> ## Documentation Index
> Fetch the complete documentation index at: https://docs.aeoral.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Manage Your Shiipp Courier Profile, Logo, and Keys

> GET and POST /api/CourierSettingsAPI.php — read and update your courier profile, upload your logo, and regenerate your API key for the prealert endpoint.

The Courier Profile endpoint is your central control surface for managing your courier's identity, contact details, integration URLs, and authentication credentials within the Shiipp platform. Both read and write operations are performed against the same endpoint, with the HTTP method and request body determining the action taken.

## Endpoint

```
/api/CourierSettingsAPI.php
```

**Authentication:** JWT Bearer token — include your token as `Authorization: Bearer <token>` on every request.

***

## GET — Retrieve Profile

Send a `GET` request to retrieve the full profile record for the authenticated courier. Admins and managers may fetch any courier's profile by appending `?id=<courier_id>` to the request URL.

### Query Parameters

<ParamField query="id" type="string">
  The UUID of the target courier. Required only for admin or manager roles fetching another courier's profile. Omit to return the authenticated courier's own profile.
</ParamField>

### Response Fields

<ResponseField name="status" type="string" required>
  Outcome of the request. `"success"` on a successful retrieval.
</ResponseField>

<ResponseField name="data" type="object" required>
  <Expandable title="data fields">
    <ResponseField name="courier_id" type="string">
      Unique UUID identifying the courier within Shiipp.
    </ResponseField>

    <ResponseField name="courier_name" type="string">
      The courier's display name shown to customers and in the Shiipp dashboard.
    </ResponseField>

    <ResponseField name="company_name" type="string">
      Registered legal company name.
    </ResponseField>

    <ResponseField name="email" type="string">
      Primary contact email address for the courier account.
    </ResponseField>

    <ResponseField name="phone_number1" type="string">
      Primary contact phone number.
    </ResponseField>

    <ResponseField name="api_key" type="string">
      The courier's current inbound API key used to authenticate prealert webhook calls from your system to Shiipp.
    </ResponseField>

    <ResponseField name="api_url_get_customers" type="string">
      The URL Shiipp calls on your system to sync customer records.
    </ResponseField>

    <ResponseField name="api_url_add_package" type="string">
      Webhook URL on your system that Shiipp notifies when a new package is created.
    </ResponseField>

    <ResponseField name="api_url_update_package" type="string">
      Webhook URL on your system that Shiipp notifies when a package status changes.
    </ResponseField>

    <ResponseField name="api_token" type="string">
      The Bearer token Shiipp includes in the `Authorization` header when making outbound calls to your system.
    </ResponseField>

    <ResponseField name="house_color" type="string">
      Brand hex color code used to style your courier's portal (e.g. `"#065ea1"`).
    </ResponseField>
  </Expandable>
</ResponseField>

### Example Response

```json theme={null}
{
  "status": "success",
  "data": {
    "courier_id": "courier-uuid",
    "courier_name": "Express Couriers",
    "company_name": "Express Couriers Ltd.",
    "email": "ops@your-company.com",
    "phone_number1": "+1-876-555-0100",
    "api_key": "your_current_api_key",
    "api_url_get_customers": "https://your-system.com/api/customers",
    "api_url_add_package": "https://your-system.com/webhook/package",
    "api_url_update_package": "https://your-system.com/webhook/status",
    "api_token": "your_outbound_bearer_token",
    "house_color": "#065ea1"
  }
}
```

***

## POST — Update Profile Settings

Send a `POST` request with a JSON body containing any combination of the updatable fields below. Only the fields you include are modified; all other profile values remain unchanged.

### Request Body

<ParamField body="courier_name" type="string">
  Display name for the courier shown in the Shiipp dashboard and customer-facing interfaces.
</ParamField>

<ParamField body="company_name" type="string">
  Registered legal name of the courier's company.
</ParamField>

<ParamField body="email" type="string">
  Primary contact email address for the courier account.
</ParamField>

<ParamField body="phone_number1" type="string">
  Primary contact phone number.
</ParamField>

<ParamField body="phone_number2" type="string">
  Secondary contact phone number.
</ParamField>

<ParamField body="address1" type="string">
  First line of the courier's physical address.
</ParamField>

<ParamField body="address2" type="string">
  Second line of the courier's physical address (suite, unit, etc.).
</ParamField>

<ParamField body="city_town" type="string">
  City or town of the courier's address.
</ParamField>

<ParamField body="parish_province" type="string">
  Parish, province, or state of the courier's address.
</ParamField>

<ParamField body="api_url_get_customers" type="string">
  The endpoint on your system that Shiipp calls to synchronise customer records.
</ParamField>

<ParamField body="api_url_add_package" type="string">
  Webhook URL on your system that Shiipp POSTs to when a new package is created in the platform.
</ParamField>

<ParamField body="api_url_update_package" type="string">
  Webhook URL on your system that Shiipp POSTs to when a package status is updated.
</ParamField>

<ParamField body="api_token" type="string">
  Bearer token that Shiipp sends in the `Authorization` header with every outbound call to your webhook URLs.
</ParamField>

### Example Request

<CodeGroup>
  ```json JSON Body theme={null}
  {
    "api_url_get_customers": "https://your-system.com/api/customers",
    "api_token": "your_outbound_bearer_token",
    "email": "ops@your-company.com"
  }
  ```

  ```bash cURL theme={null}
  curl -X POST https://app.shiipp.com/api/CourierSettingsAPI.php \
    -H "Authorization: Bearer <your_jwt_token>" \
    -H "Content-Type: application/json" \
    -d '{
      "api_url_get_customers": "https://your-system.com/api/customers",
      "api_token": "your_outbound_bearer_token",
      "email": "ops@your-company.com"
    }'
  ```
</CodeGroup>

***

## POST — Regenerate API Key

To rotate the API key used to authenticate inbound prealert calls from your system, send a `POST` request using `application/x-www-form-urlencoded` or `multipart/form-data` with `action=regenerate_key`.

<Warning>
  The old API key is **immediately invalidated** the moment you regenerate. Update your systems with the new key before triggering a rotation to avoid authentication failures.
</Warning>

### Request

<ParamField body="action" type="string" required>
  Must be `"regenerate_key"` to trigger key rotation.
</ParamField>

### Example Request

```bash cURL theme={null}
curl -X POST https://app.shiipp.com/api/CourierSettingsAPI.php \
  -H "Authorization: Bearer <your_jwt_token>" \
  -F "action=regenerate_key"
```

### Response Fields

<ResponseField name="status" type="string">
  `"success"` when the new key has been generated and saved.
</ResponseField>

<ResponseField name="message" type="string">
  Human-readable confirmation, e.g. `"New API key generated"`.
</ResponseField>

<ResponseField name="data" type="object">
  <Expandable title="data fields">
    <ResponseField name="api_key" type="string">
      The newly generated 64-character hex API key. Store this securely — it will not be shown again in full outside of a GET profile request.
    </ResponseField>
  </Expandable>
</ResponseField>

### Example Response

```json theme={null}
{
  "status": "success",
  "message": "New API key generated",
  "data": {
    "api_key": "new_64_char_hex_key"
  }
}
```

***

## POST — Upload Logo

Upload your courier's brand logo by sending a `multipart/form-data` request with the `logo` field containing the image file.

### Request

<ParamField body="logo" type="file" required>
  The logo image to upload. Accepted formats: **JPG**, **PNG**, **SVG**. Maximum recommended file size is **2 MB**.
</ParamField>

### Example Request

```bash cURL theme={null}
curl -X POST https://app.shiipp.com/api/CourierSettingsAPI.php \
  -H "Authorization: Bearer <your_jwt_token>" \
  -F "logo=@/path/to/your-logo.png"
```

### Response Fields

<ResponseField name="status" type="string">
  `"success"` when the logo has been stored successfully.
</ResponseField>

<ResponseField name="message" type="string">
  Human-readable confirmation, e.g. `"Logo updated successfully"`.
</ResponseField>

<ResponseField name="data" type="object">
  <Expandable title="data fields">
    <ResponseField name="path" type="string">
      Relative server path to the stored logo file, e.g. `"assets/uploads/logos/logo_courier-uuid_1705123456.png"`.
    </ResponseField>
  </Expandable>
</ResponseField>

### Example Response

```json theme={null}
{
  "status": "success",
  "message": "Logo updated successfully",
  "data": {
    "path": "assets/uploads/logos/logo_courier-uuid_1705123456.png"
  }
}
```

<Tip>
  After a successful logo upload, reference the returned `path` value in your integration to display the logo within your application or customer portal.
</Tip>
