UPS API will require OAuth 2 after June 3, 2024

Our client got an email regarding the UPS API and OAuth 2 requirements. It looks like the existing nop UPS shipping plugin should work through June 3, 2024, but I wanted to make sure we don't need to change anything before June 5, 2023 (next week).

Here are the details:

UPS has implemented an OAuth 2.0 security model for all APIs to enhance the overall security for our customers to reduce fraud and provide enhanced API capabilities. As part of the process to keep customers secure, UPS will deprecate the existing Access Key-based authorization for our APIs. Beginning June 5, 2023 UPS will no longer distribute access keys and all API transactions after June 3, 2024 with UPS will require clients to implement the OAuth security model by sending a bearer token with every API request.

In addition to the new authorization method, UPS APIs have undergone changes to fit a true RESTful pattern. This allows both UPS and our clients the flexibility of updating API payloads without the need to maintain strict schema compilation. Going forward, the endpoints supporting Access Key authentication and the older API structure will be deprecated.

See more at https://developer.ups.com/oauth-developer-guide

Thanks a lot for reporting. We already know about these changes will will implement them soon - https://github.com/nopSolutions/nopCommerce/issues/6712

Awesome, thank you!

UPS not only switched to a new authorization method, they also changed the API along with it. We have completed the transition of the codebase to new calls, but, unfortunately, at the moment we are not able to test the functionality. If you have the desire and the technical ability to help us with testing, you can build a new plugin from this brach. We will be grateful for any help.

Sergei-k wrote:

I got client Id and secret from UPS dev site.
I built the plugin in my nopCommerce 4.60 dev env.
I enabled Tracing in UPS plugin.
These are messages I received:

Information  UPS rates. Request: grant_type=client_credentials

Information  UPS rates. Response: {"response":{"errors":[{"code":"10400","message":"Invalid/Missing Authorization Header"}]}}

The error message is from the response in here:  \API\OAuth\OAuthClient.cs

var response_ = await client_.SendAsync(request_, System.Net.Http.HttpCompletionOption.ResponseHeadersRead, cancellationToken).ConfigureAwait(false);

Hello All,

Do we know when will the UPS plugin get updated? Will it be version specific or will it be backwards compatible?

My guess it will only be the the latest version that will be updated but I might be wrong ?
What version of nopCommerce are you using ?
You may need a developer to update an older version

Yes, that's right, we will update the plugin with the release of 4.70 and only for it, however, we are considering the possibility of leaving a separate branch for 4.60 since we are testing it

When will we know if there will be an update for 4.60?

How soon will we be able to start the 4.70 migration process?

Can anyone share steps on setting up the OAUTH version of the UPS plugin? I have my client id/secret from UPS, wasn't sure what to put in for a callback URL. In testing I'm getting AUTH errors. If anyone can share how to make this work I'd appreciate it.