A PHP SDK for the UPS REST API, brought to you by ShipStream.
composer require shipstream/ups-rest-php-sdk
Note: The latest version is compatible only with PHP 8.x. For PHP 7.4 support, please append the ^1.0
version constraint to the above command.
Create a UPS Client instance using a configuration object:
$config = new \ShipStream\Ups\Config([
// Whether to send the requests to the UPS Customer Integration Environment instead of the production environment.
// Optional, defaults to false.
'use_testing_environment' => true,
// The grant type to use for obtaining an access token. Available options: 'client_credentials', 'authorization_code'.
// Optional, defaults to 'client_credentials'.
'grant_type' => \ShipStream\Ups\Config::GRANT_TYPE_CLIENT_CREDENTIALS,
// Your Client ID obtained from UPS Developer portal.
'client_id' => 'your_client_id',
// Your Client Secret obtained from UPS Developer portal.
'client_secret' => 'your_client_secret',
// The URL to redirect to after authenticating with UPS using Authorization Code flow.
// Required only when using Authorization Code flow, defaults to an empty string.
'redirect_uri' => 'https://example.com/oauth/callback',
]);
$client = \ShipStream\Ups\ClientFactory::create($config);
The Client object contains methods for every endpoint available in the UPS OpenAPI definition files with
PHPDoc comments that describe the parameters and return types, as well as any thrown exceptions.
Method names for each endpoint is based on the operationId
property of the OpenAPI specification.
Here's an example using the Tracking API:
try {
$response = $client->getSingleTrackResponseUsingGET('1ZXXXXXXXXXXXXXXXX', $queryParams = [], $headers = [
'transId' => 'Track-1ZXXXXXXXXXXXXXXXX-'.time(),
'transactionSrc' => 'testing'
]);
// Do something with the response
} catch (
\ShipStream\Ups\Api\Exception\GetSingleTrackResponseUsingGETNotFoundException |
\ShipStream\Ups\Api\Exception\GetSingleTrackResponseUsingGETBadRequestException |
\ShipStream\Ups\Api\Exception\GetSingleTrackResponseUsingGETInternalServerErrorException |
\ShipStream\Ups\Api\Exception\GetSingleTrackResponseUsingGETServiceUnavailableException $e
) {
$errors = $e->getErrorResponse()->getResponse()->getErrors();
$errors = array_map(fn ($error) => $error->getMessage(), $errors);
echo 'Error: '.implode(' - ', $errors)."\n";
} catch (\ShipStream\Ups\Api\Exception\UnexpectedStatusCodeException $e) {
echo "Unexpected response received from UPS: {$e->getMessage()}\n";
} catch (\ShipStream\Ups\Exception\AuthenticationException $e) {
echo "Authentication error: {$e->getMessage()}\n";
}
Using Client Credentials flow works out of the box and requires no additional steps as the access token generation and refresh is handled internally.
To start using the Authorization Code flow set grant_type
config to Config::GRANT_TYPE_AUTHORIZATION_CODE
, then call the authorizeClient
endpoint
and redirect the user to the returned login URL:
$response = $client->authorizeClient([
'client_id' => $client->getConfig()->getClientId(),
'redirect_uri' => $client->getConfig()->getRedirectUri(),
'response_type' => 'code'
]);
// Redirect the user to the login page
header('Location: ' . $response->getLocation());
The user will be redirected back to your app after login with the authorization code that will be used to generate an access token:
$client->exchangeAuthorizationCode($_GET['code']);
The access token refresh will be handled internally so long that the refresh token is still valid.
You can check if the client is authenticated at any time by calling $client->getAccessToken()
which attempts to retrieve
the access token from the cache and refresh it if it has already expired, otherwise it throws an AuthenticationException
.
When multiple PHP processes attempt to call an endpoint while the access token is expired, a race condition may occur resulting in one process refreshing the token successfully, while the other processes will fail with Invalid Refresh Token
or a similar error. To help prevent this, locking can be enabled by passing a third argument to Client factory that can be any class implementing the AccessTokenLock
interface. A built-in implementation called FileAccessTokenLock
is provided for convenience, it takes a writable file path and uses it for locking. Example:
$client = \ShipStream\Ups\ClientFactory::create(
$config,
null,
new \ShipStream\Ups\Authentication\FileAccessTokenLock('/tmp/ups-sdk-token.lock')
);
The library uses an in-memory cache for access tokens by default which is useful when doing quick tests, but for a production
environment you'd want to use something like Redis or a filesystem cache to avoid doing round trips to generate an access token on every request.
To achieve this, the Client factory accepts a second parameter which can be any object that implements the AccessTokenCache
interface.
For example, a Redis implementation could look like this:
class RedisAccessTokenCache implements \ShipStream\Ups\Authentication\AccessTokenCache
{
private $predis;
public function __construct(\Predis\Client $predis)
{
$this->predis = $predis;
}
public function save(\ShipStream\Ups\Authentication\AccessToken $accessToken)
{
$clientId = $accessToken->getClientId();
$accessTokenKey = "access_token:$clientId";
$this->predis->set($accessTokenKey, serialize($accessToken));
}
public function retrieve(string $clientId): ?\ShipStream\Ups\Authentication\AccessToken
{
$accessTokenKey = "access_token:$clientId";
$cachedAccessToken = $this->predis->get($accessTokenKey);
if ($cachedAccessToken !== false) {
return unserialize($cachedAccessToken, ['allowed_classes' => [\ShipStream\Ups\Authentication\AccessToken::class]]);
}
return null;
}
}
$client = \ShipStream\Ups\ClientFactory::create($config, new RedisAccessTokenCache(new \Predis\Client()));
If you wish to customize how HTTP requests are made, perhaps for logging or to add additional headers, the Client factory supports a third parameter that can be any HTTP Client that implements the PSR-18 standard. E.g.:
$client = \ShipStream\Ups\ClientFactory::create($config, null, new \GuzzleHttp\Client());
Note that the HTTP Client must not throw exceptions for 4xx and 5xx responses, as those should be handled by the SDK.
The classes under the ShipStream\Ups\Api
namespace are all generated using janephp.
Run the generate.sh
script to regenerate the classes when needed.