Authentication

All Flex Forward API endpoints require authentication via a Bearer token in the Authorization header.

Getting your API token

Sign in to the Flex Forward dashboard
Navigate to Settings > API Keys
Generate a new API key
Copy the token — it will only be shown once

Keep your API token secret. Do not share it in client-side code, public repositories, or insecure channels.

Making authenticated requests

Include the token in the Authorization header of every request:

curl -X POST https://api.flexforward.com/labels \
  -H "Authorization: Bearer YOUR_API_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "idempotencyKey": "ord-20250301-abc123",
    "courier": "yunexpress",
    "service": {
      "shipperAccountId": "your-account-id",
      "productCode": "YEXP01"
    },
    "shipment": { ... }
  }'

Error responses

If the token is missing or invalid, the API returns a 401 Unauthorized response:

{
  "error": "Unauthorized"
}

If the token is valid but the caller does not have access to the requested resource, the API returns a 403 Forbidden response:

{
  "error": "Forbidden"
}

Token best practices

Rotate tokens regularly
Use separate tokens for development and production environments
Store tokens in environment variables or a secrets manager — never hard-code them

Getting Started

​Authentication

​Getting your API token

​Making authenticated requests

​Error responses

​Token best practices

Authentication

Getting your API token

Making authenticated requests

Error responses

Token best practices