, DE, ES, US, etc.

     

    API Call 2 (orderdetails):
    Parameter Description Examples
    order_id A unique order reference to search with String

     

    Header Description Examples
    Content-Type Fixed value application/json
    Authorization Basic Auth Basic <token_value>

     

    API Call 2 (Document and POD documents):

    This API is used to obtain the document id required to download the document

     

    Parameter Description Examples
    select

    Two options available:

    - to search pod documents

    - to search for other documents

    pod_documents

    documents

    page_size Lenght of page 20
    page Page number 0

     

    Header Description Examples
    Content-Type Fixed value application/json
    Authorization Bearer Token Bearer <token_value>

     

    Body

    It is possible to search using both order numbers and additional references.

    {

        "fields": [

            {

                "field_name": "order number",

                "_comment1": "order number simple",

                "field_value": "0003049098TEST"

            }

        ]

    }

    {

        "fields": [

            {

                "field_name": "reference type",

                "field_value": "TMS File Number",

                "_comment1": "Name in addintional refenrece"

            },

            {

                "field_name": "additional ref",

                "field_value": "91368248"

            }

        ]

    }

    API Call 3 (Documents):

    This API is used to download POD docuemts

    Parameter Description Examples
    documentId A unique document id 70fb39ee-1ba2-470d-81dd-ae6363be3ff2

     

    Header Description Examples
    Authorization Bearer Token Bearer <token_value>

     

    API Call 4 (Documents Others):

    This PIS is used to download other documents.

    Parameter Description Examples
    resourceId Unique document id AIDA/IT_COR4_VENCHI_
    orderId A unique order reference to search with

    AIDA/IT_COR4

     

    Header Description Examples
    Authorization Bearer Token Bearer <token_value>
    Legal Terms
    specifics for the use of Track & Trace (formally CONNECTEDVIEW) (DHL SUPPLY CHAIN) API

    In addition to the preceding section, the following terms and conditions apply only to Your usage of data or information received through the Track & Trace (DHL SUPPLY CHAIN) API:

    • Data requested and received via the Track and Trace (DHL SUPPLY CHAIN) API, such as estimated delivery date, actual delivery date, transport status, transport history is hereinafter referred to as "Tracking Data".
    • Tracking Data is Confidential Information in the meaning of section “Communication” of the General Developer Portal Terms of Use. Other than set forth below You must not reveal and/or provide third parties with the Tracking Data and/or analyze, modify such data in any form and/or derive data/information especially for competitive purposes from it without our prior written consent.
    • Tracking Data is provided to You and/or the entity you are authorized to represent (hereinafter “You”/”Your”) under the prerequisite, that You retrieved the according housebill number (DHL shipment number) in compliance with the applicable law, especially in the field of data protection and competition law and that You use the Tracking Data solely for Your own or Your customers’ legitimate tracking purposes.
    • The use and submission of Tracking Data – including submission to any of Your subcontractors – shall always be in compliance with applicable laws and regulations, including – without limitation – data protection laws and competition/antitrust law.
    • You shall not combine Tracking Data with advertisement or present it in a way that it could be regarded as advertisement.
    • Unless otherwise agreed, You shall delete the Tracking Data (including the transport history) 120 days after the last delivery is completed. DHL Supply Chain shall not be required to provide Tracking Data to You that is 120 days after the last delivery. Should You share Tracking Data with Your Customers "Delivered by Deutsche Post DHL Group" shall be displayed to Your Customers in text (minimum font size 12) at the time it is presented/submitted to them.
    1.0.0
    19.Mar.2020
    • Published API documentation with additional methods to Track All Order Types
    1.2.1
    02.Dec.2022
    • Changed Environment Url to APIgee
    • Added new endpoint OAuth
    • Edited endpoints:
      • /dsc-mysctt/documents/{documentId}

      • /dsc-mysctt/orders

      • /dsc-mysctt/pod/{podId}/content

    • Changed baseurl 
    1.2.2
    07.Dec.2022

    Converted to OpenApi 3.0

    1.2.3
    12.Jan.2023

    Added new parameter for AllOrders API

    1.2.4
    12.Dec.2023

    changed Track and Trace – Transport Orders  APIs endpoint

    1.2.5
    21.Nov.2024

    Excluded Transport API

    Additional info and examples to POD APIs

    1.2.5
    04.Dec.2024

    Updated swagger documentation