Dear valued customer,

 

DHL is modernizing its global API platform to ensure long‑term reliability, security, and scalability. Our goal is to complete this transition without impacting your service, but depending on your system setup, certain adjustments or checks may be required.

 

Production dns switch schedule 

****as of 14 July 2026 8:30AM MYT

 

 

Potential Impacts & Recommended Actions

 

1. Header Names Will Be Lower‑Case Going Forward

After the modernization, all HTTP header names will be delivered back in lower‑case, as required by HTTP/2. 
Previously, some headers may have appeared in Camel‑Case or UPPERCASE formats. 
Header values remain unchanged.

Even when communication falls back to HTTP/1.1, header names will still appear in lower‑case.

Recommended actions:

  • Ensure your system treats header names as case‑insensitive, as defined by the HTTP specification.
  • If your applications rely on case‑sensitive header processing, please update them accordingly.

 

2. Updated Network IP Addresses

The modernized platform uses a new set of IP addresses. 
Most customers using domain‑based communication will not need to take action. 
Customers with strict firewall rules or IP allow‑lists may be affected.

Recommended actions:

  • If you rely only on domain names, no changes are needed.
  • If your systems use IP allow‑lists, please update them using the following addresses:

Env

URL

Regional

Internet IP

DHL-only IP

Prod

api.dhl.com

Europe

34.159.222.28

165.72.3.55

Asia

35.240.177.166

199.40.22.146

US

34.85.139.126

7.244.71.77

 

api-eu.dhl.com

Europe

34.159.183.87

165.72.3.56

Sandbox

api-sandbox.dhl.com

Europe

34.40.64.57

165.72.3.57

Asia

34.126.136.199

199.40.22.148

US

34.145.158.85

7.244.71.79

Prod

gbs-itgf.api-mtls.dhl.com

Europe

34.159.54.76

165.72.3.190

Asia

34.142.236.117

199.40.65.169

US

34.145.131.230

7.244.72.165

Sandbox

gbs-itgf.api-mtls-sandbox.dhl.com

Europe

34.40.68.104

165.72.3.191

Asia

35.240.245.243

199.40.65.170

US

34.86.152.37

7.244.72.166

Prod

api.dhlecs.com 
api-shopify.dhlecs.com

Europe

34.141.23.3

165.72.94.52

Asia

136.110.40.56

199.40.65.210

US

136.107.1.75

7.244.72.183

Sandbox

api-sandbox.dhlecs.com 
api-sandbox-shopify.dhlecs.com

Europe

34.179.129.127

165.72.94.92

Asia

34.124.141.191

199.40.65.211

US

34.150.245.38

7.244.72.184

Prod

dsc.api-mtls.dhl.com

Europe

34.179.132.33

165.72.94.94

Asia

34.87.1.176

199.40.65.214

US

136.107.33.177

7.244.72.187

Sandbox

dsc.api-mtls-sandbox.dhl.com

Europe

34.159.47.22

165.72.94.97

Asia

35.187.253.23

199.40.65.215

US

35.230.181.7

7.244.72.188

Prod

dsc.api.dhl.com

Europe

35.246.188.254

165.72.94.81

Asia

34.142.246.145

199.40.65.212

US

34.145.144.30

7.244.72.185

Sandbox

dsc.api-sandbox.dhl.com

Europe

34.40.12.129

165.72.94.82

Asia

34.158.45.83

199.40.65.213

US

34.11.2.105

7.244.72.186

 

3. Recommended Use of Up-To-Date Cipher for Encrypted Connections

The modernized platform will continue to support all ciphers currently being supported, however, older or insecure cipher are discouraged as in the near future (after the modernization) they may be discontinued.

Recommended actions:

Ensure your systems use any of the following ciphers, listed in recommended security order:

  • TLS 1.3
    • TLS_AES_256_GCM_SHA384
    • TLS_AES_128_GCM_SHA256
    • TLS_CHACHA20_POLY1305_SHA256
    • TLS_AES_128_CCM_SHA256
    • TLS_AES_128_CCM_8_SHA256
  • TLS 1.2
    • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
    • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

 

Testing

To ensure a smooth transition, we recommend:

  • Testing your integrations in the sandbox environment (when available, your DHL representative may reach out to)
  • Validating authentication, connectivity, and compatibility with your systems

 

Support

If you need assistance or have questions:

 

Timeline

Changes will take place between 1st of May and 31st August. 
You will receive additional API‑specific details as we approach your migration window.

 

Next Steps

  • Review the three potential impact areas
  • Test your integrations in the sandbox once available
  • Prepare any required updates with your internal teams
  • Reach out early if you require clarification

 

ssl/tls cERTIFICATE UPDATES (Production dns cutover)

What is changing?

Following the production DNS cutover, clients will be routed to Apigee X, which uses a new set of TLS certificates for the below listed hostnames.

Hostname Pattern

Group

api.dhl.com

Group 2

gbs-itgf.api-mtls.dhl.com

Group 3

api.dhlecs.com

Group 4

dsc.api-mtls.dhl.com

Group 6

dsc.api.dhl.com

Group 7

This change may impact clients that:

  • Perform strict SSL/TLS certificate validation, or
  • Use certificate pinning (e.g., pinning to a leaf certificate)

 

What is included in the ZIP file?

Each ZIP file contains the complete certificate chain for:

  • Production environments
  • Non-production environments

 

Who is impacted by this change?

Most API consumers will not be impacted.

  • The certificates are issued by GlobalSign, a widely trusted Certificate Authority (CA).
  • Clients that trust the CA (default behavior in most systems) will continue to function without changes.

 

Impact only applies to clients that:

  • Explicitly trust or pin a specific certificate (e.g., leaf certificate) instead of the CA
  • Use custom trust stores or pinned certificate configurations

 

What action is required?

Please engage your customers/consuming applications and ensure they are prepared:

  1. Identify connection type
    • Internal network
    • External network
  2. Assess certificate handling
    • If the client trusts the CA → No action required
    • If the client uses certificate pinning → Action required
  3. For clients using certificate pinning
    • Download the relevant certificate bundle from the links below
    • Update the client configuration with the new certificates
    • Perform validation/testing before the DNS cutover

 

What is the impact if no action is taken?

Clients that continue to use old/pinned certificates may experience:

  • SSL/TLS handshake failures
  • API connectivity disruptions after cutover

 

Download Links

Hostname: api*.dhl.com

               External: https://developer.dhl.com/sites/default/files/2026-06/api-dhl-com-External.zip

               Internal: https://developer.dhl.com/sites/default/files/2026-06/api-dhl-com-Internal.zip

Hostname: gbs-itgf.api-mtls*.dhl.com

               External: https://developer.dhl.com/sites/default/files/2026-06/gbs-itgf-api-mtls-External.zip

               Internal: https://developer.dhl.com/sites/default/files/2026-06/gbs-itgf-api-mtls-Internal.zip

Hostname: api*.dhlecs.com

               External: https://developer.dhl.com/sites/default/files/2026-06/api-dhlecs-External.zip

               Internal: https://developer.dhl.com/sites/default/files/2026-06/api-dhlecs-Internal.zip

Hostname: dsc.api-mtls*.dhl.com (mTLS)

               External: https://developer.dhl.com/sites/default/files/2026-06/dsc-api-mTLS-External.zip

               Internal: https://developer.dhl.com/sites/default/files/2026-06/dsc-api-mTLS-Internal.zip

Hostname: dsc.api*.dhl.com (non-mTLS)

               External: https://developer.dhl.com/sites/default/files/2026-06/dsc-api-Non-mTLS-External.zip

               Internal: https://developer.dhl.com/sites/default/files/2026-06/dsc-api-Non-mTLS-Internal.zip

 

Thank you for your cooperation and continued partnership.

Your DHL Team