tovisbratsburg's avatar

UPS API OAUTH

Trying to work with the UPS API but am having some difficulties. They use OAUTH now but don't really have a lot of documentation.

I have this so far:

<?php

namespace App\Http\Controllers\Api;

use App\Http\Controllers\Controller;

class UPSController extends Controller
{

    public function __invoke(){
        $ups_id = config('ups.id');
        $ups_secret = config('ups.secret');
        $url = 'https://wwwcie.ups.com/security/v1/oauth/token';
        $clientID = base64_encode("{$ups_id}:{$ups_secret}");
        $headers = array();
        $headers[] = "Authorization: Basic $clientID";
        $headers[] = 'Accept: application/json';
        $headers[] = "x-merchant-id: {$ups_id}";
        $headers[] = 'Content-Type: application/x-www-form-urlencoded';

        $handle = curl_init();
        curl_setopt($handle, CURLOPT_POST, true);
        curl_setopt($handle,CURLOPT_URL,$url);
        curl_setopt($handle,CURLOPT_HEADER,$headers);
        curl_setopt($handle,CURLOPT_POSTFIELDS,"grant_type=client_credentials");
        curl_setopt($handle,CURLOPT_RETURNTRANSFER,true);
        $content = curl_exec($handle);


        echo '<pre>';
        print_r($content);
    }
}

I am getting this as a result:

HTTP/2 400 
content-type: application/json
errorcode: 10400
errordescription: Invalid/Missing Authorization Header
x-request-id: 287f76ad-e634-483d-96bf-8eb61d9934d4
content-length: 91
expires: Thu, 16 Feb 2023 13:29:11 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Thu, 16 Feb 2023 13:29:11 GMT
server-timing: cdn-cache; desc=MISS
server-timing: edge; dur=11
server-timing: origin; dur=28
ak-grn-1: 0.3dd6ce17.1676554151.316d73c7
strict-transport-security: max-age=31536000 ; includeSubDomains

{"response":{"errors":[{"code":"10400","message":"Invalid/Missing Authorization Header"}]}}

One of the only things I could find:

https://stackoverflow.com/questions/73791089/ups-api-oauth-token-request-fails

I have not used CURL much, so I going to self teach myself that today. If anybody has any suggestions or something you find obvious that I am missing please let me know.

I do have TEST OAUTH enabled on the app in UPS.

0 likes
5 replies
tovisbratsburg's avatar

I got it to work.

Use Client ID and Client Secret in the developer area, for some reason they have username and password listed.

Here is what I have as a final if anybody needs help with it in the future:

namespace App\Http\Controllers\Api;

use App\Http\Controllers\Controller;

class UPSController extends Controller
{

    public function __invoke(){
        $ups_id = config('ups.id');
        $ups_secret = config('ups.secret');
        $credentials = base64_encode("$ups_id:$ups_secret");
        $url = 'https://wwwcie.ups.com/security/v1/oauth/token';
        $ch = curl_init();
        curl_setopt($ch, CURLOPT_URL, $url);
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
        curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'POST');
        curl_setopt($ch, CURLOPT_HTTPHEADER, [
            'accept: application/json',
            "x-merchant-id: $ups_id",
            "Authorization: Basic $credentials",
            'Content-Type: application/x-www-form-urlencoded',
        ]);
        curl_setopt($ch, CURLOPT_POSTFIELDS, 'grant_type=client_credentials');
        $response = curl_exec($ch);

        curl_close($ch);
        return json_decode($response);
    }
}
1 like
emerce2000's avatar

I am trying to build out this call in postman before I integrate the process, but I'm getting the following when posting my call to "wwwcie.ups.com/security/v1/oauth/token?grant_type=client_credentials."

{ "response": { "errors": [ { "code": "10400", "message": "Unsupported grant type : " } ] } }

I agree there is a lack of documentation on their new process. Any suggestions would be appreciated!

abolabo's avatar

You can use UPS PHP SDK instead. See abantecart/ups-php repo on github for details

ragod's avatar

You can use UPS PHP SDK based on latest UPS OAUTH 2.0 API's. Checkout rahul-godiyal/php-ups-api-wrapper on packagist for details.

Please or to participate in this conversation.