Guest Posted January 11, 2007 Share Posted January 11, 2007 I received an email from the USPS a while ago about them implementing SSL (text below). Put it off until now but am trying to get into compliance. Apparantly some of the api URL's need to change and such. Tried a search but no one seemed to address this. Will this issue affect us, and if so, anyone have any tips on how to reconfigure so my site doesnt suddenly stop shipping on Jan 31st? ***USPS EMAIL*** Dear USPS Web Tools Customer, Subject: FOURTH NOTICE - Important – Action Required! Secure Sockets Layer (SSL) Implemented for Web Tool APIs This is the fourth notice sent regarding the SSL Implementation for Web Tools APIs. If you wish to continue using the APIs listed below, you must alter your code by January 31, 2007. You will be required to communicate via https://, instead of http://, for a total of 46 USPS Web Tools APIs. This change will also require you to change the Web Tools server called from production.shippingapis.com to secure.shippingapis.com. After January 31, 2007, the http:// instances of impacted APIs shall no longer be accessible. Please be advised the list of APIs impacted, as detailed in table below, are currently accessible under SSL and therefore you can begin calling these new instances immediately. Your User ID and the API names are the same. The USPS has implemented such changes to secure your personally-identifiable information (PII) data transmitted over the Internet. Technical user guides available via: http://www.usps.com/webtools/technical.htm have been updated and denote proper URL prefixes. Impacted APIs: API Name CarrierPickupAvailability Carrier Pickup Availability CarrierPickupCancel Carrier Pickup Cancel CarrierPickupChange Carrier Pickup Change CarrierPickupInquiry Carrier Pickup Inquiry CarrierPickupSchedule Carrier Pickup Schedule Courtesy Courtesy Reply Mail Label CustomsCN22 International Customs Form CN 22 CustomsCN22Certify International Customs Form CN 22 Certification CustomsCN22V2 International Customs Form CN 22 V2 CustomsCN22V2Certify International Customs Form CN 22 V2 Certification CustomsCP72V2 International Customs Form CP72 V2 CustomsCP72V2Certify International Customs Form CP72 V2 Certification CustomsCP72V3 International Customs Form CP72 V3 CustomsCP72V3Certify International Customs Form CP72 V3 Certification/Test DelivConfirmCertify Delivery Confirmation Certification DelivConfirmCertifyV3 Delivery Confirmation Certification V3.0 DelivConfirmPICCertify Delivery Confirmation Barcode Only Certification DelivConfirmPICCertifyV3 Delivery Confirmation PIC Certification V3.0 DeliveryConfirmationPICV2 Delivery Confirmation Barcode Only V2.0 DeliveryConfirmationPICV3 Delivery Confirmation Barcode Only V3.0 DeliveryConfirmationV2 Delivery Confirmation V2.0 DeliveryConfirmationV3 Delivery Confirmation V3.0 EMR_DC_ProductionV2 EMR with Delivery Confirmation V2.0 EMR_DC_ProductionV3 EMR with Delivery Confirmation V3.0 ExpressMailLabel Express Mail Label ExpressMailLabelCertify Express Mail Label Certification GlobalExpressMailLabelV2 Global Express Mail V2 GlobalExpressMailLabelV2Certify Global Express Mail V2 Certification GlobalLabelAirmail Global Label Airmail GlobalLabelAirmailCertify Global Label Airmail Certification GlobalLabelExpress Global Label Express GlobalLabelExpressCertify Global Label Express Certification GlobalLabelPriority Global Label Priority GlobalLabelPriorityCertify Global Label Priority Certification MerchandiseReturnV2 Merchandise Return V2.0 MerchandiseReturnV3 Merchandise Return V3.0 MerchReturnCertify EMR with Delivery Confirmation Certification MerchReturnCertifyV3 EMR with Delivery Confirmation Certification V3.0 SignatureConfirmation Signature Confirmation SignatureConfirmationCertify Signature Confirmation Certify SignatureConfirmationCertifyV3 Signature Confirmation Certify V3.0 SignatureConfirmationPIC Signature Confirmation Barcode Only SignatureConfirmationPICCertify Signature Confirmation PIC Certify SignatureConfirmationPICCertifyV3 Signature Confirmation Certify Barcode Only V3.0 SignatureConfirmationPICV3 Signature Confirmation Barcode Only V3.0 SignatureConfirmationV3 Signature Confirmation V3.0 In summary, the implementation of SSL in Web Tools will require you to alter your code for aforementioned APIs to call URL: - https://secure.shippingapis.com, instead of http://production.shippingapis.com Please note that the XML schema will not change as a result of this effort. You are strongly encouraged to alter your software to accommodate these changes as soon as possible. Thank you in advance for your cooperation and understanding as these changes are implemented. If you have any additional concerns or technical inquiries, please contact the USPS Internet Customer Care Center via email at [email protected] or phone at 1-800-344-7779. Quote Link to comment Share on other sites More sharing options...
AllThingsTrendy Posted January 13, 2007 Share Posted January 13, 2007 Eric, I have posted the same issue on Jan 3. I hope one of us gets a reply soon. I found where these references are in the USPS shipping method. I just don't know how to ensure they are SSL. I'm hoping this is default because the shippnig page is only avail in SSL. But, I don't know if this is true. David Quote Anthony David AllThingsTrendy.com Link to comment Share on other sites More sharing options...
adam28if Posted January 18, 2007 Share Posted January 18, 2007 I came here looking for the same thing. The current USPS module uses the http_client.php class which does not provide SSL functionality. I'm surprised no one has addressed this yet. I'll see if I can locate a class file that we can use. Quote Link to comment Share on other sites More sharing options...
krnl Posted January 20, 2007 Share Posted January 20, 2007 The USPS module uses APIs that are not included in the list of affected API's so, the USPS module is not affected by the secure server change. The reason for the change is to secure personally identifiable transaction information. Since there is no personally identifiable information the the RateRequest API, it is not affected by the change. // .../modules/shipping/usps.php function _getQuote() { global $order, $transittime; if(in_array('Display transit time', explode(', ', MODULE_SHIPPING_USPS_OPTIONS))) $transit = TRUE; if ($order->delivery['country']['id'] == SHIPPING_ORIGIN_COUNTRY) { // RateRequest API $request = '<RateRequest USERID="' . MODULE_SHIPPING_USPS_USERID . '" PASSWORD="' . MODULE_SHIPPING_USPS_PASSWORD . '">'; - - snip - - switch ($key) { case 'Express': $transreq[$key] = 'API=ExpressMail&XML=' . // ExpressMail API urlencode( '<ExpressMailRequest ' . $transitreq . '</ExpressMailRequest>'); break; case 'Priority': $transreq[$key] = 'API=PriorityMail&XML=' . // PriorityMail API urlencode( '<PriorityMailRequest ' . $transitreq . '</PriorityMailRequest>'); break; case 'Parcel': $transreq[$key] = 'API=StandardB&XML=' . // StandardB API urlencode( '<StandardBRequest ' . $transitreq . '</StandardBRequest>'); break; default: $transreq[$key] = ''; break; } Continue with business as usual, no changes required. :thumbsup: Quote Link to comment Share on other sites More sharing options...
Sanguinarius Posted February 1, 2007 Share Posted February 1, 2007 What about for the contribution usps_labels_2.0.3 which lets us print USPS labels from our Admin section? Also, what about for the contrib USPSMethods_2.8d_1 (which lets us select which USPS shipping methods to appear to the customers)? Can anyone tell me if these need to be changed? Quote --Sanguinarius If you're reading this, I'm probably pulling my hair out. ;> *waiting for osCommerce 3.0 alpha 6* (I'm after the coupons.) Link to comment Share on other sites More sharing options...
GSE-Reactive Posted February 27, 2007 Share Posted February 27, 2007 This item should not be seen as closed, I tried to work with the usps.php file to change from the production server to the secure server, but as Adam says here, it is kind of dependant on the http_client.php file. We really need a solution to this problem and are willing to pay for a solution, since neither oscommerce or CREloaded has addressed this issue, and support for the old URLs for USPS do not work. Is there a way to prove that the code is not affected by this change in usps? I came here looking for the same thing. The current USPS module uses the http_client.php class which does not provide SSL functionality. I'm surprised no one has addressed this yet. I'll see if I can locate a class file that we can use. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.