{"activeVersionTag":"latest","latestAvailableVersionTag":"latest","collection":{"info":{"_postman_id":"d74a6655-e6dc-47d2-bdf1-1273a69ea395","name":"Pos Standard API v2.1 — Contract Customer","description":"This collection covers the full shipment lifecycle for contract customers: authentication, order creation (domestic / international / multi-piece), cancellation, tracking, HS-code lookup, and reference lookups for tracking events, webhook events, and failure reason codes.\n\n---\n\n## 1\\. Environments\n\n| Environment | Base URL | Purpose |\n| --- | --- | --- |\n| Staging | `https://api-dev.pos.com.my` | Integration and UAT |\n| Production | `https://posapi.pos.com.my` | Live traffic |\n\nSwitch environments by editing the `baseUrl` collection variable.\n\n---\n\n## 2\\. Authentication\n\nAll endpoints (except `Get Token`) require an OAuth 2.0 Bearer token obtained via the **client-credentials** grant.\n\n- Tokens are valid for **24 hours**. Refresh to avoid race conditions.\n    \n- `client_id` / `client_secret`:\n    \n    - **Staging** — provided by the Pos integration team.\n        \n    - **Production** — retrieved from SendParcel Pro → _Store Integration_.\n        \n\nThe collection uses an **inherited Bearer token** at the collection level bound to the `{{accessToken}}` variable. The `Get Token` request contains a post-response script that writes the fresh token back into `{{accessToken}}`.\n\n---\n\n## 3\\. Conventions\n\n- **Content-Type** — `application/json` for all endpoints except `Get Token`, which uses `application/x-www-form-urlencoded` per the OAuth 2.0 spec.\n    \n- **Timestamps** — `YYYY-MM-DD HH:mm:ss`, local Malaysia time (MYT, UTC+8).\n    \n- **Country codes** — ISO 3166-1 alpha-2 (e.g., `MY`, `SG`).\n    \n- **Currency** — MYR, amounts as strings to avoid floating-point precision loss (e.g., `\"15.00\"`).\n    \n- **Weight** — kilograms (decimal allowed). Maximum 30 kg per parcel.\n    \n- **Dimensions** — centimeters. Maximum 180 cm per side; dimensions > 120 cm on international shipments incur an RM 271 surcharge.\n    \n\n---\n\n## 4\\. HTTP Status Codes\n\n| Code | Meaning | When |\n| --- | --- | --- |\n| 200 OK | Successful GET or cancel | Tracking, HS code, reference lookups, cancel |\n| 201 Created | Successful POST | Order created |\n| 400 Bad Request | Validation failure | Missing / invalid field |\n| 401 Unauthorized | Missing or invalid token | Token expired, not supplied |\n| 403 Forbidden | Token valid but not permitted | Account not authorised for the endpoint |\n| 404 Not Found | Resource not found | Unknown tracking number |\n| 409 Conflict | State conflict | Cancel after pickup |\n| 429 Too Many Requests | Rate limit | Back off and retry |\n| 500 Internal Server Error | Server-side error | Raise with Pos integration team with `trace_id` |\n\n### Error Response Formats\n\n**Gateway-level error:**\n\n``` json\n{\n  \"message\": \"error\",\n  \"error\": {\n    \"code\": \"VALIDATION_ERROR\",\n    \"description\": \"<human-readable reason>\"\n  }\n}\n\n ```\n\n**Service-level validation error:**\n\n``` json\n{\n  \"message\": \"Could not process the order\",\n  \"code\": \"MW0400\",\n  \"reason\": [\"<list of validation errors>\"]\n}\n\n ```\n\n---\n\n## 5\\. Glossary\n\n| Term | Meaning |\n| --- | --- |\n| MPS | Multi-Piece Shipment — a single order covering multiple parcels (up to 19 pieces) |\n| COD | Cash on Delivery |\n| INS | Insurance |\n| HS Code | Harmonized System code used for customs declaration on international shipments |\n| ZPL | Zebra Programming Language (thermal label format) |\n| RTO | Return to Origin |\n| ETA | Estimated Time of Arrival |\n| PPL | Pusat Pos Laju (Pos Laju Centre) |\n| PSM | Pejabat Pos Malaysia (Malaysia Post Office) |\n\n---\n\n## 6\\. Folder Map\n\n1. **Authentication** — OAuth 2.0 token issuance.\n    \n2. **Orders** — Create and cancel shipment orders.\n    \n3. **Tracking & Customs** — Track & Trace, HS Code lookup.\n    \n4. **Reference Data** — Static lookup tables (tracking events, webhook events, failure reason codes).\n    \n\n---\n\n## 7\\. Change Log\n\n| Version | Date | Change |\n| --- | --- | --- |\n| 2.1 | 2026-04-19 | Documentation rewrite — added environments, auth inheritance, error schema, glossary, error examples, typo fixes, per-endpoint schema tables. Fixed Create Order (added `notes`, `hide_sender_address`, `return_info`), Cancel Order (added error codes from service), Track & Trace (architecture note). |\n| 2.1 | Earlier | Initial v2.1 Order API released |","schema":"https://schema.getpostman.com/json/collection/v2.0.0/collection.json","isPublicCollection":false,"owner":"7395641","collectionId":"d74a6655-e6dc-47d2-bdf1-1273a69ea395","publishedId":"2sAXjSyorM","public":true,"publicUrl":"https://api-doc.pos.com.my","privateUrl":"https://go.postman.co/documentation/7395641-d74a6655-e6dc-47d2-bdf1-1273a69ea395","customColor":{"top-bar":"FFFFFF","right-sidebar":"303030","highlight":"FF6C37"},"documentationLayout":"classic-double-column","customisation":{"metaTags":[{"name":"description","value":"This document serves as a standard API package for customers. It includes a Postman collection that contains all the necessary payloads and parameters required for customers to perform testing."},{"name":"title","value":"POS API Documentation"}],"appearance":{"default":"light","themes":[{"name":"dark","logo":"https://content.pstmn.io/3a2dbfb8-0779-4c9a-bdd8-313085a023a5/MV9Qb3NNYWxheXNpYV9SZWJyYW5kaW5nX05FVyBMb2dvIChDTVlLKV9Qb3MgTG9nbyAtIENNWUsgRmxhdC5wbmc=","colors":{"top-bar":"212121","right-sidebar":"303030","highlight":"FF6C37"}},{"name":"light","logo":"https://content.pstmn.io/3a2dbfb8-0779-4c9a-bdd8-313085a023a5/MV9Qb3NNYWxheXNpYV9SZWJyYW5kaW5nX05FVyBMb2dvIChDTVlLKV9Qb3MgTG9nbyAtIENNWUsgRmxhdC5wbmc=","colors":{"top-bar":"FFFFFF","right-sidebar":"303030","highlight":"FF6C37"}}]}},"version":"8.10.1","publishDate":"2025-03-10T06:26:07.000Z","activeVersionTag":"latest","documentationTheme":"light","metaTags":{"title":"POS API Documentation","description":"This document serves as a standard API package for customers. It includes a Postman collection that contains all the necessary payloads and parameters required for customers to perform testing."},"logos":{"logoLight":"https://content.pstmn.io/3a2dbfb8-0779-4c9a-bdd8-313085a023a5/MV9Qb3NNYWxheXNpYV9SZWJyYW5kaW5nX05FVyBMb2dvIChDTVlLKV9Qb3MgTG9nbyAtIENNWUsgRmxhdC5wbmc=","logoDark":"https://content.pstmn.io/3a2dbfb8-0779-4c9a-bdd8-313085a023a5/MV9Qb3NNYWxheXNpYV9SZWJyYW5kaW5nX05FVyBMb2dvIChDTVlLKV9Qb3MgTG9nbyAtIENNWUsgRmxhdC5wbmc="}},"statusCode":200},"environments":[{"name":"POS API Stage","id":"41a975ab-cbeb-47b8-a2f1-6b6c507803b6","owner":"7395641","values":[{"key":"stage","value":"api-dev","enabled":true,"type":"default"},{"key":"connote","value":"ER003450746MY","enabled":true,"type":"default"},{"key":"prefix","value":"ER","enabled":true,"type":"default"},{"key":"appCode","value":"StagingPos","enabled":true,"type":"default"},{"key":"secret","value":"StagingPos@1234","enabled":true,"type":"default"},{"key":"username","value":"StagingPos","enabled":true,"type":"default"},{"key":"grant_type","value":"","enabled":true,"type":"default"},{"key":"client_id","value":"","enabled":true,"type":"default"},{"key":"client_secret","value":"","enabled":true,"type":"default"}],"published":true}],"user":{"authenticated":false,"permissions":{"publish":false}},"run":{"button":{"js":"https://run.pstmn.io/button.js","css":"https://run.pstmn.io/button.css"}},"web":"https://www.getpostman.com/","team":{"logo":"https://res.cloudinary.com/postman/image/upload/t_team_logo_pubdoc/v1/team/768118b36f06c94b0306958b980558e6915839447e859fe16906e29d683976f0","favicon":"https://pos.com.my/favicon.ico"},"isEnvFetchError":false,"languages":"[{\"key\":\"csharp\",\"label\":\"C#\",\"variant\":\"HttpClient\"},{\"key\":\"csharp\",\"label\":\"C#\",\"variant\":\"RestSharp\"},{\"key\":\"curl\",\"label\":\"cURL\",\"variant\":\"cURL\"},{\"key\":\"dart\",\"label\":\"Dart\",\"variant\":\"http\"},{\"key\":\"go\",\"label\":\"Go\",\"variant\":\"Native\"},{\"key\":\"http\",\"label\":\"HTTP\",\"variant\":\"HTTP\"},{\"key\":\"java\",\"label\":\"Java\",\"variant\":\"OkHttp\"},{\"key\":\"java\",\"label\":\"Java\",\"variant\":\"Unirest\"},{\"key\":\"javascript\",\"label\":\"JavaScript\",\"variant\":\"Fetch\"},{\"key\":\"javascript\",\"label\":\"JavaScript\",\"variant\":\"jQuery\"},{\"key\":\"javascript\",\"label\":\"JavaScript\",\"variant\":\"XHR\"},{\"key\":\"c\",\"label\":\"C\",\"variant\":\"libcurl\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Axios\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Native\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Request\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Unirest\"},{\"key\":\"objective-c\",\"label\":\"Objective-C\",\"variant\":\"NSURLSession\"},{\"key\":\"ocaml\",\"label\":\"OCaml\",\"variant\":\"Cohttp\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"cURL\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"Guzzle\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"HTTP_Request2\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"pecl_http\"},{\"key\":\"powershell\",\"label\":\"PowerShell\",\"variant\":\"RestMethod\"},{\"key\":\"python\",\"label\":\"Python\",\"variant\":\"http.client\"},{\"key\":\"python\",\"label\":\"Python\",\"variant\":\"Requests\"},{\"key\":\"r\",\"label\":\"R\",\"variant\":\"httr\"},{\"key\":\"r\",\"label\":\"R\",\"variant\":\"RCurl\"},{\"key\":\"ruby\",\"label\":\"Ruby\",\"variant\":\"Net::HTTP\"},{\"key\":\"shell\",\"label\":\"Shell\",\"variant\":\"Httpie\"},{\"key\":\"shell\",\"label\":\"Shell\",\"variant\":\"wget\"},{\"key\":\"swift\",\"label\":\"Swift\",\"variant\":\"URLSession\"}]","languageSettings":[{"key":"csharp","label":"C#","variant":"HttpClient"},{"key":"csharp","label":"C#","variant":"RestSharp"},{"key":"curl","label":"cURL","variant":"cURL"},{"key":"dart","label":"Dart","variant":"http"},{"key":"go","label":"Go","variant":"Native"},{"key":"http","label":"HTTP","variant":"HTTP"},{"key":"java","label":"Java","variant":"OkHttp"},{"key":"java","label":"Java","variant":"Unirest"},{"key":"javascript","label":"JavaScript","variant":"Fetch"},{"key":"javascript","label":"JavaScript","variant":"jQuery"},{"key":"javascript","label":"JavaScript","variant":"XHR"},{"key":"c","label":"C","variant":"libcurl"},{"key":"nodejs","label":"NodeJs","variant":"Axios"},{"key":"nodejs","label":"NodeJs","variant":"Native"},{"key":"nodejs","label":"NodeJs","variant":"Request"},{"key":"nodejs","label":"NodeJs","variant":"Unirest"},{"key":"objective-c","label":"Objective-C","variant":"NSURLSession"},{"key":"ocaml","label":"OCaml","variant":"Cohttp"},{"key":"php","label":"PHP","variant":"cURL"},{"key":"php","label":"PHP","variant":"Guzzle"},{"key":"php","label":"PHP","variant":"HTTP_Request2"},{"key":"php","label":"PHP","variant":"pecl_http"},{"key":"powershell","label":"PowerShell","variant":"RestMethod"},{"key":"python","label":"Python","variant":"http.client"},{"key":"python","label":"Python","variant":"Requests"},{"key":"r","label":"R","variant":"httr"},{"key":"r","label":"R","variant":"RCurl"},{"key":"ruby","label":"Ruby","variant":"Net::HTTP"},{"key":"shell","label":"Shell","variant":"Httpie"},{"key":"shell","label":"Shell","variant":"wget"},{"key":"swift","label":"Swift","variant":"URLSession"}],"languageOptions":[{"label":"C# - HttpClient","value":"csharp - HttpClient - C#"},{"label":"C# - RestSharp","value":"csharp - RestSharp - C#"},{"label":"cURL - cURL","value":"curl - cURL - cURL"},{"label":"Dart - http","value":"dart - http - Dart"},{"label":"Go - Native","value":"go - Native - Go"},{"label":"HTTP - HTTP","value":"http - HTTP - HTTP"},{"label":"Java - OkHttp","value":"java - OkHttp - Java"},{"label":"Java - Unirest","value":"java - Unirest - Java"},{"label":"JavaScript - Fetch","value":"javascript - Fetch - JavaScript"},{"label":"JavaScript - jQuery","value":"javascript - jQuery - JavaScript"},{"label":"JavaScript - XHR","value":"javascript - XHR - JavaScript"},{"label":"C - libcurl","value":"c - libcurl - C"},{"label":"NodeJs - Axios","value":"nodejs - Axios - NodeJs"},{"label":"NodeJs - Native","value":"nodejs - Native - NodeJs"},{"label":"NodeJs - Request","value":"nodejs - Request - NodeJs"},{"label":"NodeJs - Unirest","value":"nodejs - Unirest - NodeJs"},{"label":"Objective-C - NSURLSession","value":"objective-c - NSURLSession - Objective-C"},{"label":"OCaml - Cohttp","value":"ocaml - Cohttp - OCaml"},{"label":"PHP - cURL","value":"php - cURL - PHP"},{"label":"PHP - Guzzle","value":"php - Guzzle - PHP"},{"label":"PHP - HTTP_Request2","value":"php - HTTP_Request2 - PHP"},{"label":"PHP - pecl_http","value":"php - pecl_http - PHP"},{"label":"PowerShell - RestMethod","value":"powershell - RestMethod - PowerShell"},{"label":"Python - http.client","value":"python - http.client - Python"},{"label":"Python - Requests","value":"python - Requests - Python"},{"label":"R - httr","value":"r - httr - R"},{"label":"R - RCurl","value":"r - RCurl - R"},{"label":"Ruby - Net::HTTP","value":"ruby - Net::HTTP - Ruby"},{"label":"Shell - Httpie","value":"shell - Httpie - Shell"},{"label":"Shell - wget","value":"shell - wget - Shell"},{"label":"Swift - URLSession","value":"swift - URLSession - Swift"}],"layoutOptions":[{"value":"classic-single-column","label":"Single Column"},{"value":"classic-double-column","label":"Double Column"}],"versionOptions":[],"environmentOptions":[{"value":"0","label":"No Environment"},{"label":"POS API Stage","value":"7395641-41a975ab-cbeb-47b8-a2f1-6b6c507803b6"}],"canonicalUrl":"https://api-doc.pos.com.my/view/metadata/2sAXjSyorM"}