Transfer Order API - Package
Version 1.0 — April 2025
Authentication - Login API
To access the GraphQL APIs, users must first authenticate using the Xemelgo Login REST API.
Endpoint Details
- URL:
https://rest.api.xemelgo.com/login - Method:
POST
Properties
| Property | Type | Description | Required |
|---|---|---|---|
email | String | base64 Encoded email id for user | Yes |
password | String | base64 encoded password for user | Yes |
Password needs to be a minimum of 8 characters and should have a number in it.
Request Body
{
"email": "base64_encoded_email",
"password": "base64_encoded_password"
}
StatusCode - 200 on success
Response Body
{
"AccessToken": "$accessToken",
"ExpiresIn": 480,
"TokenType": "Bearer",
"RefreshToken": "$refreshToken",
"IdToken": "$idToken"
}
Use the $idToken as the authorization header for all API requests.
Errors
| Error | Error code | Exception |
|---|---|---|
| In correct username and/or password | 400 | NotAuthorizedException |
Create Package Transfer Order API
Create Package Transfer Order API allows you to create a transfer order and track the packages associated with it.
Endpoint Details
- URL:
https://api.xemelgo.com/graphql - Method:
POST
Properties
| Property | Type | Description | Required |
|---|---|---|---|
id | String | Transfer order ID | Yes |
trackerSerial | String | Tracker serial number | No |
transferFromId | String | Source location ID | No |
transferToId | String | Destination location ID | No |
packages | Array | List of packages (defined below) | No |
customProperties | AWSJSON | Additional properties applicable to transfer orders | No |
packages
Each object in the packages array includes the following properties:
| Property | Type | Description | Required |
|---|---|---|---|
id | String | Unique package ID | Yes |
trackerSerial | String | Tracker serial number assigned to the package | No |
reuseTrackerSerial | Boolean | Indicates if the tracker serial can be reused | No |
name | String | Name of the package | No |
description | String | Description of the package | No |
comments | String | Additional comments about the package | No |
locationId | String | Location ID where the package is currently stored | No |
customProperties | AWSJSON | Additional custom properties for the package | No |
Headers
Authorization – $idToken
Request Body
mutation createPackageTransferOrder {
createPackageTransferOrders(
input: {
id: "TEST_PACKAGE_TRANSFER_ORDER"
transferFromId: "Location A"
transferToId: "Location B"
packages: [
{
id: "PKG-001"
trackerSerial: "EPC1"
reuseTrackerSerial: false
name: "Electronics Box"
description: "Contains tablets"
comments: "Handle with care"
locationId: "Bin-A1"
customProperties: "{\"weight\": \"10lbs\"}"
}
{
id: "PKG-002"
trackerSerial: "EPC2"
reuseTrackerSerial: true
name: "Books Box"
description: "Contains books"
comments: "Top shelf"
locationId: "Bin-B2"
customProperties: "{\"weight\": \"15lbs\"}"
}
]
}
) {
packageTransferOrder {
id
status
transferFrom {
id
}
transferTo {
id
}
packages {
id
trackerSerial
name
description
comments
lastDetectedAtLocation {
id
}
customProperties
}
creationDate
startDate
stagedDate
stagedQuantity
shippedDate
shippedQuantity
cancelledDate
lastUpdatedDate
customProperties
}
}
}
Status Code - 200
Response Body
PackageTransferOrder {
id: String
status: TransferOrderStatus
transferFrom: LocationV2
transferTo: LocationV2
creationDate: AWSTimestamp
startDate: AWSTimestamp
completedDate: AWSTimestamp
cancelledDate: AWSTimestamp
packages: [Package!]!
lastUpdatedDate: AWSTimestamp
customProperties: AWSJSON
}
Errors
| Error | Error code | Exception |
|---|---|---|
Expired token | 401 | Unauthorized |
Invalid token | 401 | Unauthorized |
Missing Authorization Header | 401 | Unauthorized |
Error Response Examples
Expired Token
{
"errors": [
{
"errorType": "UnauthorizedException",
"message": "Token has expired."
}
]
}
Invalid token
{
"errors": [
{
"errorType": "UnauthorizedException",
"message": "Unable to parse JWT token"
}
]
}
Missing Authorization Header
{
"errors": [
{
"errorType": "UnauthorizedException",
"message": "User is not authorized to make this call."
}
]
}
Additional 200-Level Errors
| Error | Error description | Error code |
|---|---|---|
ValidationError | No id provided, no entries, quantity ≤ 0, no item type, duplicate item type | 200 |
ResourceNotFoundError | Tracker serial does not exist | 200 |
UnexpectedError | Some unexpected things happened on create, duplicate locations with the same identifier | 200 |
LocationNotFoundError | From/to location not found | 200 |
ResourceAlreadyExistError | Transfer order with this identifier already exists | 200 |
Update Transfer Order API
Update Transfer Order API allows you to modify an existing transfer order, including changing its locations, updating the tracker, and adding or removing packages.
Endpoint Details
- URL:
https://api.xemelgo.com/graphql - Method:
POST
Properties
| Property | Type | Description | Required |
|---|---|---|---|
id | String | Unique identifier of the transfer order to update | Yes |
trackerSerial | String | Updated tracker serial number | No |
transferFromId | String | Updated source location ID | No |
transferToId | String | Updated destination location ID | No |
packagesToAdd | [PackageInput!] | List of new packages to add (defined below) | No |
packageIdsToRemove | [String!] | List of package IDs to remove from the transfer | No |
customProperties | AWSJSON | Additional custom properties associated with the transfer order | No |
packagesToAdd
Each object in the packagesToAdd array includes the following properties:
| Property | Type | Description | Required |
|---|---|---|---|
id | String | Unique package ID | Yes |
trackerSerial | String | Tracker serial number assigned to the package | No |
reuseTrackerSerial | Boolean | Indicates if the tracker serial can be reused | No |
name | String | Name of the package | No |
description | String | Description of the package | No |
comments | String | Additional comments about the package | No |
locationId | String | Location ID where the package is currently stored | No |
customProperties | AWSJSON | Additional custom properties for the package | No |
Headers
Authorization – $idToken
Request Body
mutation updatePackageTransferOrder {
updatePackageTransferOrder(
input: {
id: "TEST_PACKAGE_TRANSFER_ORDER"
trackerSerial: "EPC3"
transferFromId: "Location A"
transferToId: "Location C"
packagesToAdd: [
{
id: "PKG-003"
trackerSerial: "EPC3"
reuseTrackerSerial: false
name: "Camera Box"
description: "Contains cameras"
comments: "Fragile"
locationId: "Bin-C3"
customProperties: "{\"weight\": \"5lbs\"}"
}
]
packageIdsToRemove: ["PKG-002"]
customProperties: "{\"priority\": \"high\"}"
}
) {
packageTransferOrder {
id
status
transferFrom {
id
}
transferTo {
id
}
packages {
id
trackerSerial
name
description
comments
lastDetectedAtLocation {
id
}
customProperties
}
creationDate
startDate
stagedDate
stagedQuantity
shippedDate
shippedQuantity
cancelledDate
lastUpdatedDate
customProperties
}
}
}
Status Code - 200
Response Body
PackageTransferOrder {
id: String
status: TransferOrderStatus
transferFrom: LocationV2
transferTo: LocationV2
creationDate: AWSTimestamp
startDate: AWSTimestamp
completedDate: AWSTimestamp
cancelledDate: AWSTimestamp
packages: [Package!]!
lastUpdatedDate: AWSTimestamp
customProperties: AWSJSON
}
Errors
| Error | Error code | Exception |
|---|---|---|
Expired token | 401 | Unauthorized |
Invalid token | 401 | Unauthorized |
Missing Authorization Header | 401 | Unauthorized |
Error Response Examples
Expired Token
{
"errors": [
{
"errorType": "UnauthorizedException",
"message": "Token has expired."
}
]
}
Invalid token
{
"errors": [
{
"errorType": "UnauthorizedException",
"message": "Unable to parse JWT token"
}
]
}
Missing Authorization Header
{
"errors": [
{
"errorType": "UnauthorizedException",
"message": "User is not authorized to make this call."
}
]
}
Get Transfer Order API
Get Transfer Order API allows you to retrieve a specific package transfer order and view its status.
Endpoint Details
- URL:
https://api.xemelgo.com/graphql - Method:
POST
Properties
| Property | Type | Description | Required |
|---|---|---|---|
id | String | Package transfer order ID | Yes |
Headers
Authorization – $idToken
Request Body
query packageTransferOrder($id: String) {
packageTransferOrder(input: { id: $id }) {
packageTransferOrder {
id
status
transferFrom {
id
}
transferTo {
id
}
packages {
id
trackerSerial
name
description
comments
lastDetectedAtLocation {
id
}
customProperties
}
creationDate
startDate
stagedDate
stagedQuantity
shippedDate
shippedQuantity
cancelledDate
lastUpdatedDate
customProperties
}
}
}
Status Code - 200
Response Body
PackageTransferOrder {
id: String
status: TransferOrderStatus
transferFrom: LocationV2
transferTo: LocationV2
creationDate: AWSTimestamp
startDate: AWSTimestamp
completedDate: AWSTimestamp
cancelledDate: AWSTimestamp
packages: [Package!]!
lastUpdatedDate: AWSTimestamp
customProperties: AWSJSON
}
Errors
| Error | Error code | Exception |
|---|---|---|
Expired token | 401 | Unauthorized |
Invalid token | 401 | Unauthorized |
Missing Authorization Header | 401 | Unauthorized |
Error Response Examples
Expired Token
{
"errors": [
{
"errorType": "UnauthorizedException",
"message": "Token has expired."
}
]
}
Invalid token
{
"errors": [
{
"errorType": "UnauthorizedException",
"message": "Unable to parse JWT token"
}
]
}
Missing Authorization Header
{
"errors": [
{
"errorType": "UnauthorizedException",
"message": "User is not authorized to make this call."
}
]
}
Additional 200-Level Errors
| Error | Error description | Error code |
|---|---|---|
ValidationError | No id provided | 200 |
ResourceNotFoundError | Transfer order not found | 200 |
List Transfer Orders API
List Transfer Orders API allows you to retrieve all package transfer orders and view their statuses.
Endpoint Details
- URL:
https://api.xemelgo.com/graphql - Method:
POST
Properties
| Property | Type | Description | Required |
|---|---|---|---|
filter | String | Filter for package transfer properties | No |
nextToken | String | Pagination support | No |
Headers
Authorization – $idToken
Request Body
query packageTransferOrders($filter: String, $nextToken: String) {
packageTransferOrders(input: { filter: $filter, nextToken: $nextToken }) {
packageTransferOrder {
id
status
transferFrom {
id
}
transferTo {
id
}
packages {
id
trackerSerial
name
description
comments
lastDetectedAtLocation {
id
}
customProperties
}
creationDate
startDate
stagedDate
stagedQuantity
shippedDate
shippedQuantity
cancelledDate
lastUpdatedDate
customProperties
}
}
}
Status Code - 200
Response Body
PackageTransferOrder {
id: String
status: TransferOrderStatus
transferFrom: LocationV2
transferTo: LocationV2
creationDate: AWSTimestamp
startDate: AWSTimestamp
completedDate: AWSTimestamp
cancelledDate: AWSTimestamp
packages: [Package]!
lastUpdatedDate: AWSTimestamp
customProperties: AWSJSON
}
Errors
| Error | Error code | Exception |
|---|---|---|
Expired token | 401 | Unauthorized |
Invalid token | 401 | Unauthorized |
Missing Authorization Header | 401 | Unauthorized |
Error Response Examples
Expired Token
{
"errors": [
{
"errorType": "UnauthorizedException",
"message": "Token has expired."
}
]
}
Invalid token
{
"errors": [
{
"errorType": "UnauthorizedException",
"message": "Unable to parse JWT token"
}
]
}
Missing Authorization Header
{
"errors": [
{
"errorType": "UnauthorizedException",
"message": "User is not authorized to make this call."
}
]
}
Delete Transfer Order API
Delete Transfer Order API allows you to remove a package transfer order.
Endpoint Details
- URL:
https://api.xemelgo.com/graphql - Method:
POST
Properties
| Property | Type | Description | Required |
|---|---|---|---|
id | String | Package transfer order ID | Yes |
Headers
Authorization – $idToken
Request Body
mutation deletePackageTransferOrder {
deletePackageTransferOrder(input: { id: "TEST_PACKAGE_TRANSFER_ORDER" }) {
packageTransferOrder {
id
status
transferFrom {
id
}
transferTo {
id
}
packages {
id
trackerSerial
name
description
comments
lastDetectedAtLocation {
id
}
customProperties
}
creationDate
startDate
stagedDate
stagedQuantity
shippedDate
shippedQuantity
cancelledDate
lastUpdatedDate
customProperties
}
}
}
Status Code - 200
Response Body
PackageTransferOrder {
id: String
status: TransferOrderStatus
transferFrom: LocationV2
transferTo: LocationV2
creationDate: AWSTimestamp
startDate: AWSTimestamp
completedDate: AWSTimestamp
cancelledDate: AWSTimestamp
packages: [Package!]!
lastUpdatedDate: AWSTimestamp
customProperties: AWSJSON
}
Errors
| Error | Error code | Exception |
|---|---|---|
Expired token | 401 | Unauthorized |
Invalid token | 401 | Unauthorized |
Missing Authorization Header | 401 | Unauthorized |
Error Response Examples
Expired Token
{
"errors": [
{
"errorType": "UnauthorizedException",
"message": "Token has expired."
}
]
}
Invalid token
{
"errors": [
{
"errorType": "UnauthorizedException",
"message": "Unable to parse JWT token"
}
]
}
Missing Authorization Header
{
"errors": [
{
"errorType": "UnauthorizedException",
"message": "User is not authorized to make this call."
}
]
}
Additional 200-Level Errors
| Error | Error description | Error code |
|---|---|---|
| ValidationError | No id provided | 200 |
| ResourceNotFoundError | Transfer order not found | 200 |