/api/ManagePrealerts.php endpoint is the internal management interface for prealert records. It supports all four HTTP methods — GET to list and filter, POST to create, PUT to update, and DELETE to remove. All operations require a valid JWT Bearer token. Role-based access control is enforced automatically: users with the courier role can only see and modify records that belong to their own courier account, while admin and manager roles have cross-courier visibility.
Endpoint
Authorization: Bearer <access_token> — obtain your token from POST /api/login.php.
Supported methods: GET · POST · PUT · DELETE
GET — List Prealerts
Retrieve a paginated, filterable list of prealert records. Courier-role users automatically see only records tied to their courier account.Query Parameters
The page number to retrieve. Starts at
1.Number of records per page. Maximum
500.Field to sort results by. Accepted values:
created_at, status, tracking_number, vendor, user_code. Defaults to created_at.Sort direction. Accepted values:
ASC, DESC.Filter by prealert status. Accepted values:
pending, received, flagged. Omit to return all statuses.Free-text search across tracking number, user code, vendor name, and customer first/last name.
Filter results to a specific courier by UUID. Admin and manager roles only — this parameter is ignored for courier-role tokens.
Example Request
cURL
Response
Response Fields
Array of prealert record objects.
Pagination and aggregate statistics for the current query.
POST — Create Prealert
Create a prealert record from within the Shiipp dashboard or an internal system. This route is intended for warehouse staff and admins. For courier-originated submissions, use POST /api/Prealert.php with an API key instead.Request Body
Carrier tracking number for the inbound shipment.
Customer identifier. Must match an active customer in the system.
Shipper or store name.
Optional description of the package contents.
UUID of the courier to associate the prealert with. Required for
admin and manager roles. Automatically set from the token’s courier context for courier-role users and does not need to be provided.Example Request
cURL
201 with the standard envelope and a prealert_id in the data object.
PUT — Update Prealert
Replace the editable fields on an existing prealert record. All four fields below are required — the endpoint performs a full replacement oftracking_number, user_code, and vendor, so you must supply the current (or new) value for each one. Courier-role users can only update records that belong to their own courier account.
Request Body
UUID of the prealert record to update.
Carrier tracking number. Provide the updated value, or re-supply the existing value if you only want to change another field.
Customer identifier. Must match an active customer in the system. Provide the updated value, or re-supply the existing value if unchanged.
Shipper or store name. Provide the updated value, or re-supply the existing value if unchanged.
Updated description of the package contents. Omitting this field clears the existing description.
Example Request
cURL
DELETE — Delete Prealert
Permanently remove a prealert record. Courier-role users can only delete records that belong to their own courier account. Attempting to delete a record that does not exist, or that belongs to a different courier, returns404.
Request Body
UUID of the prealert record to delete.
Example Request
cURL
Success Response
Error Reference
| HTTP Code | Cause |
|---|---|
400 | Missing required fields in the request body, or invalid JSON |
401 | JWT token is missing, malformed, or expired |
403 | Token is valid but the user lacks permission for the requested operation |
404 | No prealert found for the given prealert_id, or the record belongs to a different courier |
405 | An unsupported HTTP method was used |
409 | A POST or PUT would create a duplicate tracking number under the same courier account |
500 | Unexpected server error — log the response and contact your administrator |