Jump to content
Sign in to follow this  
carolgann

USPS (SSL) Implemented for Web Tool APIs

Recommended Posts

I figured out how to change production.shippingapis.com to secure.shippingapis.com.

 

But I'm having trouble figuring out how to change http:// to https://

 

Anyone have any suggestions??

 

 

* ~ * ~ * ~ * ~ * ~ * ~ * ~ * ~ * ~ * ~ * ~ * ~ * ~ * ~ * ~ * ~ * ~ * ~ * ~ * ~ *

 

 

September 28, 2006

Dear USPS Web Tools Customer,

Subject: FOURTH NOTICE - Important - Action Required! Secure Sockets

Layer (SSL) Implemented for Web Tool APIs

 

 

 

This is the fourth notice sent regarding the SSL Implementation for Web

Tools APIs. If you wish to continue using the APIs listed below, you

must alter your code by January 31, 2007. You will be required to

communicate via https://, instead of http://, for a total of 46 USPS Web

Tools APIs. This change will also require you to change the Web Tools

server called from production.shippingapis.com to

secure.shippingapis.com.

 

 

After January 31, 2007, the http:// instances of impacted APIs shall no

longer be accessible.

 

 

Please be advised the list of APIs impacted, as detailed in table below,

are currently accessible under SSL and therefore you can begin calling

these new instances immediately. Your User ID and the API names are the

same.

 

 

The USPS has implemented such changes to secure your

personally-identifiable information (PII) data transmitted over the

Internet. Technical user guides available via:

http://www.usps.com/webtools/technical.htm

<http://www.usps.com/webtools/technical.htm> have been updated and

denote proper URL prefixes.

 

 

 

Impacted APIs:

 

API

 

Name

 

CarrierPickupAvailability

 

Carrier Pickup Availability

 

CarrierPickupCancel

 

Carrier Pickup Cancel

 

CarrierPickupChange

 

Carrier Pickup Change

 

CarrierPickupInquiry

 

Carrier Pickup Inquiry

 

CarrierPickupSchedule

 

Carrier Pickup Schedule

 

Courtesy

 

Courtesy Reply Mail Label

 

CustomsCN22

 

International Customs Form CN 22

 

CustomsCN22Certify

 

International Customs Form CN 22 Certification

 

CustomsCN22V2

 

International Customs Form CN 22 V2

 

CustomsCN22V2Certify

 

International Customs Form CN 22 V2 Certification

 

CustomsCP72V2

 

International Customs Form CP72 V2

 

CustomsCP72V2Certify

 

International Customs Form CP72 V2 Certification

 

CustomsCP72V3

 

International Customs Form CP72 V3

 

CustomsCP72V3Certify

 

International Customs Form CP72 V3 Certification/Test

 

DelivConfirmCertify

 

Delivery Confirmation Certification

 

DelivConfirmCertifyV3

 

Delivery Confirmation Certification V3.0

 

DelivConfirmPICCertify

 

Delivery Confirmation Barcode Only Certification

 

DelivConfirmPICCertifyV3

 

Delivery Confirmation PIC Certification V3.0

 

DeliveryConfirmationPICV2

 

Delivery Confirmation Barcode Only V2.0

 

DeliveryConfirmationPICV3

 

Delivery Confirmation Barcode Only V3.0

 

DeliveryConfirmationV2

 

Delivery Confirmation V2.0

 

DeliveryConfirmationV3

 

Delivery Confirmation V3.0

 

EMR_DC_ProductionV2

 

EMR with Delivery Confirmation V2.0

 

EMR_DC_ProductionV3

 

EMR with Delivery Confirmation V3.0

 

ExpressMailLabel

 

Express Mail Label

 

ExpressMailLabelCertify

 

Express Mail Label Certification

 

GlobalExpressMailLabelV2

 

Global Express Mail V2

 

GlobalExpressMailLabelV2Certify

 

Global Express Mail V2 Certification

 

GlobalLabelAirmail

 

Global Label Airmail

 

GlobalLabelAirmailCertify

 

Global Label Airmail Certification

 

GlobalLabelExpress

 

Global Label Express

 

GlobalLabelExpressCertify

 

Global Label Express Certification

 

GlobalLabelPriority

 

Global Label Priority

 

GlobalLabelPriorityCertify

 

Global Label Priority Certification

 

MerchandiseReturnV2

 

Merchandise Return V2.0

 

MerchandiseReturnV3

 

Merchandise Return V3.0

 

MerchReturnCertify

 

EMR with Delivery Confirmation Certification

 

MerchReturnCertifyV3

 

EMR with Delivery Confirmation Certification V3.0

 

SignatureConfirmation

 

Signature Confirmation

 

SignatureConfirmationCertify

 

Signature Confirmation Certify

 

SignatureConfirmationCertifyV3

 

Signature Confirmation Certify V3.0

 

SignatureConfirmationPIC

 

Signature Confirmation Barcode Only

 

SignatureConfirmationPICCertify

 

Signature Confirmation PIC Certify

 

SignatureConfirmationPICCertifyV3

 

Signature Confirmation Certify Barcode Only V3.0

 

SignatureConfirmationPICV3

 

Signature Confirmation Barcode Only V3.0

 

SignatureConfirmationV3

 

Signature Confirmation V3.0

 

 

In summary, the implementation of SSL in Web Tools will require you to

alter your code for aforementioned APIs to call URL:

 

 

- https://secure.shippingapis.com

<https://secure.shippingapis.com/> , instead of

http://production.shippingapis.com <http://production.shippingapis.com/>

 

 

Please note that the XML schema will not change as a result of this

effort.

 

You are strongly encouraged to alter your software to accommodate these

changes as soon as possible.

 

 

Thank you in advance for your cooperation and understanding as these

changes are implemented. If you have any additional concerns or

technical inquiries, please contact the USPS Internet Customer Care

Center via email at icustomercare@usps.com

<mailto:icustomercare@usps.com> or phone at 1-800-344-7779.

 

 

 

Thank you,

 

Patti Mason

 

Manager, USPS.com

Share this post


Link to post
Share on other sites

the proper way to do this is to add a class httpsclient to complement the httpclient since that is the class that decides where to go for usps data.

 

i was hoping that someone had done this but since it will be a few month....

 

I will take a swing at writing a new class.

Share this post


Link to post
Share on other sites
the proper way to do this is to add a class httpsclient to complement the httpclient since that is the class that decides where to go for usps data.

 

i was hoping that someone had done this but since it will be a few month....

 

I will take a swing at writing a new class.

 

Thank you so much David Carlson for your help. I'll look forward to your post. :D

Share this post


Link to post
Share on other sites

CANCEL RED ALERT – FOR USPS METHODS USERS?

 

Regarding those alarmist emails from USPS "Action Required by September 30, 2006!" I am holding onto the hope that no change is needed, at least not for the USPS Methods contribution, which calculates USPS rates for customer shipping charges. Here's why I'm hopeful:

  1. None of the 46 API's in the USPS notice mention "rate".
  2. The Web Tools Technical Guide (see link in your notice) for Rate Calculators still talks about HTTP:
     
    "...your server communicates through the USPS Web Tools server over HTTP using XML..."
     
  3. The guide for other API services does mention HTTPS, e.g. Delivery Confirmation:
     
    "...your server communicates through the USPS Web Tools server over HTTP/HTTPS using XML..."
     
    and the DeliveryConfirmationV3 API is listed in the notice. Similarly, HTTPS is mentioned for Customs forms, Express Mail labels, etc., and those APIs are listed in the notice.
  4. My rate calculator still works. (Although I haven't gotten the FOURTH NOTICE as CarolGann did. So far I've only gotten 3 notices: 4/27/2006, 6/11/2006, 6/27/2006.)

You have to register for USPS Web Tools to see those guides. But if you received the same alarmist notice I did (see CarolGann's post), you must have already signed up for USPS Web Tools, which is part of the process of installing the USPS Methods contribution. I have been groaning for months over having to modify http_client.php to support SSL for HTTPS requests. The PHP Cookbook says to use cURL for that, instead of fsockopen(), fputs() etc. as currently used by osCommerce. Seems there's no need.

 

Changes may be needed for other USPS contributions.

Edited by Bob Stein, VisiBone

Share this post


Link to post
Share on other sites

Thanks Bob for reading all the fine print. I was wondering if indeed the change was necessary and sometime in the future if we make our shipping more intelligent then the upgrade will be done.

 

The message I got seemed to indicate that we have until the first of the new year but your message says Sep 30.

 

Time for some more testing of my store to see if it still works.

 

CANCEL RED ALERT ? FOR USPS METHODS USERS?

 

Regarding those alarmist emails from USPS "Action Required by September 30, 2006!" I am holding onto the hope that no change is needed, at least not for the USPS Methods contribution, which calculates USPS rates for customer shipping charges. Here's why I'm hopeful:

  1. None of the 46 API's in the USPS notice mention "rate".
  2. The Web Tools Technical Guide (see link in your notice) for Rate Calculators still talks about HTTP:
  3. The guide for other API services does mention HTTPS, e.g. Delivery Confirmation:
    and the DeliveryConfirmationV3 API is listed in the notice. Similarly, HTTPS is mentioned for Customs forms, Express Mail labels, etc., and those APIs are listed in the notice.
  4. My rate calculator still works. (Although I haven't gotten the FOURTH NOTICE as CarolGann did. So far I've only gotten 3 notices: 4/27/2006, 6/11/2006, 6/27/2006.)

You have to register for USPS Web Tools to see those guides. But if you received the same alarmist notice I did (see CarolGann's post), you must have already signed up for USPS Web Tools, which is part of the process of installing the USPS Methods contribution. I have been groaning for months over having to modify http_client.php to support SSL for HTTPS requests. The PHP Cookbook says to use cURL for that, instead of fsockopen(), fputs() etc. as currently used by osCommerce. Seems there's no need.

 

Changes may be needed for other USPS contributions.

Edited by davideo

Share this post


Link to post
Share on other sites

I called USPS and they said that the url is only changing for the listed api's. So if you are using the USPS rate calculation then this does not affect you because that module calles a dll named "ShippingAPITest.dll" the production and testing urls stay the same and are not changing.

Share this post


Link to post
Share on other sites

Yes I think Bob is correct. I did receive a "4th email", though it is the first I have received.

 

USPS Methods uses ExpressMailRequest and PriorityMailRequest, which will not requires HTTPS integration according to the email.

 

USPS Methods doesn't send any sensitive, private information except zip code, which is why I believe they will not require this new implementation.

Share this post


Link to post
Share on other sites

So, if we are using Multi Vendor Shipping contribution, and have UPS module installed ...... so we need to change the URL?

 

I have my products drop shipped. I do NOT ship myself, nor print out labels or the like. I just get exact shipping costs so the customer gets charged the correct shipping the vendor is charged to ship to my customers.


26 contributions installed - - And counting ....

 

Just want to take this time to extend my appreciation to everyone who have patiently answered my questions over the months of working on my site. I hope to be able to "pass it forward" and help new folks.

Share this post


Link to post
Share on other sites

First it would a appear that there is no need to update the url for just getting rates from the USPS and it is not just a matter of changing one url. You only need to update if you are sending actual customer info for labels, or payment to the USPS.

 

Second, UPS has a different set of rules and they will let you know -- I suppose if you have a online account with them -- if you need to update your code.

 

 

So, if we are using Multi Vendor Shipping contribution, and have UPS module installed ...... so we need to change the URL?

 

I have my products drop shipped. I do NOT ship myself, nor print out labels or the like. I just get exact shipping costs so the customer gets charged the correct shipping the vendor is charged to ship to my customers.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×