USPS Web Tools to v3 REST API:
Complete Endpoint Mapping
USPS retired the Web Tools XML API on January 25, 2026. Every XML endpoint now has a REST equivalent. This is the definitive mapping reference — bookmark it, share it with your team, and stop guessing which v3 route replaces your legacy call.
Master Endpoint Mapping
Every Web Tools XML API and its v3 REST equivalent. Method colors: GET for reads, POST for writes.
Address APIs
| Web Tools XML API | v3 REST Endpoint | Method | Notes |
|---|---|---|---|
| AddressValidateRequest | /addresses/v3/address | GET | DPV data now included by default |
| CityStateLookupRequest | /addresses/v3/city-state | GET | ZIP lookup included |
| ZipCodeLookupRequest | /addresses/v3/zipcode | GET | Returns ZIP+4 |
Tracking APIs
| Web Tools XML API | v3 REST Endpoint | Method | Notes |
|---|---|---|---|
| TrackFieldRequest | /tracking/v3/tracking/{trackingId} | GET | Real-time events, no XML parsing |
| TrackConfirmRequest | /tracking/v3/tracking/{trackingId} | GET | Unified endpoint — same as TrackField |
Shipping & Label APIs
| Web Tools XML API | v3 REST Endpoint | Method | Notes |
|---|---|---|---|
| eVS (Express Mail) | /labels/v3/label | POST | Requires Payment Authorization token |
| eVS (Priority Mail) | /labels/v3/label | POST | Same endpoint, different mailClass |
| eVS (Ground Advantage) | /labels/v3/label | POST | New class, replaces First Class Package |
| eVS (Cancel) | /labels/v3/label/{trackingId} | DELETE | Void within 24 hours of creation |
Pricing APIs
| Web Tools XML API | v3 REST Endpoint | Method | Notes |
|---|---|---|---|
| RateV4Request | /prices/v3/base-rates/search | POST | JSON body replaces XML envelope |
| IntlRateV2Request | /international-prices/v3/base-rates/search | POST | International pricing, same pattern |
Service Standards & Locations
| Web Tools XML API | v3 REST Endpoint | Method | Notes |
|---|---|---|---|
| SDCGetLocationsRequest | /service-standards/v3/estimates | GET | Delivery estimates by origin/destination |
| POLocatorRequest | /locations/v3/post-offices | GET | Find post offices by ZIP or coordinates |
Authentication: Before & After
Web Tools embedded a plain-text USERID in every XML request body. No scopes, no expiry, no rotation. The v3 API uses standard OAuth 2.0 client credentials — tokens expire after 8 hours and support granular scopes.
<!-- Auth embedded in every XML request -->
POST https://secure.shippingapis.com
/ShippingAPI.dll?API=Verify
<AddressValidateRequest
USERID="YOUR_USERID">
<Address>
<Address1>Apt 2</Address1>
<Address2>1600 Pennsylvania Ave</Address2>
</Address>
</AddressValidateRequest>
<!-- USERID in plain text. No expiry.
No scopes. No rotation. -->// Step 1: Get OAuth token (valid 8 hours)
POST https://apis.usps.com/oauth2/v3/token
Content-Type: application/x-www-form-urlencoded
grant_type=client_credentials
&client_id=YOUR_CLIENT_ID
&client_secret=YOUR_CLIENT_SECRET
&scope=addresses tracking prices labels
// Step 2: Use Bearer token in header
GET /addresses/v3/address
Authorization: Bearer {access_token}
// Scoped. Rotatable. Standard OAuth 2.0.Key Gotchas
These are the migration landmines that don't show up in USPS's own documentation. Every one of these has broken a production system.
01 Rate Limits: 60 req/hr
Web Tools had no documented rate limit — developers grew accustomed to unlimited calls. The v3 API caps at 60 requests per hour by default. That's 1 request per minute. A single e-commerce store doing 50 orders/day will blow through this during peak hours. You can request an increase, but plan for the constraint from day one.
02 Payment Authorization: Two-Token Dance
Label creation is the only endpoint that requires two authorization tokens: your standard OAuth Bearer token plus a separate Payment Authorization token tied to your CRID and MID. Miss this and you'll get a cryptic 401 even with a valid Bearer token.
// Label creation requires TWO tokens:
// 1. Standard OAuth token (addresses, tracking, prices)
POST /oauth2/v3/token
grant_type=client_credentials
scope=addresses tracking prices
// 2. Payment Authorization token (labels only)
POST /payment-authorization/v3/payment-token
Authorization: Bearer {standard_token}
{
"roles": [
{ "roleName": "PAYER",
"CRID": "YOUR_CRID",
"MID": "YOUR_MID" }
]
}
// 3. Create label with BOTH tokens
POST /labels/v3/label
Authorization: Bearer {standard_token}
X-Payment-Authorization: {payment_token}03 Address1/Address2 Semantics Are REVERSED
This is the single most common migration bug. In Web Tools XML, Address1 was the secondary line (apartment, suite) and Address2 was the primary street address. The v3 API uses sane naming: streetAddress for primary, secondaryAddress for secondary.
// Web Tools XML (REVERSED semantics)
<Address1>Apt 2</Address1> ← secondary
<Address2>1600 Penn Ave</Address2> ← primary street
// v3 REST JSON (correct semantics)
{
"streetAddress": "1600 Penn Ave", ← primary
"secondaryAddress": "Apt 2" ← secondary
}
// If you map Address1 → streetAddress, every
// apartment number becomes the street. Ask us
// how we know.04 No More XML Entities or CDATA
Web Tools required URL-encoding of special characters and wrapping values in CDATA sections. The v3 API is standard JSON — & becomes &, < becomes <, and there's no CDATA to think about. If your parsing layer is stripping XML entities, you'll get garbled addresses on v3.
05 New Base URLs
| Environment | Web Tools | v3 REST |
|---|---|---|
| Production | secure.shippingapis.com | apis.usps.com |
| Testing | stg-secure.shippingapis.com | apis-tem.usps.com |
06 One Endpoint, Many Query Params
Web Tools used a different API name for each operation (?API=Verify, ?API=CityStateLookup), but they all hit the same ShippingAPI.dll. The v3 API uses proper REST routes — each resource gets its own path. Don't try to build a router based on the old API parameter; map each to its dedicated v3 endpoint.
Quick Reference: Field Name Changes
Beyond the endpoint mapping, many field names changed between Web Tools XML and v3 JSON. Here are the most-used fields:
| Web Tools XML Field | v3 REST JSON Field | Watch Out |
|---|---|---|
| Address1 | secondaryAddress | Semantics reversed |
| Address2 | streetAddress | Semantics reversed |
| Zip5 | ZIPCode | Capital ZIP |
| Zip4 | ZIPPlus4 | Capital ZIP, Plus4 suffix |
| FirmName | firm | Simplified |
| DPVConfirmation | DPV (nested object) | Now includes footnotes inline |
| USERID (attribute) | Authorization header | Not in body anymore |
How RevAddress Handles This
RevAddress wraps all v3 endpoints with production-grade infrastructure — so you don't have to build the OAuth token management, rate limit handling, and caching yourself.
- 37 routes mapped — every v3 endpoint wrapped with validation, caching, and error normalization
- OAuth abstracted — tokens cached, refreshed proactively 30 minutes before expiry, Payment Auth handled automatically
- Rate limits managed — request queuing, burst smoothing, and automatic retry with exponential backoff
- BYOK support — bring your own USPS credentials to use your rate limit increase, with AES-GCM encryption at rest
Open-source SDKs handle the client-side integration: Python (PyPI) and Node.js (npm).
Done mapping endpoints?
RevAddress handles the endpoint mapping, token management, rate limits, and caching. Get a REST API key and call USPS v3 in 5 minutes.