Skip to main content

RajaOngkir Authorization

Overview

To interact with the RajaOngkir API, you must authenticate your requests using an APIKEY. This key is a unique identifier issued to your account and is required in every request to verify your identity and grant access to the appropriate resources.

Without this key, the system will reject your request with a 401 Unauthorized error.

Where to Find Your API Key

Your API Key can be obtained through the Collaborator Dashboard. Follow these steps:

  1. Log in to your Komerce account.
  2. Navigate to Setting then Profile > APIKEY section.
  3. You'll find Shipping Cost APIKEY
    • Do not use API keys intended for other services (e.g. Shipping Delivery, etc.)
danger

⚠️ Important: Treat your APIKEY like a password. Never share it or expose it publicly (e.g., in GitHub repos or front-end code).

How to Use APIKEY

Include your API key as a Middleware in the HEADER of each API request:

key: YOUR_API_KEY

Example Request with cURL

curl --request GET \
  --url https://rajaongkir.komerce.id/api/v1
  --header 'key: YOUR_API_KEY'

This will return the list of available couriers for your checking cost and history AWB.

Best Practices

✅ Keep it secret: Never expose your API Key in frontend apps.
🔐 Rotate regularly: Periodically regenerate keys to enhance security.
🧪 Use sandbox for testing: Always use the test key before going live.
🔎 Log usage: Monitor API activity to prevent abuse or quota overages.
🔁 Refresh keys if compromised: Immediately revoke and generate a new one.