Rank: Advanced Member
Groups: Developers
Joined: 11/7/2018(UTC)
Posts: 303
Thanks: 21 times
Was thanked: 5 time(s) in 5 post(s)
|
Upgrades to the UPS API Security Model
Thank you for being a UPS API user! At UPS, we continue to improve our technology offerings and work to provide better security for our valued customers.
UPS has implemented an OAuth 2.0 security model for all APIs to enhance the overall security for our customers to reduce fraud and provide enhanced API capabilities. This change impacts your current API integration and requires you to make updates to your existing application interface.
How will this impact my API integration?
• Beginning June 5, 2023, UPS will no longer issue API access keys
• On June 3, 2024, access keys will no longer be supported for authentication to UPS APIs
• You will need to obtain OAuth API credentials from the new UPS Developer Portal and update your security protocols to OAuth 2.0 prior to June 3, 2024 to continue transacting with UPS APIs
• Any legacy UPS API integrations using XML, SOAP, or legacy JSON payloads will also be required to convert to the RESTful APIs
We have created an API access key migration guide to assist with your migration from access keys to OAuth 2.0. If you obtained an access key to provide to a 3rd party please notify them of these changes immediately.
|
|
|
|
|
|
Rank: Advanced Member
Groups: System, Administrators, Developers, Registered, HelpDesk
Joined: 10/29/2018(UTC)
Posts: 472
Thanks: 4 times
Was thanked: 34 time(s) in 33 post(s)
|
Thanks Judy. I was updated by a client this morning as well. I've opened a new issue report for the dev team. Quote:• Beginning June 5, 2023, UPS will no longer issue API access keys That's 8 business days from today! It's not even possible to accommodate a change like this with such short notice. At least any existing API keys will work for awhile. |
Thanks for your support!
Katie
Secure eCommerce Software and Hosting |
|
|
|
|
|
Rank: Member
Groups: Authorized User, Developers
Joined: 11/12/2018(UTC)
Posts: 25
Thanks: 1 times
Was thanked: 4 time(s) in 3 post(s)
|
Ample advance warning doesn't seem to be their thing. Remember about 1.5 years ago when they removed some TLS Cipher Suites from their servers and didn't give any warning? I have an account on their developer site, and I have not received an email regarding this yet (although I guess it is possible our corporate email security appliance thought it was spam or phishing and sent it to never-never land). Here's their migration page, in case anyone is interested: https://developer.ups.com/oauth-developer-guide?loc=en_US. Hopefully this will only require an update to the UPS plugin for AbleCommerce?
|
|
|
|
|
|
Rank: Advanced Member
Groups: System, Administrators, Developers, Registered, HelpDesk
Joined: 10/29/2018(UTC)
Posts: 472
Thanks: 4 times
Was thanked: 34 time(s) in 33 post(s)
|
Yes, I remember the TLS issue. Just one of many emergencies we've had to deal with in the past from these service providers.
Updating the UPS plugin should make it easier to put the changes in place.
We are swamped right now, so I'm not sure of the timeline. I'll post any updates here. |
Thanks for your support!
Katie
Secure eCommerce Software and Hosting |
|
|
|
|
|
Forum Jump
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.
Important Information:
The AbleCommerce Forums uses cookies. By continuing to browse this site, you are agreeing to our use of cookies.
More Details
Close
