Creating and managing API keys and secrets
Updated over a week ago


The Purpose of this document is to provide an outline on the functionality of Shippit. You will gain an insight into creating and managing multiple API secrets, how to control access and apply restrictions to API end points and the data within, and how to suppress shipping costs from specific API responses.

Legacy API Secret

💡‘Legacy API Secret’ are the API secrets that are created by default with all new Shippit accounts and do not contain any API restrictions. The current API Secret ‘Legacy API Secrets’ can be found within;

  • Settings > Integrations

New API Secret

💡The ‘+ New API Secret’ option enables a merchant to create additional API secrets for a single merchant account.

When creating a new API secret the Description and permission to at least one endpoint are mandatory. An API secret cannot be created without this information.

⚠️ If you select 'Create' and the mandatory information is not provided, the API key creation will fail and redirect you to a 'page not found' message. This is expected behaviour.

💡 Please note the below important information when creating an API secret;

  • The API Secret is only available during the API Secret creation process

  • It must be copied and stored securely outside of Shippit.

  • It is not available after the initial creation process

  • Once created the API secrets are immutable

⚠️ If Shippit adds new API endpoints, any API secrets already issued will not have access to the new endpoints. It will be necessary to re-issue a new secret if permissions to the new endpoint are required.

Errors when an API Secret does not have access to an endpoint

When a request is made and the API secret does not have access to the endpoint an error response is returned such as 'User has no permission to execute this action".

Managing API Secrets

The API secrets can be viewed from;

  • Settings > Integrations

💡 Permissions assigned to each secret can be reviewed by selecting the eye icon next to the API secret and an API secret can be deleted by selecting the trash can icon associated with the API Secret.


API Secret

An API secret associated with a specific merchant account that can be used to access information via Shippits public APIs

API Secret Permissions

The restrictions that can be applied to an API secret

Did this answer your question?