Welcome to the BNSF Application Programming Interface (API) Center. APIs offer an easy, cost-effective way to communicate real-time data and actions between applications. Our suite of APIs enables you to retrieve key data from BNSF and take actions to manage your freight directly in your business's applications. They eliminate the need for your technical team to learn a specialized rail skillset in creating APIs; and processes are streamlined by eliminating manual data entry. Whether you're new to APIs or an experienced Web developer, this API center gives you all the information and resources you need in one place.
In order to ensure data security, BNSF uses certificate-based Mutual Authentication (also known as mTLS, or two-way authentication) to allow our customers to validate our identity (Server Authentication), to allow BNSF to validate our customer's identities (Client Authentication) and to protect/encrypt the transfer of data.
To achieve Client Authentication, we require certificates to be issued from trusted Certificate Authorities. We accept Domain Validation, Organization Validation, Extended Validation and S/MIME (email) certificates. Domain Validation and S/MIME are the least expensive options. You should read about TLS/SSL and S/MIME certificates to better understand your options.
Here are links to some of the certificate offerings we accept:
- Entrust TLS/SSL, S/MIME
- Sectigo DV, S/MIME
- GoDaddy DV, S/MIME
- Comodo DV, S/MIME
- DigiCert DV, Client Certificate Options
*** Note: We do not accept certificates that are self-signed, private, or those issued by Let's Encrypt, webCARES or CloudFlare.com.
- Effective no longer than 36 months.
- Organization Name should be the company name that appears on your BNSF.com profile.
- Common Name should be your domain name for TLS/SSL certificates. For S/MIME, use your email address.
- Domain name must match the email address domain on your BNSF.com profile.
- Extended Key Usage must include Client Authentication (OID 188.8.131.52.184.108.40.206.2).
For more information about mutual authentication, please refer to the Mutual Authentication article in Wikipedia.
Once you are setup and approved to start using our APIs, you can conduct a test to see how fast and easy it is via a collaboration platform called Postman. To get stared with Postman, simply follow these steps:
- Set up your client certificate by following Postman's instructions.
- Host: api-trial.bnsf.com
- Port: 6443
- Use the Choose File buttons to set your CRT and KEY files. Passphrase is optional.
- Once your client certificate is set up, create a new request in Postman as follows:
- When trying to connect or download the certificate, make sure you are using port 6443
- Make sure your certificates are in PEM format and unencrypted in Postman
- Run a Health Check by requesting https://api-trial.bnsf.com:6443/healthcheck.
You should get:
- Use Powershell's Test-Netconnection to verify you are not blocked by a firewall
C:\> powershell Test-Netconnection -ComputerName "api-trial.bnsf.com" -Port 6443
TcpTestSucceeded : True
You're all set!
If you need any assistance, please reach out to the support team using the information below.
Monday – Friday, 8 am – 5 pm (Central Time)
For additional help, visit our API Support page.