UPS OAuth change

Welcome to our new AbleCommerce forums. As a guest, you may view the information here. To post to this forum, you must have a registered account with us, either as a new user evaluating AbleCommerce or an existing user of the application. For all questions related to the older version of Gold and earlier, please go to AbleCommerce Gold forum. Please use your AbleCommerce username and password to Login. New Registrations are disabled.

Notification

Error

UPS OAuth change

Options

Previous Topic Next Topic

Jay		#1 Posted : Tuesday, November 18, 2025 10:21:30 AM(UTC)
Rank: Member Groups: Authorized User, Developers Joined: 11/12/2018(UTC) Posts: 25 Thanks: 1 times Was thanked: 4 time(s) in 3 post(s)		FYI, I got the following from UPS today: Quote: To enhance security, UPS is making an important update to our OAuth API security model. Review the details below to determine if you need to take action to prepare for this upcoming change to the UPS Developer APIs. What’s Changing? Starting April 1, 2026, the lifespan of OAuth tokens will be reduced from 4 hours to 1 hour. This means your integration must generate a new token every hour instead of every 4 hours to maintain uninterrupted access to UPS APIs. How This Impacts You If your integration is hardcoded to refresh tokens every 4 hours, you might get “invalid credentials” errors after a token has been in use for 1 hour. Check if You Need to Act • No Action Needed: If you use the “expires in” value from the “Generate Token” response to refresh tokens. • No Action Needed: If your integration refreshes tokens dynamically when encountering an “invalid credentials” error. • Action Needed: If your integration is hardcoded to refresh tokens every 4 hours, you will need to update your logic. What to Do By April 1, 2026, ensure your integration uses one of the supported refresh methods mentioned above. For best long-term results, we recommend dynamic token refresh logic. I haven't had a chance to look at the AbleCommerce source code yet to see if you hardcoded the 4 hours (change required), or if you look for the "expires in" value or the "invalid credentials" error (no change required).


User Profile View All Posts by User View Thanks


	Wanna join the discussion?! Login to your AbleCommerce Forums forum account. New Registrations are disabled.

Katie S		#2 Posted : Tuesday, November 18, 2025 1:58:39 PM(UTC)
Rank: Advanced Member Groups: System, Administrators, Developers, Registered, HelpDesk Joined: 10/29/2018(UTC) Posts: 503 Thanks: 4 times Was thanked: 36 time(s) in 35 post(s)		Hi Jay, Thanks for posting this. I received the notice from UPS as well. Let me do some investigation and see how we are handling the token expirations. I'll post here as soon as I have an answer.
		Thanks for your support! Katie Secure eCommerce Software and Hosting


User Profile View All Posts by User View Thanks

Katie S		#3 Posted : Monday, February 9, 2026 11:57:22 AM(UTC)
Rank: Advanced Member Groups: System, Administrators, Developers, Registered, HelpDesk Joined: 10/29/2018(UTC) Posts: 503 Thanks: 4 times Was thanked: 36 time(s) in 35 post(s)		The UPS OAUTH plugin code already using "expires in" from access token. So, we are good. No changes needed in our integration.
		Thanks for your support! Katie Secure eCommerce Software and Hosting


User Profile View All Posts by User View Thanks

rlopez397954		#4 Posted : Wednesday, February 11, 2026 10:12:45 AM(UTC)
Rank: Advanced Member Groups: Authorized User, Registered, Developers, HelpDesk Joined: 11/30/2018(UTC) Posts: 95 Thanks: 8 times Was thanked: 1 time(s) in 1 post(s)		Came across this error in our logs last night on one of our websites. Quote: 2026-02-10T10:13:13.1800000-07:00 Error An error occurred while connecting to UPS Address validation API. IP ADDRESS: 162.158.63.208 "Exception: Cannot deserialize the current JSON array (e.g. [1,2,3]) into type 'CommerceBuilder.Shipping.Providers.UPSOAuth.Models.Candidate' because the type requires a JSON object (e.g. {""name"":""value""}) to deserialize correctly. To fix this error either change the JSON to a JSON object (e.g. {""name"":""value""}) or change the deserialized type to an array or a type that implements a collection interface (e.g. ICollection, IList) like List<T> that can be deserialized from a JSON array. JsonArrayAttribute can also be added to the type to force it to deserialize from a JSON array. Path 'XAVResponse.Candidate', line 1, position 130. Stack Trace: at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.EnsureArrayContract(JsonReader reader, Type objectType, JsonContract contract) at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.CreateList(JsonReader reader, Type objectType, JsonContract contract, JsonProperty member, Object existingValue, String id) at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.CreateValueInternal(JsonReader reader, Type objectType, JsonContract contract, JsonProperty member, JsonContainerContract containerContract, JsonProperty containerMember, Object existingValue) at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.SetPropertyValue(JsonProperty property, JsonConverter propertyConverter, JsonContainerContract containerContract, JsonProperty containerProperty, JsonReader reader, Object target) at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.PopulateObject(Object newObject, JsonReader reader, JsonObjectContract contract, JsonProperty member, String id) at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.CreateObject(JsonReader reader, Type objectType, JsonContract contract, JsonProperty member, JsonContainerContract containerContract, JsonProperty containerMember, Object existingValue) at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.CreateValueInternal(JsonReader reader, Type objectType, JsonContract contract, JsonProperty member, JsonContainerContract containerContract, JsonProperty containerMember, Object existingValue) at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.SetPropertyValue(JsonProperty property, JsonConverter propertyConverter, JsonContainerContract containerContract, JsonProperty containerProperty, JsonReader reader, Object target) at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.PopulateObject(Object newObject, JsonReader reader, JsonObjectContract contract, JsonProperty member, String id) at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.CreateObject(JsonReader reader, Type objectType, JsonContract contract, JsonProperty member, JsonContainerContract containerContract, JsonProperty containerMember, Object existingValue) at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.CreateValueInternal(JsonReader reader, Type objectType, JsonContract contract, JsonProperty member, JsonContainerContract containerContract, JsonProperty containerMember, Object existingValue) at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.Deserialize(JsonReader reader, Type objectType, Boolean checkAdditionalContent) at Newtonsoft.Json.JsonSerializer.DeserializeInternal(JsonReader reader, Type objectType) at Newtonsoft.Json.JsonConvert.DeserializeObject(String value, Type type, JsonSerializerSettings settings) at Newtonsoft.Json.JsonConvert.DeserializeObject[T](String value, JsonSerializerSettings settings) at CommerceBuilder.Shipping.Providers.UPSOAuth.UPSOAuth.ValidateAddress(String company, String address1, String address2, String city, String province, String postalCode, String countryCode, Int32 requestOption) " Have not looked into this error. As a note: we are running able version 11.


User Profile View All Posts by User View Thanks

Katie S		#5 Posted : Wednesday, February 11, 2026 11:35:49 AM(UTC)
Rank: Advanced Member Groups: System, Administrators, Developers, Registered, HelpDesk Joined: 10/29/2018(UTC) Posts: 503 Thanks: 4 times Was thanked: 36 time(s) in 35 post(s)		Hi Ricky, Would you be able to run a quick test to see if the AVS is working from the Billing page in checkout? I just used my UPS test account, and it is working fine with no errors in either the app.log or IIS logs. Hopefully, it is a temporary issue on the UPS side.
		Thanks for your support! Katie Secure eCommerce Software and Hosting


User Profile View All Posts by User View Thanks

rlopez397954		#6 Posted : Sunday, February 15, 2026 10:52:16 AM(UTC)
Rank: Advanced Member Groups: Authorized User, Registered, Developers, HelpDesk Joined: 11/30/2018(UTC) Posts: 95 Thanks: 8 times Was thanked: 1 time(s) in 1 post(s)		Katie so sorry that I didn't get a notification of your post. I did test and yes it is working fine. I do believe that this was just some glitch that threw this fault and only in one site. We are monitoring and will post back if it shows again. Thanks again for looking into this. Ricky


User Profile View All Posts by User View Thanks

Katie S		#7 Posted : Sunday, February 15, 2026 3:13:59 PM(UTC)
Rank: Advanced Member Groups: System, Administrators, Developers, Registered, HelpDesk Joined: 10/29/2018(UTC) Posts: 503 Thanks: 4 times Was thanked: 36 time(s) in 35 post(s)		No worries. When you post in the forums, you have to remember to check the box "Watch this topic and receive notifications of activity via e-mail?" Sometimes I forget too :)
		Thanks for your support! Katie Secure eCommerce Software and Hosting


User Profile View All Posts by User View Thanks

Users browsing this topic
Guest (2)

Forum Jump

You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.

Privacy Policy | Powered by YAF.NET 2.2.4.14 | YAF.NET © 2003-2026, Yet Another Forum.NET
This page was generated in 0.250 seconds.

Important Information: The AbleCommerce Forums uses cookies. By continuing to browse this site, you are agreeing to our use of cookies. More Details Close