logo
Welcome to our new AbleCommerce forums. As a guest, you may view the information here. To post to this forum, you must have a registered account with us, either as a new user evaluating AbleCommerce or an existing user of the application. For all questions related to the older version of Gold and earlier, please go to AbleCommerce Gold forum. Please use your AbleCommerce username and password to Login. New Registrations are disabled.

Notification

Icon
Error
UPS OAuth change
Options
Go to last post Go to first unread
Previous Topic Next Topic
Jay  
#1 Posted : Tuesday, November 18, 2025 10:21:30 AM(UTC)
Jay

Rank: Member

Groups: Authorized User, Developers
Joined: 11/12/2018(UTC)
Posts: 25

Thanks: 1 times
Was thanked: 4 time(s) in 3 post(s)
FYI, I got the following from UPS today:

Quote:
To enhance security, UPS is making an important update to our OAuth API security model. Review the details below to determine if you need to take action to prepare for this upcoming change to the UPS Developer APIs.

What’s Changing?
Starting April 1, 2026, the lifespan of OAuth tokens will be reduced from 4 hours to 1 hour. This means your integration must generate a new token every hour instead of every 4 hours to maintain uninterrupted access to UPS APIs.

How This Impacts You
If your integration is hardcoded to refresh tokens every 4 hours, you might get “invalid credentials” errors after a token has been in use for 1 hour.

Check if You Need to Act
• No Action Needed: If you use the “expires in” value from the “Generate Token” response to refresh tokens.
• No Action Needed: If your integration refreshes tokens dynamically when encountering an “invalid credentials” error.
• Action Needed: If your integration is hardcoded to refresh tokens every 4 hours, you will need to update your logic.
What to Do
By April 1, 2026, ensure your integration uses one of the supported refresh methods mentioned above. For best long-term results, we recommend dynamic token refresh logic.


I haven't had a chance to look at the AbleCommerce source code yet to see if you hardcoded the 4 hours (change required), or if you look for the "expires in" value or the "invalid credentials" error (no change required).
Back to top

Wanna join the discussion?! Login to your AbleCommerce Forums forum account. New Registrations are disabled.
Back to top  
Katie S  
#2 Posted : Tuesday, November 18, 2025 1:58:39 PM(UTC)
Katie S

Rank: Advanced Member

Groups: System, Administrators, Developers, Registered, HelpDesk
Joined: 10/29/2018(UTC)
Posts: 502

Thanks: 4 times
Was thanked: 36 time(s) in 35 post(s)
Hi Jay,

Thanks for posting this. I received the notice from UPS as well.

Let me do some investigation and see how we are handling the token expirations.

I'll post here as soon as I have an answer.
Thanks for your support!

Katie
Secure eCommerce Software and Hosting
Back to top
Users browsing this topic
Guest (9)
Forum Jump  
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.

Privacy Policy | Powered by YAF.NET 2.2.4.14 | YAF.NET © 2003-2025, Yet Another Forum.NET
This page was generated in 0.135 seconds.