Update September 3, 2020:
After performing tests overnight, we have confirmed that UPS has switched off their CGI Rating API permanently. Users on Magento 1 and Magento 2 NOT using UPS XML Rating API are affected.
If you rely on ShipperHQ or WebShopApps Extensions, which pull live UPS rates or otherwise use the UPS XML Rating API, you will not be impacted.
If you think you may be impacted, please see our full review and steps to take below or direct further questions to your UPS account manager or UPS technical support.
The CGI Rating API is a legacy, deprecated API and:
- Produces inaccurate results
- Does not support newer UPS services
- Has no uptime or EOL guarantee
- Has no official support from UPS.
This means remaining on the CGI Rating API via HTTP or HTTPS continues to presents a risk to your site.
How do I know if my site is at risk?
You are not at risk if you use ShipperHQ
ShipperHQ uses the latest version of the modern UPS XML API and is continuously updated to account for any future changes. No action is required.
You are not at risk if you use WebShopApps extensions which rely on live UPS rates
WebShopApps extensions like Dimensional Shipping use live UPS rates and already require the use of the XML API. Therefore, these extensions are not impacted.
You are not at risk if you use Magento’s native implementation of the UPS XML Rating API
You can confirm this by checking the “UPS Type” set on the UPS Shipping Method in your Magento Admin Panel. On Magento 1.x this is found under System > Configurations > Shipping Methods > UPS. On Magento 2.x this is found under Stores > Configurations > Sales > Shipping Methods > UPS.
If the “UPS Type” is “United Parcel Service XML” you are using the XML API and are not at risk. If the “UPS Type” is set to “United Parcel Service” you are using the CGI API and are at risk.
What Actions Should I Take?
To avoid long-term impact, we continue to recommend that all merchants move to Magento’s native XML implementation or a service like ShipperHQ which is continuously updated with any UPS API changes.
Magento themselves recommend using the United Parcel Service XML type for all new configurations, since the standard United Parcel Service type is scheduled for depreciation within the platform.
If you are unable to immediately move off of this deprecated CGI API, we recommend as a stopgap that you move to using the HTTPS CGI Rating API endpoint following the steps outlined in our original post below.
If you need assistance with generating XML credentials for Magento’s native implementation, contact your UPS Account Representative. If you’re interested in learning more about how ShipperHQ helps protect merchants from incidents like this, please contact us.
Thanks to Kris Brown (@kab8609) for flagging this issue and the temporary resolution using HTTPS to us via Twitter!
Original Post from January 8, 2019
Changes to UPS Support for CGI Rating API
If you’re a merchant on Magento 1.x or 2.x who is not seeing UPS rates returned as of Sunday, January 6th, this may be due to changes in UPS support for their legacy CGI Rating API.
UPS has made a change requiring that rating via their CGI Rating API, which is a native Magento option, and no longer allows HTTP connections but instead requires HTTPS. By default, Magento attempts to connect using HTTP.
Since the CGI Rating API is a legacy API with no official support by UPS, we recommend switching to the UPS XML API. The CGI Rating API does not return accurate shipping rates and may be disabled entirely in future.
If you are unable to immediately move to XML, as a stopgap steps to move to HTTPS for the CGI Rating API are below.
ShipperHQ customers are not impacted by this change, no action is required. All WebShopApps extensions that require live UPS rates (for example, Dimensional Shipping) require XML rating and are therefore not impacted.
Merchants Using UPS XML Rating API
All merchants using the UPS XML Rating API are not impacted by this change.
What to Do if You are Impacted
While we and UPS have recommended moving to the XML Rating API for many years, if you must continue to use the CGI Rating API as a stopgap measure, you can change to using HTTPS and reactivate your rates for the time being using the steps below.
- On the M1 dashboard, go to System > Configurations > Shipping Methods > UPS
- On the M2 dashboard, go to Stores > Configurations > Sales > Shipping Methods > UPS
- From UPS, set “UPS Type” to United Parcel Service
- Under “Gateway URL,” manually add an “s” to “HTTP” to the website address listed in this field