Authentication
The NowPost API uses Bearer token authentication. You need to obtain a token before making API requests.
Getting Your API Token
Option 1: Partner API Token (Recommended for E-commerce)
Generate a token using your partner credentials:
- cURL
- JavaScript
- Python
curl -X POST "https://api.nowpost.com/api/v1/auth/login" \
-H "Content-Type: application/json" \
-d '{
"email": "your-email@example.com",
"password": "your-password"
}'
const response = await fetch('https://api.nowpost.com/api/v1/auth/login', {
method: 'POST',
headers: {
'Content-Type': 'application/json',
},
body: JSON.stringify({
email: 'your-email@example.com',
password: 'your-password',
}),
});
const data = await response.json();
const token = data.token;
import requests
response = requests.post(
'https://api.nowpost.com/api/v1/auth/login',
json={
'email': 'your-email@example.com',
'password': 'your-password'
}
)
token = response.json()['token']
Response:
{
"success": true,
"data": {
"token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"expiresAt": "2024-01-15T12:00:00Z",
"user": {
"id": "user_123",
"email": "your-email@example.com"
}
}
}
Using Your Token
Include the token in the Authorization header for all API requests:
- cURL
- JavaScript
- Python
curl -X GET "https://api.nowpost.com/api/v1/orders" \
-H "Authorization: Bearer YOUR_API_TOKEN" \
-H "Content-Type: application/json"
const response = await fetch('https://api.nowpost.com/api/v1/orders', {
headers: {
'Authorization': 'Bearer YOUR_API_TOKEN',
'Content-Type': 'application/json',
},
});
const orders = await response.json();
import requests
headers = {
'Authorization': 'Bearer YOUR_API_TOKEN',
'Content-Type': 'application/json'
}
response = requests.get(
'https://api.nowpost.com/api/v1/orders',
headers=headers
)
orders = response.json()
Token Refresh
Tokens expire after 24 hours. Refresh before expiry:
- cURL
- JavaScript
- Python
curl -X POST "https://api.nowpost.com/api/v1/auth/refresh" \
-H "Authorization: Bearer YOUR_CURRENT_TOKEN"
const response = await fetch('https://api.nowpost.com/api/v1/auth/refresh', {
method: 'POST',
headers: {
'Authorization': 'Bearer YOUR_CURRENT_TOKEN',
},
});
const { token: newToken } = await response.json();
response = requests.post(
'https://api.nowpost.com/api/v1/auth/refresh',
headers={'Authorization': 'Bearer YOUR_CURRENT_TOKEN'}
)
new_token = response.json()['token']
Authentication Errors
| Status Code | Error | Solution |
|---|---|---|
401 | Invalid or missing token | Check your token is correct and not expired |
403 | Insufficient permissions | Your account may not have access to this endpoint |
429 | Rate limited | Slow down requests, max 100/minute |
Security Best Practices
- Never expose tokens in client-side code - Keep tokens server-side
- Use environment variables - Don't hardcode tokens
- Rotate tokens regularly - Refresh before expiry
- Use HTTPS only - Never send tokens over HTTP