UPDATE: JAN 11 – UPS has restored service on the HTTP endpoint for their CGI Rating API, but action is still required
UPS has re-activated the HTTP endpoint for the CGI Rating API, meaning rates will now be returned via this endpoint. The HTTPS endpoint continues to work as expected. For background on this issue, see our original post below.
However, the CGI Rating API is still a legacy, deprecated API and:
- Produces inaccurate results
- Does not support newer UPS services
- Has no uptime or EOL guarantee
- Has no official support from UPS.
This means remaining on the CGI Rating API via HTTP or HTTPS continues to presents a risk to your site.
How do I know if my site is at risk?
You are not at risk if you use ShipperHQ
ShipperHQ uses the latest version of the modern UPS XML API and is continuously updated to account for any future changes. No action is required.
You are not at risk if you use WebShopApps extensions which rely on live UPS rates
WebShopApps extensions like Dimensional Shipping use live UPS rates and already require the use of the XML API. Therefore, these extensions are not impacted.
You are not at risk if you use Magento’s native implementation of the UPS XML Rating API
You can confirm this by checking the “UPS Type” set on the UPS Shipping Method in your Magento Admin Panel. On Magento 1.x this is found under System > Configurations > Shipping Methods > UPS. On Magento 2.x this is found under Stores > Configurations > Sales > Shipping Methods > UPS.
If the “UPS Type” is “United Parcel Service XML” you are using the XML API and are not at risk. If the “UPS Type” is set to “United Parcel Service” you are using the CGI API and are at risk.
What Actions Should I Take?
To avoid future impact, we continue to recommend that all merchants move to Magento’s native XML implementation or a service like ShipperHQ which is continuously updated with any UPS API changes.
If you are unable to immediately move off of this deprecated CGI API, we recommend as a stopgap that you move to using the HTTPS CGI Rating API endpoint following the steps outlined in our original post below.
If you need assistance with generating XML credentials for Magento’s native implementation, contact your UPS Account Representative. If you’re interested in learning more about how ShipperHQ helps protect merchants from incidents like this, please contact us.
Thanks to Kris Brown (@kab8609) for flagging this issue and the temporary resolution using HTTPS to us via Twitter!
Original Post from January 8, 2019
Changes to UPS Support for CGI Rating API
If you’re a merchant on Magento 1.x or 2.x who is not seeing UPS rates returned as of Sunday, January 6th, this may be due to changes in UPS support for their legacy CGI Rating API.
UPS has made a change requiring that rating via their CGI Rating API, which is a native Magento option, and no longer allows HTTP connections but instead requires HTTPS. By default, Magento attempts to connect using HTTP.
Since the CGI Rating API is a legacy API with no official support by UPS, we recommend switching to the UPS XML API. The CGI Rating API does not return accurate shipping rates and may be disabled entirely in future.
If you are unable to immediately move to XML, as a stopgap steps to move to HTTPS for the CGI Rating API are below.
ShipperHQ customers are not impacted by this change, no action is required. All WebShopApps extensions that require live UPS rates (for example, Dimensional Shipping) require XML rating and are therefore not impacted.
Merchants Using UPS XML Rating API
All merchants using the UPS XML Rating API are not impacted by this change.
What to Do if You are Impacted
While we and UPS have recommended moving to the XML Rating API for many years, if you must continue to use the CGI Rating API as a stopgap measure, you can change to using HTTPS and reactivate your rates for the time being using the steps below.
- On the M1 dashboard, go to System > Configurations > Shipping Methods > UPS
- On the M2 dashboard, go to Stores > Configurations > Sales > Shipping Methods > UPS
- From UPS, set “UPS Type” to United Parcel Service
- Under “Gateway URL,” manually add an “s” to “HTTP” to the website address listed in this field