Customer Sync Issues
Sync failed with HTTP 401 or 403
Sync failed with HTTP 401 or 403
Shiipp calls your customer list endpoint with an
Authorization: Bearer <your_api_token> header. If you’re seeing a 401 or 403 response, check the following:- Your endpoint is configured to accept Bearer token authentication.
- The
api_tokensaved in Courier Settings matches exactly what your endpoint expects. - Your endpoint is not IP-restricted in a way that blocks Shiipp’s outbound IPs.
If your server requires IP allowlisting, contact Shiipp support to obtain the current list of outbound IP addresses.
Sync failed with HTTP 500 or non-200
Sync failed with HTTP 500 or non-200
Shiipp records the HTTP status code and a preview of your endpoint’s response body for every sync attempt. To troubleshoot:
- Check your server logs for errors that occurred during the request.
- Ensure your endpoint returns HTTP 200 and a valid JSON body.
- Test by manually calling your endpoint using the same Bearer token to reproduce the issue outside of Shiipp.
Invalid JSON response
Invalid JSON response
Your endpoint must return a JSON array at the root level — not an object and not plain text. Shiipp cannot parse any other format.
- ✅ Valid:
[{...}, {...}] - ❌ Invalid:
{"customers": [{...}]}— Shiipp expects the root to be an array, not a wrapper object. - ❌ Invalid: A plain text message or an HTML error page.
Customers are missing after sync
Customers are missing after sync
If the sync completes successfully but some customers don’t appear, work through these checks:
- Verify your endpoint returns the expected
UserCodefield (also accepted asuser_code). - Shiipp automatically uppercases and trims
UserCodevalues —CUST001andcust001are treated as identical. - An empty array response (
[]) does not delete existing customers; it simply adds no new ones. - Confirm the Last Synced timestamp updated — this is visible in Settings > Customer Sync and indicates whether the sync actually ran.
When does the sync run?
When does the sync run?
Shiipp runs customer sync automatically every 8 hours. If you need to pull in changes sooner, you can trigger a manual sync at any time from Settings > Customer Sync by clicking Sync Now. The timestamp of the most recent sync is displayed on that same page.
Webhook Delivery Issues
My webhook endpoint isn't receiving calls
My webhook endpoint isn't receiving calls
Start by confirming your configuration and connectivity:
- Verify your webhook URL is saved in Courier Settings — set the New Package Webhook URL for new package events and the Manifest Status Webhook URL for manifest status changes.
- Your endpoint must be publicly accessible. Endpoints behind a firewall, VPN, or private network will not receive Shiipp’s outbound requests.
- Check System Logs in Shiipp for recent dispatch attempts and their HTTP response codes.
Failed webhook deliveries are retried up to 5 times using exponential backoff. If all retries fail, the event is marked as undelivered in the logs.
Webhook payload format is wrong
Webhook payload format is wrong
Use the Webhook Payload Builder (accessible from System > Webhook Payload Designer) to customize the exact JSON structure Shiipp sends to your endpoint. You can map Shiipp variables like
{{tracking_number}} and {{weight}} to the field names your receiving system expects — no code changes required.For a full walkthrough of the payload builder, see the Webhook Payload Builder guide.Webhook returns 401 or authentication fails
Webhook returns 401 or authentication fails
Shiipp sends
Authorization: Bearer <your_api_token> with every outbound webhook request. If your endpoint is returning a 401, verify:- Your endpoint is correctly validating the Bearer token.
- The
api_tokenvalue in Courier Settings matches what your endpoint expects.
How do I inspect raw webhook logs?
How do I inspect raw webhook logs?
Go to Logs in the Shiipp sidebar. You can filter entries by source and view the full details of each webhook attempt, including:
- The complete JSON request payload sent by Shiipp
- The full JSON response body returned by your endpoint
- The HTTP status code
- The timestamp of the attempt
- Any error messages recorded during delivery