OAuth 2.0

[VadimSaratov]

UPS has launched the new API Developer Portal with OpenAPI spec documentation and sandbox environment. In the future, they will no longer distribute access keys and all API integrations will use the OAuth 2.0 security model.

https://developer.ups.com/api/reference/oauth/client-credentials

do you have any plans to implement the OAuth 2.0 model?

[shahtaj-qasim]

Any update on this topic?

[hellomarb]

Existing user have time until June 2024, but for new users that will be an issue starting from June 2023.
Is there a way to sponser the integration/development?

[dustingauthier]

Correct me if I'm wrong, but this repo doesn't look like its maintained anymore. This library uses nodes to create an XML schema that is sent to a UPS API endpoint. From my understanding, UPS will no longer be accepting XML requests. If that's the case, I'd imagine that a rewrite of this library wouldn't really be feasible.

I already have my team working on an in-house solution to tackle this problem. Our previous solution relied heavily on this library, but we're planning to move away from it.

[scottcwilson]

I believe @dustingauthier is correct. I am reaching out to RocketShipIt, an API provider for multiple shippers, to see if they're going to provide an interface to the new REST APIs from UPS. If so, that might be one migration path for people who need a UPS API.

Update: Yes they are.

[abolabo]

You can try to use PHP SDK by AbanteCart team. See repo https://github.com/abantecart/ups-php for details. There example how to obtain access token in the readme.md

[patrickkasl]

Will follow thread, for updates

[scottcwilson]

If you want to see an example implementation for pulling rates, you can look at the one Zen Cart did.

https://github.com/lat9/upsoauth

[api2cart]

I think in case you are to continue using OAuth 2.0 you have to be the one to consider your specific requirements, resources and the level of security and control you need in your API integrations. This kind of authentication is vital, provided that it meets your needs when integrating with UPS. Therefore, if you have OAuth 2.0 in mind, then you should choose it.

On top of that, keep in mind, how easy is it to implement, OAuth 2.0 support in your development platform, and the possible outcome on existing integrations or workflows. In case the factors harmonically match with your requirements and abilities, then implementing OAuth 2.0 would be a wise choice.

[cottton]

Note: official openapi description at: https://github.com/UPS-API/api-documentation

[jav666]

Will follow thread, for updates

#Me_to

[cottton]

If you just need to implement a few endpoints of the new UPS API on your own backend:
See (not my video) https://www.youtube.com/watch?v=DNSbsYRqs3k

1. login at developer.ups.com
2. go "My Apps"
3. go "Add Apps"
4. "I need API credentials because" > "I want to integrate UPS technology into my business"
5. "Choose an account to associate with these credentials." > {select your account number}
6. checkbox the agreements ...
7. "Next" ... and fill out the required details
   (Note: if it comes to the callback url then just put anything in there. You will not need it.)

Now use the documentation examples (for many languages) to get your job done.

1. get an access_token: https://developer.ups.com/api/reference?loc=en_US#operation/CreateToken
   You want to cache it for expires_in seconds (perhaps minus some leeway, like 10 sec).
2. look up the endpoint you need (f.e. Tracking or Shipment) and copy an example request.
3. Play around with the example request and ofc use the token you previously created.

Notes:

• Documentation Website: The documentation website is a mess. You need to scroll and click and scroll ... something is "broken" there.
• Tracking Not Found: does not exist. UPS (still) returns 200 OK if the tracking number was not found.
  You will receive a trackResponse.shipment[n].warnings[n].code of "TW0001", and a .message of "Tracking Information Not Found".
• Create Shipment: ShipmentRequest.Shipment.Package[] expects numeric indexes without gaps and must start with 0.
  Otherwise, you will get a bad request with a message not really telling you the actual cause.
• Void Shipment: docu says: If more than one tracking number, pass this value as: trackingnumber= ["1ZISUS010330563105","1ZISUS01033056310 8"]
  and they mean it: if you want to send more than one trackingnumber
  then json encode the (f.e. PHP) array of tracking numbers.
  Examples:

  $url .= '?trackingnumber=1ZISUS010330563105';
  $url .= '?trackingnumber=["1ZISUS010330563105","1ZISUS010330563108"]';
  

• Label Recovery: Sandbox will return PDF only, what ever you send. Production endpoints return f.e. GIF too.
  (F.e. LabelRecoveryRequest.LabelSpecification.LabelImageFormat.Code with value GIF on sandbox returns PDF)

Have fun =)

[marcelsatgithub]

Thank u. Now I create the token but can I use it with this library?
There is currently no oauth2 integrated in Ups.php or I seeing this wrong?
Beginning August 5th, 2024, access keys will no longer be supported for authentication.

    $curl = curl_init();

    $payload = "grant_type=client_credentials";

    curl_setopt_array($curl, [
        CURLOPT_HTTPHEADER     => [
            "Content-Type: application/x-www-form-urlencoded",
            "x-merchant-id: string",
            "Authorization: Basic " . base64_encode($this->getClientDatas()['shop_ups_api_client_id'] . ":" . $this->getClientDatas()['shop_ups_api_client_secret'])
        ],
        CURLOPT_POSTFIELDS     => $payload,
        CURLOPT_URL            => "https://wwwcie.ups.com/security/v1/oauth/token",
        CURLOPT_RETURNTRANSFER => true,
        CURLOPT_CUSTOMREQUEST  => "POST",
    ]);

    $response = curl_exec($curl);
    $error = curl_error($curl);

    curl_close($curl);

    if ($error) {
        return $this->addErrorMessage($error);
    } else {
        $responseDatas = json_decode($response, true);
        if (isset($responseDatas['response']['errors'])) {
            foreach ($responseDatas['response']['errors'] as $error) {
                $this->addErrorMessage($error['message']);
                return false;
            }
        } else {
            if (isset($responseDatas['access_token'])) {
                $this->setAccessToken($responseDatas['access_token']);
                return true;
            } else {
                return $this->addErrorMessage($error['create_access_token_parameter_error']);
            }
        }
    }