Dear valued customer,
DHL is modernizing its global API platform to ensure long‑term reliability, security, and scalability. Our goal is to complete this transition without impacting your service, but depending on your system setup, certain adjustments or checks may be required.
Production dns switch schedule
****as of 14 July 2026 8:30AM MYT

Potential Impacts & Recommended Actions
1. Header Names Will Be Lower‑Case Going Forward
After the modernization, all HTTP header names will be delivered back in lower‑case, as required by HTTP/2.
Previously, some headers may have appeared in Camel‑Case or UPPERCASE formats.
Header values remain unchanged.
Even when communication falls back to HTTP/1.1, header names will still appear in lower‑case.
Recommended actions:
- Ensure your system treats header names as case‑insensitive, as defined by the HTTP specification.
- If your applications rely on case‑sensitive header processing, please update them accordingly.
2. Updated Network IP Addresses
The modernized platform uses a new set of IP addresses.
Most customers using domain‑based communication will not need to take action.
Customers with strict firewall rules or IP allow‑lists may be affected.
Recommended actions:
- If you rely only on domain names, no changes are needed.
- If your systems use IP allow‑lists, please update them using the following addresses:
Env | URL | Regional | Internet IP | DHL-only IP |
Prod | Europe | 34.159.222.28 | 165.72.3.55 | |
Asia | 35.240.177.166 | 199.40.22.146 | ||
US | 34.85.139.126 | 7.244.71.77 | ||
| Europe | 34.159.183.87 | 165.72.3.56 | |
Sandbox | Europe | 34.40.64.57 | 165.72.3.57 | |
Asia | 34.126.136.199 | 199.40.22.148 | ||
US | 34.145.158.85 | 7.244.71.79 | ||
Prod | Europe | 34.159.54.76 | 165.72.3.190 | |
Asia | 34.142.236.117 | 199.40.65.169 | ||
US | 34.145.131.230 | 7.244.72.165 | ||
Sandbox | Europe | 34.40.68.104 | 165.72.3.191 | |
Asia | 35.240.245.243 | 199.40.65.170 | ||
US | 34.86.152.37 | 7.244.72.166 | ||
Prod | Europe | 34.141.23.3 | 165.72.94.52 | |
Asia | 136.110.40.56 | 199.40.65.210 | ||
US | 136.107.1.75 | 7.244.72.183 | ||
Sandbox | Europe | 34.179.129.127 | 165.72.94.92 | |
Asia | 34.124.141.191 | 199.40.65.211 | ||
US | 34.150.245.38 | 7.244.72.184 | ||
Prod | Europe | 34.179.132.33 | 165.72.94.94 | |
Asia | 34.87.1.176 | 199.40.65.214 | ||
US | 136.107.33.177 | 7.244.72.187 | ||
Sandbox | Europe | 34.159.47.22 | 165.72.94.97 | |
Asia | 35.187.253.23 | 199.40.65.215 | ||
US | 35.230.181.7 | 7.244.72.188 | ||
Prod | Europe | 35.246.188.254 | 165.72.94.81 | |
Asia | 34.142.246.145 | 199.40.65.212 | ||
US | 34.145.144.30 | 7.244.72.185 | ||
Sandbox | Europe | 34.40.12.129 | 165.72.94.82 | |
Asia | 34.158.45.83 | 199.40.65.213 | ||
US | 34.11.2.105 | 7.244.72.186 |
3. Recommended Use of Up-To-Date Cipher for Encrypted Connections
The modernized platform will continue to support all ciphers currently being supported, however, older or insecure cipher are discouraged as in the near future (after the modernization) they may be discontinued.
Recommended actions:
Ensure your systems use any of the following ciphers, listed in recommended security order:
- TLS 1.3
- TLS_AES_256_GCM_SHA384
- TLS_AES_128_GCM_SHA256
- TLS_CHACHA20_POLY1305_SHA256
- TLS_AES_128_CCM_SHA256
- TLS_AES_128_CCM_8_SHA256
- TLS 1.2
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
Testing
To ensure a smooth transition, we recommend:
- Testing your integrations in the sandbox environment (when available, your DHL representative may reach out to)
- Validating authentication, connectivity, and compatibility with your systems
Support
If you need assistance or have questions:
- Contact your DHL representative, or
- Submit a ticket via the Developer Portal Help Center: https://support-developer.dhl.com/support/tickets/new
Timeline
Changes will take place between 1st of May and 31st August.
You will receive additional API‑specific details as we approach your migration window.
Next Steps
- Review the three potential impact areas
- Test your integrations in the sandbox once available
- Prepare any required updates with your internal teams
- Reach out early if you require clarification
ssl/tls cERTIFICATE UPDATES (Production dns cutover)
What is changing?
Following the production DNS cutover, clients will be routed to Apigee X, which uses a new set of TLS certificates for the below listed hostnames.
Hostname Pattern | Group |
api.dhl.com | Group 2 |
gbs-itgf.api-mtls.dhl.com | Group 3 |
api.dhlecs.com | Group 4 |
dsc.api-mtls.dhl.com | Group 6 |
dsc.api.dhl.com | Group 7 |
This change may impact clients that:
- Perform strict SSL/TLS certificate validation, or
- Use certificate pinning (e.g., pinning to a leaf certificate)
What is included in the ZIP file?
Each ZIP file contains the complete certificate chain for:
- Production environments
- Non-production environments
Who is impacted by this change?
Most API consumers will not be impacted.
- The certificates are issued by GlobalSign, a widely trusted Certificate Authority (CA).
- Clients that trust the CA (default behavior in most systems) will continue to function without changes.
Impact only applies to clients that:
- Explicitly trust or pin a specific certificate (e.g., leaf certificate) instead of the CA
- Use custom trust stores or pinned certificate configurations
What action is required?
Please engage your customers/consuming applications and ensure they are prepared:
- Identify connection type
- Internal network
- External network
- Internal network
- Assess certificate handling
- If the client trusts the CA → No action required
- If the client uses certificate pinning → Action required
- If the client trusts the CA → No action required
- For clients using certificate pinning
- Download the relevant certificate bundle from the links below
- Update the client configuration with the new certificates
- Perform validation/testing before the DNS cutover
- Download the relevant certificate bundle from the links below
What is the impact if no action is taken?
Clients that continue to use old/pinned certificates may experience:
- SSL/TLS handshake failures
- API connectivity disruptions after cutover
Download Links
Hostname: api*.dhl.com
External: https://developer.dhl.com/sites/default/files/2026-06/api-dhl-com-External.zip
Internal: https://developer.dhl.com/sites/default/files/2026-06/api-dhl-com-Internal.zip
Hostname: gbs-itgf.api-mtls*.dhl.com
External: https://developer.dhl.com/sites/default/files/2026-06/gbs-itgf-api-mtls-External.zip
Internal: https://developer.dhl.com/sites/default/files/2026-06/gbs-itgf-api-mtls-Internal.zip
Hostname: api*.dhlecs.com
External: https://developer.dhl.com/sites/default/files/2026-06/api-dhlecs-External.zip
Internal: https://developer.dhl.com/sites/default/files/2026-06/api-dhlecs-Internal.zip
Hostname: dsc.api-mtls*.dhl.com (mTLS)
External: https://developer.dhl.com/sites/default/files/2026-06/dsc-api-mTLS-External.zip
Internal: https://developer.dhl.com/sites/default/files/2026-06/dsc-api-mTLS-Internal.zip
Hostname: dsc.api*.dhl.com (non-mTLS)
External: https://developer.dhl.com/sites/default/files/2026-06/dsc-api-Non-mTLS-External.zip
Internal: https://developer.dhl.com/sites/default/files/2026-06/dsc-api-Non-mTLS-Internal.zip
Thank you for your cooperation and continued partnership.
Your DHL Team