Auth & Environments
Authenticate every request with a Bearer token and ensure your base URL matches the environment you intend to use
Use Case
Use this guide to generate API keys for sandbox and production and apply them correctly across the Shipping, Queries, and Geocodes APIs.
Authentication format
All Envia APIs use Bearer Token authentication. Send the token in the Authorization header.
curl --request GET \
--url https://queries-test.envia.com/webhook-types \
--header "Authorization: Bearer $ENVIA_SANDBOX_TOKEN"Environments
| API | Sandbox | Production |
|---|---|---|
| Shipping API | https://api-test.envia.com/ | https://api.envia.com/ |
| Queries API | https://queries-test.envia.com/ | https://queries.envia.com/ |
| Geocodes API | https://geocodes-test.envia.com/ | https://geocodes.envia.com/ |
Get your API keys
1. Create your account
- Sandbox: https://accounts-sandbox.envia.com/signup
- Production: https://accounts.envia.com/signup
2. Generate a key
- Navigate to Settings → API.
- Click Add to create a new key for the environment you are logged into.
3. Store secrets securely
- Keep sandbox and production keys in separate secret stores.
- Rotate keys on a schedule and revoke unused keys.
Response example (401)
{
"meta": "unauthorized",
"message": "Missing or invalid token"
}Errors & troubleshooting
401 Unauthorized
Confirm the token and base URL match the same environment. Sandbox tokens only work with api-test.envia.com.
403 Forbidden
Ensure the account has API access enabled and the key is not revoked.
429 Too Many Requests
Implement retry logic with backoff and avoid large bursts during checkout or batch jobs.
Sandbox vs production notes
- Sandbox returns simulated responses and is safe for testing.
- Production creates real labels and charges your account balance.
- Use separate webhook URLs per environment to avoid mixing event data.
Updated 3 days ago
What’s Next