Authentication

All API requests require authentication using your API credentials

Authentication Headers

x-gsl-token string required
Your unique API token
x-gsl-secret string required
Your API secret key
Content-Type string required
Must be set to application/json

Request Example (cURL)

curl --request GET \
--url https://api.gospeedlog.com/deliveries \
--header 'x-gsl-token: ' \
--header 'x-gsl-secret: ' \
--header 'Content-Type: application/json'

Replace <your_api_token> and <your_api_secret> with your actual credentials.

Rate Limiting

The API implements rate limiting to ensure fair usage:

Limits

  • 100 requests per minute per API token
  • Additional restrictions may apply for high-volume accounts

Rate Limit Headers

The following headers are included in all responses:

X-RateLimit-Limit: Maximum requests allowed
X-RateLimit-Remaining: Remaining requests in current window
X-RateLimit-Reset: Time when the rate limit resets (UTC epoch seconds)

Rate Limit Response

When exceeding the rate limit, you'll receive:

429 Too Many Requests
The request will be rejected with a 429 status code.
Response Body 
{
  "error": "Too Many Requests",
  "message": "Rate limit exceeded. Please try again later."
}

Important Notes

Token Expiration: API tokens have a defined validity period. Ensure your token is current and valid before making requests.

Organization Status: Your organization account must be in active status to successfully authenticate and use the API.

Invalid Credentials: Requests with missing or invalid authentication headers will receive a 401 Unauthorized response.

Usage Tracking: All API requests are logged with timestamp information, including the last used timestamp for each set of credentials.

Security Notes

Keep your API credentials secure. Never share them in client-side code or public repositories. If you believe your credentials have been compromised, regenerate them immediately.

Response

401 Unauthorized
Your API credentials are missing or invalid. Make sure authentication headers are included in the request.
Response Body 
{
  "error": "Unauthorized",
  "message": "Invalid or missing authentication headers"
}

Common Error Codes

  • 400 Bad Request: Invalid request data or missing required fields
  • 401 Unauthorized: Invalid or missing API credentials (x-gsl-token or x-gsl-secret)
  • 404 Not Found: Delivery not found
  • 422 Unprocessable Entity: Cannot process request (e.g., trying to cancel a completed delivery)
  • 500 Internal Server Error: Server error

Validation Errors

When validation fails, the API returns a 400 status code with detailed error information: 

{
  "error": "Unauthorized",
  "message": "Invalid or missing authentication headers"
}

Support

For API support and questions, please contact our development team at api-support@gospeedlog.com .

Our team typically responds within 24 hours during business days.