Important: This authentication change is now live and mandatory as of 1st May 2024. The legacy GET authentication method and URL apikey parameter are no longer supported. If you have not updated your integrations, you will receive 401 unauthorised responses.
If you're receiving the error The user is using a deprecated API Authentication method. Please refer to the Help Guides for API Authentication before this is deactivated and impacts connectivity, you need to update your API integration.
Our API authentication method has changed as part of an update to our security policies. If you have any third-party integrations using the public API, please advise them that they need to apply this update. These changes do not apply to Courier Developer Portal integrations.
The changes affect how you authenticate and authorise API requests:
Authentication (Getting an API Key) β Now uses a POST endpoint where the username and password are sent in the request body (not in the URL)
Authorisation (Using the API Key) β The API key must now be passed in the request header named
ms-apikey(not in the URL)
Quick migration checklist
If you have existing integrations using the old authentication method, follow these steps:
Update your authentication call from GET to POST
Move username and password from URL parameters to JSON body
Update all API requests to pass the API key in the
ms-apikeyheaderRemove any
apikey=parameters from your URLsTest your integration in a development environment
Deploy the updated integration to production
Monitor for any 401 unauthorised errors
Deprecated API - Mintsoft WMS app
If you're using the legacy Mintsoft WMS mobile app, you'll see the above error message. To resolve these error messages in the Import Errors screen, you need to migrate to the Access Mintsoft app.
Obtaining an API Key
To get an API key please complete these steps:
Go to the following Swagger link: https://api.mintsoft.co.uk/swagger/ui/index#!/Auth/Auth_Post.
Enter the request in the following format -
{
"Username": "Mintsoft username",
"Password": "login password"
}Click Try it out!.
The response will contain the API key.
Your API key will have a 24-hour expiry on it.
Setting a static API Key
These next steps need to be completed by the 3PL/ Admin of the database. To extend the 24-hour expiry and set a static API Key, please do the following:
Go to Settings then either Warehouse User Accounts or Client User Accounts.
Search for the user that needs a static API Key.
Click Actions then Set API Key to Never Expire.
If you cannot see the API Key column on the account page:
Click the Column Visibility dropdown (located in the middle of the page).
Find and select the API Key option.
Click Apply to show the column.
Authorising your API request
Each request needs to pass the API key in the header for other endpoints.
Example: Creating an order via GET /api/Order/{id}.
Header name | Header value |
ms-apikey | 62e649a6-b48b-4e27-adbf-ebb0430451cc |
Note: Please unsure you are using the most recent version of the Mintsoft app and courier print tool.