jacenstuff Posted October 2, 2006 Posted October 2, 2006 the e-mail does not tell me how to correct this. I took a look at the code for the module and figured I could just change the address on the server connection part, but that only broke the module. Anyone have any idea on how to fix this so we'll all be ready by the deadline? i'd like to have it in place now so i can just set it and forget it. the e-mail i got is posted below in it's entirety. September 27, 2006 Dear USPS Web Tools Customer, Subject: FOURTH NOTICE - Important ? Action Required! Secure Sockets Layer (SSL) Implemented for Web Tool APIs This is the fourth notice sent regarding the SSL Implementation for Web Tools APIs. If you wish to continue using the APIs listed below, you must alter your code by January 31, 2007. You will be required to communicate via https://, instead of http://, for a total of 46 USPS Web Tools APIs. This change will also require you to change the Web Tools server called from production.shippingapis.com to secure.shippingapis.com. After January 31, 2007, the http:// instances of impacted APIs shall no longer be accessible. Please be advised the list of APIs impacted, as detailed in table below, are currently accessible under SSL and therefore you can begin calling these new instances immediately. Your User ID and the API names are the same. The USPS has implemented such changes to secure your personally-identifiable information (PII) data transmitted over the Internet. Technical user guides available via: http://www.usps.com/webtools/technical.htm have been updated and denote proper URL prefixes. Impacted APIs: API Name CarrierPickupAvailability Carrier Pickup Availability CarrierPickupCancel Carrier Pickup Cancel CarrierPickupChange Carrier Pickup Change CarrierPickupInquiry Carrier Pickup Inquiry CarrierPickupSchedule Carrier Pickup Schedule Courtesy Courtesy Reply Mail Label CustomsCN22 International Customs Form CN 22 CustomsCN22Certify International Customs Form CN 22 Certification CustomsCN22V2 International Customs Form CN 22 V2 CustomsCN22V2Certify International Customs Form CN 22 V2 Certification CustomsCP72V2 International Customs Form CP72 V2 CustomsCP72V2Certify International Customs Form CP72 V2 Certification CustomsCP72V3 International Customs Form CP72 V3 CustomsCP72V3Certify International Customs Form CP72 V3 Certification/Test DelivConfirmCertify Delivery Confirmation Certification DelivConfirmCertifyV3 Delivery Confirmation Certification V3.0 DelivConfirmPICCertify Delivery Confirmation Barcode Only Certification DelivConfirmPICCertifyV3 Delivery Confirmation PIC Certification V3.0 DeliveryConfirmationPICV2 Delivery Confirmation Barcode Only V2.0 DeliveryConfirmationPICV3 Delivery Confirmation Barcode Only V3.0 DeliveryConfirmationV2 Delivery Confirmation V2.0 DeliveryConfirmationV3 Delivery Confirmation V3.0 EMR_DC_ProductionV2 EMR with Delivery Confirmation V2.0 EMR_DC_ProductionV3 EMR with Delivery Confirmation V3.0 ExpressMailLabel Express Mail Label ExpressMailLabelCertify Express Mail Label Certification GlobalExpressMailLabelV2 Global Express Mail V2 GlobalExpressMailLabelV2Certify Global Express Mail V2 Certification GlobalLabelAirmail Global Label Airmail GlobalLabelAirmailCertify Global Label Airmail Certification GlobalLabelExpress Global Label Express GlobalLabelExpressCertify Global Label Express Certification GlobalLabelPriority Global Label Priority GlobalLabelPriorityCertify Global Label Priority Certification MerchandiseReturnV2 Merchandise Return V2.0 MerchandiseReturnV3 Merchandise Return V3.0 MerchReturnCertify EMR with Delivery Confirmation Certification MerchReturnCertifyV3 EMR with Delivery Confirmation Certification V3.0 SignatureConfirmation Signature Confirmation SignatureConfirmationCertify Signature Confirmation Certify SignatureConfirmationCertifyV3 Signature Confirmation Certify V3.0 SignatureConfirmationPIC Signature Confirmation Barcode Only SignatureConfirmationPICCertify Signature Confirmation PIC Certify SignatureConfirmationPICCertifyV3 Signature Confirmation Certify Barcode Only V3.0 SignatureConfirmationPICV3 Signature Confirmation Barcode Only V3.0 SignatureConfirmationV3 Signature Confirmation V3.0 In summary, the implementation of SSL in Web Tools will require you to alter your code for aforementioned APIs to call URL: - https://secure.shippingapis.com, instead of http://production.shippingapis.com Please note that the XML schema will not change as a result of this effort. You are strongly encouraged to alter your software to accommodate these changes as soon as possible. Thank you in advance for your cooperation and understanding as these changes are implemented. If you have any additional concerns or technical inquiries, please contact the USPS Internet Customer Care Center via email at [email protected] or phone at 1-800-344-7779. Thank you, Patti Mason Manager, USPS.com We must be the change we wish to see in the world. ------------------------------------------------------------ p.s. BACKUP!
bobg7 Posted October 2, 2006 Posted October 2, 2006 I have been usinf USPS API for 2 years and have not seen any emails about this. Go to the USPS website and in there HELP section there is a Contact Us form. Send them the question and a copy of the email you got and see what they say. Installed Contributions: CCGV, Close Popup, Dynamic Meta Tags, Easy Populate, Froogle Data Feeder, Google Position, Infobox Header Entire Row, Live Support for OSC, PayPal Seal with CC images, Report_m Sales, Shop by Price Revised, SQL Updater, Who's Online Enhancement, Footer, GNA EP Assistant and still going.
Guest Posted October 2, 2006 Posted October 2, 2006 Before you get overly concerned about it, do you even use any of those APIs?
jasonabc Posted October 2, 2006 Posted October 2, 2006 This has been posted on the forums many times before. OSC does not use any of the API's listed - you do not need to take any action. Jason My Contributions: Paypal Payflow PRO | Rollover Category Images | Authorize.net Invoice Number Fix
mushindo Posted October 2, 2006 Posted October 2, 2006 Most people using the USPS Real Time Shipping modules (API) with accounts got the same email. I just had four clients this past week send me the same thing to ask about it. Here is the basics about it so you know if you need to do anything or not: 1. Does your store use SSL during checkout? If so you are fine. If not then it will NOT return live shipping rates anymore after the deadline date and probably return that nasty little error that it cannot connect. 2. Does your store have a USPS labels contribution installed via admin? - If so does your admin use a SSL url? If not, then you once again need to get an SSL for your store and update your admin/includes/configure.php file so your admin tools are in 'secure mode' when you are trying to print labels. - If not, then you have nothing to worry about. Sincerely, Bruce 19 contributions submitted
jacenstuff Posted October 2, 2006 Author Posted October 2, 2006 I do use USPS Labels, and I have a USPS account using the production servers, and at the current moment I do NOT use SSL. So in order to fix this so I can get live shipping rates and use USPS labels, i have to get a SSL certificate? Because I was thinking maybe I could just alter the connection address being that I have a valid account with them ona production server. That didn't work when I tried it though, it just hung an awful long time upon checkout and did not list USPS as a shipping option. We must be the change we wish to see in the world. ------------------------------------------------------------ p.s. BACKUP!
mushindo Posted October 2, 2006 Posted October 2, 2006 I do use USPS Labels, and I have a USPS account using the production servers, and at the current moment I do NOT use SSL. So in order to fix this so I can get live shipping rates and use USPS labels, i have to get a SSL certificate? Because I was thinking maybe I could just alter the connection address being that I have a valid account with them ona production server. That didn't work when I tried it though, it just hung an awful long time upon checkout and did not list USPS as a shipping option. If you re using one of the USPS API systems for real time rates, and a USPS label contribution (once again API version) then you definately need to get an SSL certificate to resolve. Contact your hosting company and find out if you need to get a full SSL, or if they already have a shared SSL installed...which they may or may not just give you for free. You can get SSL certificates with 128 bit encryption for like $40 via godaddy.com, but hosting company may charge you for admin time to install it so better to see if they have a package deal to see which way is less expensive. Sincerely, Bruce 19 contributions submitted
jacenstuff Posted October 2, 2006 Author Posted October 2, 2006 guess thats what i'll have to do then....crap, more money to spend :( We must be the change we wish to see in the world. ------------------------------------------------------------ p.s. BACKUP!
compwhizmm90 Posted October 3, 2006 Posted October 3, 2006 I have been usinf USPS API for 2 years and have not seen any emails about this. Go to the USPS website and in there HELP section there is a Contact Us form. Send them the question and a copy of the email you got and see what they say. Can you tell me what contribution you are using?
deeman001 Posted October 9, 2006 Posted October 9, 2006 I called USPS and they said that the url is only changing for the listed api's. So if you are using the USPS rate calculation then this does not affect you because that module calls a dll named "ShippingAPITest.dll" the production and testing urls stay the same and are not changing.
jacenstuff Posted October 9, 2006 Author Posted October 9, 2006 Thank you deeman001. i guess thats what makes you Da-man :) We must be the change we wish to see in the world. ------------------------------------------------------------ p.s. BACKUP!
SteveDallas Posted October 11, 2006 Posted October 11, 2006 Thank you deeman001. i guess thats what makes you Da-man :) Jacen, Regarding the USPS Labels contribution that fills out the information for Click-n-Ship, it is not affected, either. I know that you use it from your posts to the support topic. --Glen
Guest Posted October 11, 2006 Posted October 11, 2006 Hi everyone, There seems to be a lot of confusion here. I'm looking for answers also. I got the same email. I use the USPS Methods contribution which makes connection to http://production.shippingapis.com - This is the url that the email states needs to be updated. The email also appears very clear that connection can only be made using https after the 2007 date. I have tried updating the url to the https://secure.shippingsapis.com shown in the email without success. My problem as a novice coder is that I do not know how to make the connection https instead of http. I do use SSL. The code seems pretty simple in the area that needs to be changed - Any suggestions from anyone? switch (MODULE_SHIPPING_USPS_SERVER) { case 'production': $usps_server = 'production.shippingapis.com'; **** SERVER TO CHANGE $api_dll = 'shippingapi.dll'; break; case 'test': default: $usps_server = 'testing.shippingapis.com'; $api_dll = 'ShippingAPITest.dll'; break; } $body = ''; $http = new httpClient(); if ($http->Connect($usps_server, 80)) { $http->addHeader('Host', $usps_server); $http->addHeader('User-Agent', 'osCommerce'); $http->addHeader('Connection', 'Close'); if ($http->Get('/' . $api_dll . '?' . $request)) $body = $http->getBody(); // mail('[email protected]','USPS rate quote response',$body,'From: <[email protected]>'); if ($transit && is_array($transreq) && ($order->delivery['country']['id'] == STORE_COUNTRY)) { while (list($key, $value) = each($transreq)) { if ($http->Get('/' . $api_dll . '?' . $value)) $transresp[$key] = $http->getBody(); } } $http->Disconnect(); } else { return false; } Thanks Garry
SteveDallas Posted October 12, 2006 Posted October 12, 2006 Hi everyone, There seems to be a lot of confusion here. I'm looking for answers also. I got the same email. I use the USPS Methods contribution which makes connection to http://production.shippingapis.com - This is the url that the email states needs to be updated. The email also appears very clear that connection can only be made using https after the 2007 date. Thanks Garry Garry, The email mentions that the change only applies to those APIs that transmit personally identifiable information (PII). The domestic and international rate request APIs that USPS Methods uses do not transmit PII, so HTTP access will continue to be available after the other APIs begin the SSL requirement. If you look at the list of 43 affected APIs contained in the email message, you will not find Rate Request V2 nor International Rate Request. As others have mentioned, no action is necessary if you are using the USPS Methods contribution. --Glen
Guest Posted October 12, 2006 Posted October 12, 2006 Garry,The email mentions that the change only applies to those APIs that transmit personally identifiable information (PII). The domestic and international rate request APIs that USPS Methods uses do not transmit PII, so HTTP access will continue to be available after the other APIs begin the SSL requirement. If you look at the list of 43 affected APIs contained in the email message, you will not find Rate Request V2 nor International Rate Request. As others have mentioned, no action is necessary if you are using the USPS Methods contribution. --Glen Okay. I think I get what you're saying. But just say I wanted to change it anyway and I were to use something that did use those API's? Thank you Garry
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.