Authentication

All FlexOps API requests require authentication. We support two methods:

API Key Authentication

Include your API key in the X-API-Key header:

curl -X GET https://api.flexops.io/v1/carriers \
  -H "X-API-Key: your-api-key"

API keys are scoped to a workspace and can be created, rotated, or revoked from the Dashboard.

caution

Never expose your API key in client-side code. Use your API key only in server-side requests.

JWT Bearer Token

For service-to-service integrations, you can use JWT bearer tokens:

curl -X GET https://api.flexops.io/v1/carriers \
  -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIs..."

Tokens are issued via the /auth/token endpoint and expire after 60 minutes.

Token request

curl -X POST https://api.flexops.io/v1/auth/token \
  -H "Content-Type: application/json" \
  -d '{"apiKey": "your-api-key"}'

Token response

{
  "token": "eyJhbGciOiJIUzI1NiIs...",
  "expiresAt": "2026-03-10T15:30:00Z",
  "tokenType": "Bearer"
}

Workspaces

Each API key is associated with a workspace. Workspaces isolate data (shipments, labels, tracking, billing) between different tenants or environments.

You can create separate workspaces for development, staging, and production:

Workspace	Use case
`dev-workspace`	Local development and testing
`staging-workspace`	Pre-production validation
`prod-workspace`	Live shipments

Rate Limits

See Rate Limits for per-key and per-workspace limits.

API Key Authentication​

JWT Bearer Token​

Token request​

Token response​

Workspaces​

Rate Limits​