First time here
The following is a technical summary of how MM-API works and integrates into our overall MetaPack infrastructure.
MM-API Overview
The MM-API is MetaPack’s global shipping API which allows a single point of integration for retailers into MetaPack’s products and services.
MM-API allows the integration and use of functionality from the MetaPack Manager core platform - through which retailers can access 4,000 services offered by 400 carriers integrated into our platform in order to ensure that delivery promises to customers are met while making use of business logic in a highly configurable and intelligent way.
Operations available via the MM-API:
-
Create Shipments
-
Allocate Shipment to logistic services
-
Generate labels and documentation for consignments
-
Query information about Logistic Services, Shipments, and Consignments
Integration requirements
In order to integrate with MM-API, a client system will need outbound Internet access using the following protocols/specifications:
-
TLS 1.2
-
HTTPS
-
OAuth2
-
REST
-
JSON
System Security
The MM-API has been designed as a multi-tenanted solution with a focus on security in order to allow robust protection of client and customer data.
MM-API
Access through the MM-API involves two aspects: Authentication and Authorisation.
-
All API requests are encrypted using HTTPS/TLS
-
Authentication – All API requests will require a valid bearer token
-
Tokens expire after a default period
-
Authorisation – API access controls ensure that users only perform actions which they are authorised for; these can be managed from within the platform
Auditing
Every request and response which comes through the MM-API is logged and automatically checked for security and performance monitoring.
A full audit trail of requests are recorded to ensure traceability in case of abuse and breaches.
DDoS
The MM-API are protected by MetaPack’s DDoS mitigation layer in order to ensure minimal disruption to client business operations.
Data Validation, Retention and Flow
Where specified, MM-API requires valid data and requests to be passed in order to avoid rejection or errors from the system.
All data passed to MetaPack is held for between 30 – 90 days. MetaPack products store Personal Data as defined by the ICO about parcels being delivered to consumers.
Under European Data Protection Regulations and our contracts with our customers, MetaPack is a Data Processor and MetaPack customers are either the Data Controllers or are themselves Data Processors to the ultimate Data Controller.
Whilst ultimate responsibility for the data lies with the Data Controller (subject to any change to the regulation) MetaPack takes its responsibility for managing customers’ personal data very seriously and has implemented security measures to ensure Customers data remains safe at all times.
Information passed to MetaPack that is considered personal data includes:
-
Name
-
Postal Address
-
Email address
-
Phone number(s)
MetaPack as the Data Processor provides the means to ensure this data is kept safe whilst being processed within its systems. A key part of this is ensuring that data is encrypted in transit to MetaPack systems and other third party systems that are also Data Processors, such as the carriers.
For more information
Additional documentation resources include:
-
Getting started with the Metapack Manager REST API (overview of the Metapack Manager REST API and the structure of an API call)
-
API keys/tokens (requesting or generating bearer tokens)
If you need additional help, contact support at support@metapack.com