Carrier API-TrainerAPI Trainer
Home/REST Track/Auth, Headers & Correlation IDs

Auth, Headers & Correlation IDs

Master carrier API authentication patterns, essential headers, and correlation ID strategies for debugging.

Authentication Patterns

Carrier APIs use OAuth 2.0 client credentials, API keys, or basic auth. OAuth tokens expire — cache them and refresh proactively. Never hardcode credentials. Use environment variables and rotate keys regularly.
Carrier Reality

DHL's API uses OAuth 2.0 with short-lived tokens (30 minutes). If you don't cache and refresh, you'll hit the token endpoint on every request and get rate-limited.

Essential Headers

Always send: Content-Type, Accept, Authorization, and a correlation/transaction ID. The correlation ID ties your request to logs on both sides. Use UUID v4 format. Include it in X-Correlation-ID or X-Transaction-ID headers.

Debugging with Correlation IDs

When a carrier support ticket says 'we see no record of that request,' your correlation ID is your proof. Log it on your side, send it with the request, and include it in error reports. This single practice saves hours of debugging.

Practice Drills

Why should you cache OAuth 2.0 tokens instead of requesting a new one per API call?

Build a POST request to create a shipment at https://api.carrier.com/v1/shipments with Bearer auth, JSON content type, and a correlation ID.

Method: POST

URL: https://api.carrier.com/v1/shipments

Required headers: Content-Type, Accept, Authorization, X-Correlation-ID

PreviousNext