Credentials & Keys
DashLink parcel integrations authenticate using Drive API JWTs, but unlike traditional OAuth-style token systems,
DashLink relies on three credential values obtained from the Developer Portal:
- Developer ID
- Key ID
- Signing Secret
These values are combined to generate short-lived JWT Bearer tokens that authorize all Drive API calls.
This page explains how these credentials work within parcel integrations.
Authentication Overview
DashLink uses signed JWTs as the authorization mechanism for all Drive API requests.
Every request must include:
Authorization: Bearer <JWT>
Unlike static API tokens, the JWT must be generated per request (or reused for a short duration) using your:
- Developer ID (identifies your developer account)
- Key ID (identifies which key is being used)
- Signing Secret (HMAC key used to sign the JWT)
All three values are managed in the Developer Portal under your organization’s credentials.
Environment Isolation
DashLink uses environment-scoped credentials:
- Sandbox — For testing with the Delivery Simulator
- Production — Real shipments
Required Fields Connected to Authentication
When your account is enabled for DashLink parcels, DashLink onboarding assigns additional identity fields:
| Field | Purpose |
|---|---|
| pickup_external_business_id | Identifies the shipper using DashLink |
| origin_facility_id | Identifies the warehouse or store where parcels originate |
These values must be included in ALL quote, accept-quote, and create-delivery requests.