# Retrieving the Security Hash

## Get Security Hash

Details of how the `tracking-securityhash` endpoint can be used to retrieve the security hash for a tracking in the parcelLab system are described below.

<details>

<summary><mark style="color:blue;">GET</mark> Security Hash</summary>

You can retrieve the security hash using this endpoint. To use this API, you need your parcelLab user ID and token, which you add as the Basic Auth username and password.

The details of the Get Security Hash API are described in the following section.

**API Details**

<mark style="color:blue;">`GET`</mark> `https://api.parcellab.com/tracking-securityhash?orderNo=x`

**Query Parameters**

| Name    | Type   | Description                                                 |
| ------- | ------ | ----------------------------------------------------------- |
| orderNo | string | The `orderNo` field supplied when the tracking was created. |

**Header**

| Name         | Type   | Description         |
| ------------ | ------ | ------------------- |
| user         | number | parcelLab user ID   |
| token        | string | parcelLab API token |
| content-type | string | 'application/json'  |

**Responses**

* 200 - security hash successfully retrieved
* 401 - invalid credentials, or credentials not authorized to access security hash for this tracking
* 404 - could not find any trackings matching this query

An example successful response is displayed below to show the format for retrieving checkpoints. This contains the parcelLab internal tracking \_id, and the \_ids of any other trackings in that order listed in \_context. The securityHash itself is returned and when it is validUntil, which is 90 days since tracking creation.

```javascript
{
    "_id": "5e0000000000000000000001",
    "_context": ["5e0000000000000000000002"],
    "securityHash": "abcde12345",
    "validUntil": "2020-02-20T20:20:20.200Z"
}
```

</details>

## Alternative Request Patterns

The request in the previous section shows the recommended access pattern via the `&orderNo=` parameter.

The following request patterns are also supported:

* `&courier=&trackingNo=` using the `courier` and `tracking_number` fields provided when creating the tracking.
* `&xid=` using the `xid` field provided when creating the tracking.
* `&tid=` using the parcelLab internal tracking ID, retrieved from `/search` for example.

## Using the Security Hash

To use the security hash, append it to the URL of any website running our tracking plugin as `&s=<securityHash>`. For more information on the plugin, please refer to the documentation on parcelLab's Order Status page.

{% content-ref url="/pages/YpKN39rf034jMoDyGH01" %}
[Order Status Page Configuration](/docs/developers/v2/status-updates/configuration.md)
{% endcontent-ref %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.parcellab.com/docs/developers/v2/status-updates/configuration/retrieving-the-security-hash.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.