With the modernization of our API landscape, we are gradually replacing the previous Basic Authentication with the more modern OAuth 2.0 supporting Authentication API.
Using the new Authentication API offers you the following advantages:
Security:
OAuth 2.0 provides a more secure authentication method. With Basic Authentication, username and password are sent with each request, increasing the risk of these details being intercepted and misused. OAuth 2.0 uses tokens that have a limited lifespan (30 minutes) and grant specific access rights. These are opaque tokens that do not contain any user data.
Performance:
By using OAuth 2.0, you can currently reduce authentication calls to one every 30 minutes. Using the received bearer token for functional API calls results in approximately 25% faster response times for your requests.
Credential Management:
OAuth 2.0 allows for centralized and standardized credential management. You do not need to pass your credentials directly to each of your application or services but authorize access through a central authentication service within your IT infrastructure.
Best Practice: How should you use the Authentication API?
By using the Authentication API, you can centrally create and manage access tokens for using our APIs. We recommend one of the following implementation scenarios:
Scenario 1: Reactive - Renewal after Authentication Error
- Create an access token using the Authentication API
- Use the access token until you first receive a response with status 401 (Unauthorized / Invalid Access Token)
- Renew your access token using the Authentication API
Scenario 2: Proactive - Calculating Access Token Lifespan
- Create an access token using the Authentication API
- Persist the validity period of the access token
{
"access_token": "KDUiJQG7puaYyMoc00HKXDpACfEX",
"token_type": "Bearer",
"expires_in": 1799
}
- Before using the access token, check its validity by calculating: Current time <> Time of access token invalidation (creation time of the access token + 1799 (30 minutes))
- In case of an expired access token: Renew your access token using the Authentication API
Please note: We explicitly recommend NOT making an access token request against the Authentication API for each functional request. This approach contradicts the intent of OAuth 2.0. You expose yourself to unnecessary security risks and additionally burden Deutsche Post P&P and your own systems.
APIs supporting token based authentication
Below we show you a list of APIs that are supported by the Authentication API: