Authentication

Shipl supports a set of authentication/authorization schemas to enable you to securely deliver your API payloads. The best choice depends on the type of integration you're attempting. Here's a breakdown of the different profiles of integrations and which portion of the API they should pay attention to:

The standard centralized authorization approach is used when you execute an API request directly to Shipl from a system under your control. This is the most-common approach. The safety of managed funds depends on the safety of your API credentials (you wouldn't distribute these credentials to customer devices, for example).

Decentralized applications use an auth system where end-users maintain their own credentials. This might be via browser, wallet software, or your own end-user application. Your servers (if you even have them) do not have access to the customer's account this auth method use JWT token to allow access to the API.

All API requests must be made over HTTPS. Calls made over plain HTTP will fail. API requests without authentication will also fail.