This API documentation and API endpoints are purely for use within The Despatch Company Partners, which at this time, is currently used for the V7 app store.
\n","schema":"https://schema.getpostman.com/json/collection/v2.0.0/collection.json","toc":[],"owner":"5966448","collectionId":"61a8e6e8-92f1-4dd0-8a1f-8fbad9e9cf76","publishedId":"2sAXqp9jPa","public":true,"customColor":{"top-bar":"FFFFFF","right-sidebar":"303030","highlight":"29786B"},"publishDate":"2025-09-04T15:27:26.000Z"},"item":[{"name":"Install App","id":"b3d51183-0dc6-4ca2-92bf-61f2975279e8","protocolProfileBehavior":{"disableBodyPruning":true,"disableCookies":true,"disabledSystemHeaders":{"connection":true,"accept-encoding":true,"accept":true,"user-agent":true,"host":true}},"request":{"method":"NONE","header":[],"url":"","description":"This is how to construct the URL required for sending your end-user to the install page of your app. This is simply done, depending on the Despatch Cloud product in question.
\n","urlObject":{"query":[],"variable":[]}},"response":[],"_postman_id":"b3d51183-0dc6-4ca2-92bf-61f2975279e8"},{"name":"Redirect URI","id":"a5071a97-b1a2-4a6d-ab26-5112ab7ee4f7","protocolProfileBehavior":{"disableBodyPruning":true,"disableCookies":true},"request":{"method":"GET","header":[],"url":"{{redirectUri}?code={{code}}&grant_type=authorization_code&state={{nonce}}&product={{product}}&expires={{timestamp}}&expires_seconds={{timestampInSeconds}}&hmac={{hmac}}","description":"This section of the documentation shows how to break down the elements of the query params appended to the end of your redirect URI.
\nTo calculate your Hmac, use your query params (in order) without the hmac param. Hash the value using SHA256 with the secret key value being your app's Client Secret.
\n","urlObject":{"host":["{{redirectUri}"],"query":[{"description":{"content":"Randomly generated code from Despatch Cloud Partners used for authentication.
\n","type":"text/plain"},"key":"code","value":"{{code}}"},{"key":"grant_type","value":"authorization_code"},{"description":{"content":"A random value to either pass data through or for you to validate the authenticity of the install request.
\n","type":"text/plain"},"key":"state","value":"{{nonce}}"},{"description":{"content":"Valid value for product: Channels, Helpdesk, Shipping, Returns or Warehousing.
\n","type":"text/plain"},"key":"product","value":"{{product}}"},{"description":{"content":"Date Timestamp showing when the authorization code expires.
\n","type":"text/plain"},"key":"expires","value":"{{timestamp}}"},{"description":{"content":"A numerical value in seconds showing when the authorization code expires.
\n","type":"text/plain"},"key":"expires_seconds","value":"{{timestampInSeconds}}"},{"description":{"content":"A generated hmac value using the query params so you can validate the authenticity of the request. See above for how the Hmac is calculated.
\n","type":"text/plain"},"key":"hmac","value":"{{hmac}}"}],"variable":[]}},"response":[],"_postman_id":"a5071a97-b1a2-4a6d-ab26-5112ab7ee4f7"},{"name":"Exchange Code for Access Token","id":"8679f83b-5103-4e43-bf6e-c6325518ca05","protocolProfileBehavior":{"disableBodyPruning":true,"disabledSystemHeaders":{"content-length":true,"host":true,"user-agent":true,"accept":true,"accept-encoding":true,"connection":true},"disableCookies":true},"request":{"method":"POST","header":[{"key":"Content-Type","value":"application/json","type":"text"},{"key":"Accept","value":"application/json","type":"text"}],"body":{"mode":"raw","raw":"{\n \"client_id\": \"{{ accessToken }}\",\n \"client_secret\": \"{{ message }}\",\n \"code\": \"{{ code }}\"\n}","options":{"raw":{"language":"json"}}},"url":"{{appUrl}}/oauth/code","description":"You can retreive an access token by exchanging your authorization code from your previous API request along with your client_id and client_secret.
If a user wishes to create a review for the app, then you can direct them to the following URL. We recommend showing this in a pop-out window.
\n","urlObject":{"path":["oauth","reviews"],"host":["{{appUrl}}"],"query":[{"key":"access_token","value":"{{accessToken}}"}],"variable":[]}},"response":[],"_postman_id":"452355d4-c7e4-4039-b9ee-217f8a6506f0"},{"name":"Uninstall App","id":"c779e928-9dd8-4603-bcdb-f6000537788f","protocolProfileBehavior":{"disableBodyPruning":true,"disabledSystemHeaders":{"content-length":true,"host":true,"user-agent":true,"accept":true,"accept-encoding":true,"connection":true},"disableCookies":true},"request":{"method":"POST","header":[{"key":"Content-Type","value":"application/json","type":"text"},{"key":"Accept","value":"application/json","type":"text"}],"body":{"mode":"raw","raw":"{\n \"client_id\": \"{{ accessToken }}\",\n \"client_secret\": \"{{ message }}\",\n \"access_token\": \"{{ access_token }}\"\n}","options":{"raw":{"language":"json"}}},"url":"{{appUrl}}/oauth/delete-token","description":"You can uninstall an app by submitting your access_token along with your client_id and client_secret.
If your app is public, a GET request to your Data Deletion Webhook URL will also be sent with a HMAC appended to it which is simply an empty JSON array (with your Client Secret being the HMAC secret key as usual).
\n","urlObject":{"path":["oauth","delete-token"],"host":["{{appUrl}}"],"query":[],"variable":[]}},"response":[],"_postman_id":"c779e928-9dd8-4603-bcdb-f6000537788f"},{"name":"Hooks","id":"3f8d6e40-d4e6-4203-9182-70e2d067418b","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"NONE","header":[],"url":"","description":"By adding a hook to your app, you can interact with the request and/or responses for certain events. Within the metadata section of your app, you can add and remove Hooks.
\nFor example, you can configure a hook for the Shipping product for the Create Label event to run either Before or After. Put simply, Before or After means if you want the hook script to run (and interact) with the Request (Before) or with the Response (After). You could have a scenario where you have two hooks for the same event, but one runs before and the other one runs after.
\nA hook for a 'Before' event will send a POST request to URL (with headers if specified) of the request body for the product in question (eg. the request JSON payload for the Create Label endpoint of Shipping).
\nA hook for the 'After' event works the same way, a POST request (with headers if specified) with the response body for the product in question.
\nYou can have the script do anything you please, but also have the hooks interact with the payloads. For example, if you wish to append or overwrite certain values of the response body, you can do so. Anything that is overwritten is then appended in a key: value pair titled 'originals'.
\nAdditionally, you can create a menu hook to add your app as a menu item to the Despatch Cloud product by creating a Menu Item hook which loads a JSON script like so:
\n{\n \"title\": \"{{ text for icon, normally this would be the name of your app }}\",\n \"icon\": \"{{fontawesome icon alias eg. fa-battery-full }}\"\n}\n\n