Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

tovisbratsburg's avatar

UPS API OAUTH

Trying to work with the UPS API but am having some difficulties. They use OAUTH now but don't really have a lot of documentation.

I have this so far:

<?php

namespace App\Http\Controllers\Api;

use App\Http\Controllers\Controller;

class UPSController extends Controller
{

    public function __invoke(){
        $ups_id = config('ups.id');
        $ups_secret = config('ups.secret');
        $url = 'https://wwwcie.ups.com/security/v1/oauth/token';
        $clientID = base64_encode("{$ups_id}:{$ups_secret}");
        $headers = array();
        $headers[] = "Authorization: Basic $clientID";
        $headers[] = 'Accept: application/json';
        $headers[] = "x-merchant-id: {$ups_id}";
        $headers[] = 'Content-Type: application/x-www-form-urlencoded';

        $handle = curl_init();
        curl_setopt($handle, CURLOPT_POST, true);
        curl_setopt($handle,CURLOPT_URL,$url);
        curl_setopt($handle,CURLOPT_HEADER,$headers);
        curl_setopt($handle,CURLOPT_POSTFIELDS,"grant_type=client_credentials");
        curl_setopt($handle,CURLOPT_RETURNTRANSFER,true);
        $content = curl_exec($handle);


        echo '<pre>';
        print_r($content);
    }
}

I am getting this as a result:

HTTP/2 400 
content-type: application/json
errorcode: 10400
errordescription: Invalid/Missing Authorization Header
x-request-id: 287f76ad-e634-483d-96bf-8eb61d9934d4
content-length: 91
expires: Thu, 16 Feb 2023 13:29:11 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Thu, 16 Feb 2023 13:29:11 GMT
server-timing: cdn-cache; desc=MISS
server-timing: edge; dur=11
server-timing: origin; dur=28
ak-grn-1: 0.3dd6ce17.1676554151.316d73c7
strict-transport-security: max-age=31536000 ; includeSubDomains

{"response":{"errors":[{"code":"10400","message":"Invalid/Missing Authorization Header"}]}}

One of the only things I could find:

https://stackoverflow.com/questions/73791089/ups-api-oauth-token-request-fails

I have not used CURL much, so I going to self teach myself that today. If anybody has any suggestions or something you find obvious that I am missing please let me know.

I do have TEST OAUTH enabled on the app in UPS.

0 likes
5 replies
tovisbratsburg's avatar

I got it to work.

Use Client ID and Client Secret in the developer area, for some reason they have username and password listed.

Here is what I have as a final if anybody needs help with it in the future:

namespace App\Http\Controllers\Api;

use App\Http\Controllers\Controller;

class UPSController extends Controller
{

    public function __invoke(){
        $ups_id = config('ups.id');
        $ups_secret = config('ups.secret');
        $credentials = base64_encode("$ups_id:$ups_secret");
        $url = 'https://wwwcie.ups.com/security/v1/oauth/token';
        $ch = curl_init();
        curl_setopt($ch, CURLOPT_URL, $url);
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
        curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'POST');
        curl_setopt($ch, CURLOPT_HTTPHEADER, [
            'accept: application/json',
            "x-merchant-id: $ups_id",
            "Authorization: Basic $credentials",
            'Content-Type: application/x-www-form-urlencoded',
        ]);
        curl_setopt($ch, CURLOPT_POSTFIELDS, 'grant_type=client_credentials');
        $response = curl_exec($ch);

        curl_close($ch);
        return json_decode($response);
    }
}
1 like
emerce2000's avatar

I am trying to build out this call in postman before I integrate the process, but I'm getting the following when posting my call to "wwwcie.ups.com/security/v1/oauth/token?grant_type=client_credentials."

{ "response": { "errors": [ { "code": "10400", "message": "Unsupported grant type : " } ] } }

I agree there is a lack of documentation on their new process. Any suggestions would be appreciated!

abolabo's avatar

You can use UPS PHP SDK instead. See abantecart/ups-php repo on github for details

ragod's avatar

You can use UPS PHP SDK based on latest UPS OAUTH 2.0 API's. Checkout rahul-godiyal/php-ups-api-wrapper on packagist for details.

Please or to participate in this conversation.