Liquid Hotdog

USPS Rate Calculation Setback

So I've been trying to use the United States Postal Service Rate Calculating tool in testing mode over an HTTPS connection. I was having one heck of a hard time getting to this rather simple solution.

The documentation states:

"Depending on the API, the address to the test server is either or"

So, as I always like security, I had attempted many times to use the URL.

Now, assuming this URL would work, a properly formed URL request would be:

  1.<ratev2request USERID="##########"><package ID="0"><service>PRIORITY</service><ziporigination>10022</ziporigination><zipdestination>20008</zipdestination><pounds>10</pounds><ounces>5</ounces><container>Flat Rate Box</container><size>REGULAR</size></package></ratev2request>

But, this would always be returned with the following error:

  1. <error>
  2.     <number>80040b1a</number>
  3.     <description>API Authorization failure. RateV2 is not a valid API name for this protocol.</description>
  4.     <source>UspsCom::DoAuth</source>
  5. </error>

From searching around on the 'net to find an answer to this. I've actually come to no concrete authorative answer. What I have discovered is that the non-SSL DOES return a proper test response. Perhaps the test service SSL server is broken. Or, because there is no sensitive data being sent for a rate response, the SSL connection is not required? I still consider my USPS username to be sensitive information, however.

I'd like to amend my findings to this post. Having been granted access to the USPS production servers, I have indeed concluded that the Shipping Rate tool does NOT support SSL. Again I must say that this is still a security issue. What if someone were to sniff out my USPS API username and use it in a DOS attack against the postal services? It should be in their (and my) best interests to allow secure communications for any of their web tools. I'll be writing them about this and will again post back with any new info I find.

-- MrBlaQ
Filed under: Coding, Main — March 12, 2007 @ 1:54 pm
Valid XHTML 1.0 Valid CSS 2
eXTReMe Tracker