Summary and recommendation
EasyPost user management can be run manually, but complexity usually increases with role models, licensing gates, and offboarding dependencies. This guide gives the exact mechanics and where automation has the biggest impact.
EasyPost is a shipping API platform built primarily around programmatic label generation and carrier rate shopping. Dashboard access for team members exists but is secondary to the platform's core API-key-based access model.
There is no SSO, no SCIM provisioning, and no IdP integration - every app in your stack that relies on automated provisioning will need a manual workaround here.
The permission model is coarse: accounts have one Owner and any number of Team Members, with limited granularity between those two tiers. API keys (test and production) are the real access-control mechanism for programmatic use.
Child users (sub-accounts) provide account-level isolation for multi-tenant or reseller scenarios, but managing them requires direct API calls rather than dashboard UI actions.
Quick facts
| Admin console path | Dashboard → Account Settings → Team Members (or API Keys) |
| Admin console URL | Official docs |
| SCIM available | No |
| SCIM tier required | Not available |
| SSO prerequisite | No |
User types and roles
| Role | Permissions | Cannot do | Plan required | Seat cost | Watch out for |
|---|---|---|---|---|---|
| Account Owner | Full access to all dashboard features, billing, API keys (test and production), child user management, and account settings. | All plans | No per-seat fee; usage-based pricing only. | Only one owner per account. Ownership transfer process is not self-serve in the dashboard; requires contacting EasyPost support. | |
| Team Member (Dashboard User) | Access to dashboard features as granted by the account owner; can view shipments, labels, and reports depending on permissions assigned. | Cannot access or manage billing by default; permission scope depends on what the owner configures. | All plans | No per-seat fee. | Granular role-based permissions for team members are limited; EasyPost's primary access-control model is API-key-based rather than dashboard-role-based. |
| Child User (Sub-Account) | Separate EasyPost account linked to a parent account via the API. Has its own API keys, shipment history, and address book. Parent account can fund child accounts and view their usage. | Child users cannot access the parent account's shipments or billing directly. Sub-account management is API-driven, not fully self-serve in the dashboard UI. | Available on all plans; typically used by platforms and resellers. | No per-seat fee; child accounts consume usage from their own balance or are funded by the parent. | Child user creation and management requires API calls (POST /v2/users). There is no bulk child-account creation UI in the dashboard. |
Permission model
- Model type: role-based
- Description: EasyPost uses a lightweight role model for dashboard access (Owner vs. Team Member) combined with an API-key-based access model. API keys (test and production) serve as the primary access-control mechanism for programmatic access. Child users (sub-accounts) provide account-level isolation for multi-tenant or reseller use cases. Granular permission sets within a single account are limited.
- Custom roles: No
- Custom roles plan: Not documented
- Granularity: Coarse. Dashboard distinguishes Owner from Team Member. API access is controlled by issuing separate test or production API keys. No fine-grained, per-resource permission assignments documented for dashboard users.
How to add users
- Log in to the EasyPost dashboard at app.easypost.com.
- Navigate to Account Settings (gear icon or account menu).
- Select the 'Team Members' or 'Users' section.
- Click 'Invite Member' or equivalent button.
- Enter the invitee's email address.
- Assign the appropriate role or permission level.
- Send the invitation; the invitee receives an email to accept and set a password.
Required fields: Email address of the invitee
Watch out for:
- Exact UI labels and steps may vary as EasyPost periodically updates its dashboard; verify current path in app.easypost.com.
- Child user (sub-account) creation is done via API (POST /v2/users), not through the team-member invite flow.
- No documented domain-whitelisting or auto-provisioning for dashboard users.
- No SSO or SCIM provisioning is available, so all invitations are manual.
| Bulk option | Availability | Notes |
|---|---|---|
| CSV import | No | Not documented |
| Domain whitelisting | No | Automatic domain-based user add |
| IdP provisioning | No | Not documented |
How to remove or deactivate users
- Can delete users: Yes
- Delete/deactivate behavior: Team members can be removed from the account by the owner via Account Settings → Team Members. The specific behavior (deactivation vs. hard delete) is not fully detailed in public documentation; removal revokes dashboard access. Child user (sub-account) deletion is performed via the API (DELETE /v2/users/:id) and is irreversible per API docs.
- Log in to the EasyPost dashboard as the account owner.
- Navigate to Account Settings → Team Members.
- Locate the team member to remove.
- Select the option to remove or revoke access for that member.
- Confirm the action.
| Data impact | Behavior |
|---|---|
| Owned records | Shipments, labels, and addresses created under the account remain associated with the account, not the individual team member. Data is retained after member removal. |
| Shared content | Shared API keys remain active unless explicitly revoked separately. Removing a team member does not automatically rotate or revoke API keys they may have had access to. |
| Integrations | Any integrations or webhooks configured under the account continue to function after a team member is removed, as they are account-level resources. |
| License freed | No per-seat license to free; EasyPost uses usage-based pricing with no seat fees. |
Watch out for:
- Removing a team member does not automatically revoke API keys they were using; keys must be rotated or deleted separately in the API Keys section.
- Child user (sub-account) deletion via API is permanent and removes all associated data for that sub-account.
- No documented offboarding workflow or audit log export for removed users in the standard dashboard.
License and seat management
| Seat type | Includes | Cost |
|---|---|---|
| Dashboard User / Team Member | Access to EasyPost dashboard; no per-seat cost. | $0 per seat |
| API Usage | First 50,000 labels free; pay-per-label after free tier. Enterprise plans available for 120,000+ packages/month. | Usage-based; see easypost.com/pricing for current rates. |
- Where to check usage: Dashboard → Billing or Dashboard → Reports (usage and label volume visible in account dashboard at app.easypost.com)
- How to identify unused seats: No documented 'inactive user' report in the dashboard. API key last-used timestamps are not surfaced in the UI per available documentation; unused team members must be identified manually by reviewing the Team Members list.
- Billing notes: EasyPost does not charge per seat or per user. All billing is usage-based (per label/shipment). Adding or removing team members has no direct billing impact. Child user (sub-account) balances are managed separately and can be funded by the parent account.
The cost of manual management
EasyPost does not charge per seat, so adding or removing team members has no direct billing impact. All costs are usage-based - per label after the free tier, with enterprise plans for high-volume shippers. That said, the absence of automated provisioning creates operational overhead that compounds at scale.
Offboarding carries a specific risk: removing a team member from the dashboard does not automatically revoke any API keys they were using. Keys must be identified and rotated separately in the API Keys section. Without an audit log or inactive-user report in the standard dashboard, identifying stale access requires manually reviewing the Team Members list.
The decision
EasyPost is the right fit if your team's primary interaction with the platform is through the API and your identity management needs are minimal. The dashboard user model is functional for small teams where the owner can manage access directly.
It is a poor fit if your organization requires SSO enforcement, automated provisioning via SCIM, or granular per-user permissions. Every app in your environment that needs lifecycle automation will require a custom API integration or manual process to compensate.
Teams managing multiple tenants or reseller accounts should expect to invest engineering time in child-account management workflows.
Bottom line
EasyPost's access model is purpose-built for developers, not IT administrators. The platform offers no SSO, no SCIM, and no fine-grained dashboard roles - provisioning and deprovisioning are fully manual, and offboarding requires a separate step to rotate API keys.
For small engineering-led teams with low identity management requirements, this is manageable. For organizations with compliance obligations, frequent team changes, or multi-tenant architectures, the operational overhead is real and should be factored into adoption decisions.
Automate EasyPost workflows without one-off scripts
Stitchflow builds and maintains end-to-end IT automation across your SaaS stack, including apps without APIs. Built for exactly how your company works, with human approvals where they matter.
