The UPS OAuth Authorization Code API helps integrate UPS services into your business application for providing the service your application grants your customers. For example, you can create UPS shipping labels with shipping rates for merchants from within your application. Since your application will not have access to your customer's UPS login credentials, the OAuth authorization code flow is used to let your customer use their UPS credentials, within your application, in a simple and secure way. The PKCE-enhanced Authorization Code Flow introduces a secret created by the calling application that can be verified by the authorization server; this secret is called the Code Verifier. Additionally, the calling app creates a transform value of the Code Verifier called the Code Challenge and sends this value over HTTPS to retrieve an Authorization Code. This way, a malicious attacker can only intercept the Authorization Code, and they cannot exchange it for a token without the Code Verifier. Key Business Values: - Enhanced Transaction Security: The OAuth Authorization Code flow is more secure and reliable since the access token and the refresh token are never exposed in the browser's URL, thus reducing the risk of leakage or theft. - Operational Efficiency: With the ability to obtain a refresh token when the token expires, your application can maintain a long-term and uninterrupted access to the protected resources, without requiring the user to re-authenticate or re-login. Overview of steps in OAuth Authorization Code flow: 1. When user selects Login, the client application redirects to the authorization server's /authorize endpoint. 2. The Authorization Server authenticates the user by asking for their login credentials, and after successful login, the authorization server responds back to the application with an authorization code contained within a redirection URI. 3. The application then sends the authorization code and the redirection URI to the authorization server's /oauth/token endpoint. 4. The authorization server's /token endpoint verifies the authorization code and the application's client ID contained in the redirect URI, and responds with a with an access token, as well as a refresh token. 5. The Client application uses the access token to request information from an UPS API. Overview of steps in OAuth Authorization Code PKCE flow: 1. When user selects Login, the client application redirects to the authorization server's /authorize endpoint with Code Challenge - Note: Prior to redirecting to the authorization server, the application generates and code_challenge and code_verifier that are related in this way: code_challenge = BASE64URL-ENCODE(SHA256(ASCII(code_verifier))) 2. The Authorization Server authenticates the user by asking for their login credentials, and after successful login, the authorization server responds back to the application with an authorization code contained within a redirection URI. 4. The application then sends the authorization code , code_verifer and the redirection URI to the authorization server's /oauth/token endpoint. - Note: When utlizing the PKCE flow, the BASIC Authorization header should not be included, just the client_id parameter in the body. 5. The authorization server's /token endpoint verifies the authorization code, code_verifier and the application's client ID contained in the redirect URI, and responds with a with an access token, as well as a refresh token. 6. The Client application uses the access token to request information from an UPS API. - <a href="proxy.php?url=https%3A%2F%2Fgithub.com%2F%3Ca+href%3D"https://developer.ups.com/api/reference/oauth/authorization-code%5C" rel="nofollow">https://developer.ups.com/api/reference/oauth/authorization-code\" target="_blank" rel="noopener">Setting-up OAuth Authorization Code flow - <a href="proxy.php?url=https%3A%2F%2Fgithub.com%2F%3Ca+href%3D"https://github.com/UPS-API/UPS-SDKs%5C">https://github.com/UPS-API/UPS-SDKs\" target="_blank" rel="noopener noreferrer">Accelerate API Integration with UPS SDKs
Try out UPS APIs with example requests using Postman. Explore API documentation and sample applications through GitHub.
<a href="proxy.php?url=https%3A%2F%2Fgithub.com%2F%3Ca+href%3D"https://god.gw.postman.com/run-collection/29542085-f15285f0-2ffd-4895-b9e4-fcf496f8059a?action=collection%2Ffork&source=rip_markdown&collection-url=entityId%3D29542085-f15285f0-2ffd-4895-b9e4-fcf496f8059a%26entityType%3Dcollection%26workspaceId%3D7e7595f0-4829-4f9a-aee1-75c126b9d417%5C" rel="nofollow">https://god.gw.postman.com/run-collection/29542085-f15285f0-2ffd-4895-b9e4-fcf496f8059a?action=collection%2Ffork&source=rip_markdown&collection-url=entityId%3D29542085-f15285f0-2ffd-4895-b9e4-fcf496f8059a%26entityType%3Dcollection%26workspaceId%3D7e7595f0-4829-4f9a-aee1-75c126b9d417\" target="_blank" rel="noopener noreferrer"> <img src="proxy.php?url=https%3A%2F%2Fgithub.com%2F%3Ca+href%3D"https://run.pstmn.io/button.svg%5C" rel="nofollow">https://run.pstmn.io/button.svg\" alt="Run In Postman" style="width: 128px; height: 32px;"> <a href="proxy.php?url=https%3A%2F%2Fgithub.com%2F%3Ca+href%3D"https://github.com/UPS-API%5C">https://github.com/UPS-API\" target="_blank" rel="noopener noreferrer"> <img src="proxy.php?url=https%3A%2F%2Fgithub.com%2F%3Ca+href%3D"https://www.ups.com/assets/resources/webcontent/images/gitHubButton.svg%5C" rel="nofollow">https://www.ups.com/assets/resources/webcontent/images/gitHubButton.svg\" alt="Open in GitHub " style="width: 128px; height: 32px;">This PHP package is automatically generated by the Swagger Codegen project:
- API version: 1.0
- Package version: 1.0.9
- Build package: io.swagger.codegen.v3.generators.php.PhpClientCodegen
PHP 5.5 and later
To install the bindings via Composer, add the following to composer.json:
{
"repositories": [
{
"type": "git",
"url": "https://github.com/abantecart/ups-oauth-auth-code.git"
}
],
"require": {
"abantecart/ups-oauth-auth-code": "*@dev"
}
}
Then run composer install
Download the files and include autoload.php:
require_once('/path/to/OAuthAuthCode/vendor/autoload.php');To run the unit tests:
composer install
./vendor/bin/phpunit
Please follow the installation procedure and then run the following:
<?php
require_once(__DIR__ . '/vendor/autoload.php');
$apiInstance = new UPS\OAuthAuthCode\Request\OAuthAuthCodeApi(
// If you want use custom http client, pass your client which implements `GuzzleHttp\ClientInterface`.
// This is optional, `GuzzleHttp\Client` will be used as default.
new GuzzleHttp\Client()
);
$client_id = "client_id_example"; // string | The public identifier for your application, obtained when you, the developer first registered the application.
$redirect_uri = "redirect_uri_example"; // string | URL that tells the authorization server where to send the user back to after they approve the request.
$response_type = "response_type_example"; // string | Valid Values: code
$state = "state_example"; // string | A random string generated by the application and included in the request to prevent CSRF attacks. The application checks that the same value is returned after the user authorizes the app.
$scope = "scope_example"; // string | One or more space-separated strings indicating which permissions the application is requesting.
$code_challenge = "code_challenge_example"; // string | Base64 URL-Encoded SHA256 value of Code Verifier that can be used to verify the code_verifier in the /token step.
try {
$apiInstance->authorizeClient($client_id, $redirect_uri, $response_type, $state, $scope, $code_challenge);
} catch (Exception $e) {
echo 'Exception when calling OAuthAuthCodeApi->authorizeClient: ', $e->getMessage(), PHP_EOL;
}
// Configure HTTP basic authorization: BasicAuthGenerate
$config = UPS\OAuthAuthCode\Configuration::getDefaultConfiguration()
->setUsername('YOUR_USERNAME')
->setPassword('YOUR_PASSWORD');
$apiInstance = new UPS\OAuthAuthCode\Request\OAuthAuthCodeApi(
// If you want use custom http client, pass your client which implements `GuzzleHttp\ClientInterface`.
// This is optional, `GuzzleHttp\Client` will be used as default.
new GuzzleHttp\Client(),
$config
);
$grant_type = "grant_type_example"; // string |
$code = "code_example"; // string |
$redirect_uri = "redirect_uri_example"; // string |
$code_verifier = "code_verifier_example"; // string |
$client_id = "client_id_example"; // string |
try {
$result = $apiInstance->generateToken($grant_type, $code, $redirect_uri, $code_verifier, $client_id);
print_r($result);
} catch (Exception $e) {
echo 'Exception when calling OAuthAuthCodeApi->generateToken: ', $e->getMessage(), PHP_EOL;
}
// Configure HTTP basic authorization: BasicAuthRefresh
$config = UPS\OAuthAuthCode\Configuration::getDefaultConfiguration()
->setUsername('YOUR_USERNAME')
->setPassword('YOUR_PASSWORD');
$apiInstance = new UPS\OAuthAuthCode\Request\OAuthAuthCodeApi(
// If you want use custom http client, pass your client which implements `GuzzleHttp\ClientInterface`.
// This is optional, `GuzzleHttp\Client` will be used as default.
new GuzzleHttp\Client(),
$config
);
$grant_type = "grant_type_example"; // string |
$refresh_token = "refresh_token_example"; // string |
try {
$result = $apiInstance->refreshToken($grant_type, $refresh_token);
print_r($result);
} catch (Exception $e) {
echo 'Exception when calling OAuthAuthCodeApi->refreshToken: ', $e->getMessage(), PHP_EOL;
}
?>All URIs are relative to /
| Class | Method | HTTP request | Description |
|---|---|---|---|
| OAuthAuthCodeApi | authorizeClient | GET /v1/oauth/authorize | Authorize Client |
| OAuthAuthCodeApi | generateToken | POST /v1/oauth/token | |
| OAuthAuthCodeApi | refreshToken | POST /v1/oauth/refresh | Refresh Token |
- ErrorResponseWrapper
- Errors
- GenerateTokenSuccessResponse
- OauthRefreshBody
- OauthTokenBody
- RefreshTokenSuccessResponse
- TokenErrorResponse
- Type: HTTP basic authentication
- Type: HTTP basic authentication