Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

USPS SSL Implementation


Guest

Recommended Posts

I received an email from the USPS a while ago about them implementing SSL (text below). Put it off until now but am trying to get into compliance. Apparantly some of the api URL's need to change and such. Tried a search but no one seemed to address this. Will this issue affect us, and if so, anyone have any tips on how to reconfigure so my site doesnt suddenly stop shipping on Jan 31st?

 

***USPS EMAIL***

 

Dear USPS Web Tools Customer,

 

Subject: FOURTH NOTICE - Important – Action Required! Secure Sockets Layer (SSL) Implemented for Web Tool APIs

 

This is the fourth notice sent regarding the SSL Implementation for Web Tools APIs. If you wish to continue using the APIs listed below, you must alter your code by January 31, 2007. You will be required to communicate via https://, instead of http://, for a total of 46 USPS Web Tools APIs. This change will also require you to change the Web Tools server called from production.shippingapis.com to secure.shippingapis.com.

 

After January 31, 2007, the http:// instances of impacted APIs shall no longer be accessible.

 

Please be advised the list of APIs impacted, as detailed in table below, are currently accessible under SSL and therefore you can begin calling these new instances immediately. Your User ID and the API names are the same.

 

The USPS has implemented such changes to secure your personally-identifiable information (PII) data transmitted over the Internet. Technical user guides available via: http://www.usps.com/webtools/technical.htm have been updated and denote proper URL prefixes.

 

Impacted APIs:

 

API

Name

 

CarrierPickupAvailability

Carrier Pickup Availability

 

CarrierPickupCancel

Carrier Pickup Cancel

 

CarrierPickupChange

Carrier Pickup Change

 

CarrierPickupInquiry

Carrier Pickup Inquiry

 

CarrierPickupSchedule

Carrier Pickup Schedule

 

Courtesy

Courtesy Reply Mail Label

 

CustomsCN22

International Customs Form CN 22

 

CustomsCN22Certify

International Customs Form CN 22 Certification

 

CustomsCN22V2

International Customs Form CN 22 V2

 

CustomsCN22V2Certify

International Customs Form CN 22 V2 Certification

 

CustomsCP72V2

International Customs Form CP72 V2

 

CustomsCP72V2Certify

International Customs Form CP72 V2 Certification

 

CustomsCP72V3

International Customs Form CP72 V3

 

CustomsCP72V3Certify

International Customs Form CP72 V3 Certification/Test

 

DelivConfirmCertify

Delivery Confirmation Certification

 

DelivConfirmCertifyV3

Delivery Confirmation Certification V3.0

 

DelivConfirmPICCertify

Delivery Confirmation Barcode Only Certification

 

DelivConfirmPICCertifyV3

Delivery Confirmation PIC Certification V3.0

 

DeliveryConfirmationPICV2

Delivery Confirmation Barcode Only V2.0

 

DeliveryConfirmationPICV3

Delivery Confirmation Barcode Only V3.0

 

DeliveryConfirmationV2

Delivery Confirmation V2.0

 

DeliveryConfirmationV3

Delivery Confirmation V3.0

 

EMR_DC_ProductionV2

EMR with Delivery Confirmation V2.0

 

EMR_DC_ProductionV3

EMR with Delivery Confirmation V3.0

 

ExpressMailLabel

Express Mail Label

 

ExpressMailLabelCertify

Express Mail Label Certification

 

GlobalExpressMailLabelV2

Global Express Mail V2

 

GlobalExpressMailLabelV2Certify

Global Express Mail V2 Certification

 

GlobalLabelAirmail

Global Label Airmail

 

GlobalLabelAirmailCertify

Global Label Airmail Certification

 

GlobalLabelExpress

Global Label Express

 

GlobalLabelExpressCertify

Global Label Express Certification

 

GlobalLabelPriority

Global Label Priority

 

GlobalLabelPriorityCertify

Global Label Priority Certification

 

MerchandiseReturnV2

Merchandise Return V2.0

 

MerchandiseReturnV3

Merchandise Return V3.0

 

MerchReturnCertify

EMR with Delivery Confirmation Certification

 

MerchReturnCertifyV3

EMR with Delivery Confirmation Certification V3.0

 

SignatureConfirmation

Signature Confirmation

 

SignatureConfirmationCertify

Signature Confirmation Certify

 

SignatureConfirmationCertifyV3

Signature Confirmation Certify V3.0

 

SignatureConfirmationPIC

Signature Confirmation Barcode Only

 

SignatureConfirmationPICCertify

Signature Confirmation PIC Certify

 

SignatureConfirmationPICCertifyV3

Signature Confirmation Certify Barcode Only V3.0

 

SignatureConfirmationPICV3

Signature Confirmation Barcode Only V3.0

 

SignatureConfirmationV3

Signature Confirmation V3.0

 

In summary, the implementation of SSL in Web Tools will require you to alter your code for aforementioned APIs to call URL:

 

- https://secure.shippingapis.com, instead of http://production.shippingapis.com

 

Please note that the XML schema will not change as a result of this effort.

 

You are strongly encouraged to alter your software to accommodate these changes as soon as possible.

 

Thank you in advance for your cooperation and understanding as these changes are implemented. If you have any additional concerns or technical inquiries, please contact the USPS Internet Customer Care Center via email at [email protected] or phone at 1-800-344-7779.

Link to comment
Share on other sites

Eric,

 

I have posted the same issue on Jan 3. I hope one of us gets a reply soon. I found where these references are in the USPS shipping method. I just don't know how to ensure they are SSL. I'm hoping this is default because the shippnig page is only avail in SSL. But, I don't know if this is true.

 

David

Anthony David

AllThingsTrendy.com

Link to comment
Share on other sites

I came here looking for the same thing. The current USPS module uses the http_client.php class which does not provide SSL functionality. I'm surprised no one has addressed this yet. I'll see if I can locate a class file that we can use.

Link to comment
Share on other sites

The USPS module uses APIs that are not included in the list of affected API's so, the USPS module is not affected by the secure server change. The reason for the change is to secure personally identifiable transaction information. Since there is no personally identifiable information the the RateRequest API, it is not affected by the change.

 

//  .../modules/shipping/usps.php
function _getQuote() {
  global $order, $transittime;

  if(in_array('Display transit time', explode(', ', MODULE_SHIPPING_USPS_OPTIONS))) $transit = TRUE;

  if ($order->delivery['country']['id'] == SHIPPING_ORIGIN_COUNTRY) {
// RateRequest API
	$request  = '<RateRequest USERID="' . MODULE_SHIPPING_USPS_USERID . '" PASSWORD="' . MODULE_SHIPPING_USPS_PASSWORD . '">';

- - snip - -

  switch ($key) {
		  case 'Express':  $transreq[$key] = 'API=ExpressMail&XML=' .	// ExpressMail API
						   urlencode( '<ExpressMailRequest ' . $transitreq . '</ExpressMailRequest>');
						   break;
		  case 'Priority': $transreq[$key] = 'API=PriorityMail&XML=' .  // PriorityMail API
						   urlencode( '<PriorityMailRequest ' . $transitreq . '</PriorityMailRequest>');
						   break;
		  case 'Parcel':   $transreq[$key] = 'API=StandardB&XML=' .  // StandardB API
						   urlencode( '<StandardBRequest ' . $transitreq . '</StandardBRequest>');
						   break;
		  default:		 $transreq[$key] = '';
						   break;
   }

 

 

Continue with business as usual, no changes required.

 

:thumbsup:

Link to comment
Share on other sites

  • 2 weeks later...

What about for the contribution usps_labels_2.0.3 which lets us print USPS labels from our Admin section?

 

Also, what about for the contrib USPSMethods_2.8d_1 (which lets us select which USPS shipping methods to appear to the customers)?

 

Can anyone tell me if these need to be changed?

--Sanguinarius

 

If you're reading this, I'm probably pulling my hair out. ;>

 

*waiting for osCommerce 3.0 alpha 6* (I'm after the coupons.)

Link to comment
Share on other sites

  • 4 weeks later...

This item should not be seen as closed, I tried to work with the usps.php file to change from the production server to the secure server, but as Adam says here, it is kind of dependant on the http_client.php file. We really need a solution to this problem and are willing to pay for a solution, since neither oscommerce or CREloaded has addressed this issue, and support for the old URLs for USPS do not work.

 

Is there a way to prove that the code is not affected by this change in usps?

I came here looking for the same thing. The current USPS module uses the http_client.php class which does not provide SSL functionality. I'm surprised no one has addressed this yet. I'll see if I can locate a class file that we can use.
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...