EPISHIP API OAuth Authentication overview

EPISHIP OAuth Authentication API icon 32px svg

Overview

The EPISHIP OAuth Authentication API provides the foundation for secure application access and user authorization. You can develop applications that securely authenticate users via standard OAuth 2.0 flows, issue personal access tokens for machine-to-machine integration, and manage session lifecycles without handling raw user credentials directly.

View Doc →

The following figure shows the relationship between your EPISHIP app, the EPISHIP API, and Authentication services.

EPISHIP OAuth Authentication API diagram

Figure 1. EPISHIP API relationship diagram. Token exchange and authorization grant flow.

EPISHIP App

EPISHIP’s security layer manages the trust relationship between users and third-party applications. It handles the UI for user consent forms (Allow/Deny access), manages client secrets, and provides a dashboard for users to revoke personal access tokens.

EPISHIP API

The REST API that executes the OAuth handshake. It verifies client credentials, issues short-lived `access_tokens` and long-lived `refresh_tokens`, and validates incoming requests against defined scopes.

Grant Types

The API supports multiple methods for obtaining tokens, including `authorization_code` for web apps, `password` for direct trusted login, and `refresh_token` for maintaining long-running sessions without re-entering credentials.

What can users do with the EPISHIP OAuth API?

Users can use the EPISHIP OAuth API to perform common workflows, such as:

  • Request a new Access Token using a specific Grant Type (Password, Auth Code)
  • Refresh an expired Access Token using a valid Refresh Token
  • Authorize a client application to access specific account scopes
  • List all active Personal Access Tokens for the authenticated user
  • Revoke (delete) specific tokens to terminate unauthorized access

OAuth properties available to view and filter through the EPISHIP Authentication API:

  • Access Token (Bearer)
  • Refresh Token
  • Token Expiration (expires_in)
  • Scope (e.g., “all billing”, “general”)
  • Token Type (Bearer)

Additional info

  • Learn more about developing with EPISHIP OAuth Authentication API, including handling authentication, authorization, reference the Develop on EPISHIP API for your workspace. More
  • Learn more about how to launch and run an EPISHIP OAuth API app, read the Developer Page. More →
Copy
Search

Related

Related Categories
service icons rotating
EPISHIP is the most powerful transportation cost management platform ever built.
Get started
China
Featured Lane

China Import Priority

Full specs →

Pay as you go →

Only pay as you ship.
Profile 1 pricing requires a minimal credit balance.
First shipment

Explore the docs →

Built-in features used by some of the largest shippers to save time and money.
Explore
Search
Create Shipment
Shipments
Address Book
Invoices
Invoice Payments
Payment Method
Credits
Company Setting
User
Developers