ShopSite Forums

[shipworks]

Hi, this is Nathan from ShipWorks. I am working with a mutual client of ours, who is attempting to add his ShopSite store to his ShipWorks software, but when he does the following error message appears:

---------------------------
ShipWorks
---------------------------
ShopSite returned an invalid XML document.

Detail: The 'meta' start tag on line 5 position 2 does not match the end tag of 'head'. Line 58, position 3.
---------------------------
OK
---------------------------

Looking at the XML file that is coming from your API, it appears that HTML is being sent from ShopSite to us instead of a valid XML file and that is why the above error message is appearing in the ShipWorks software.

Any help with this matter would be appreciated.

Thanks!

[Jim]

What version of ShopSite is the store running?
If the store is running ShopSite 11 or newer what login method is enabled? ShopSite's new login or the normal webserver basic authentication method?
What product level is the store, Pro, Manager, Starter?
How is the ShopSite data being accessed?
Have you tried downloading the xml from the backoffice and importing it from that file?

[bob1008]

Hi Jim,
It is my store. The version is Shopsite Pro version 11.
I was not aware that there were different login methods. The login link brings me to a Shopsite Merchant Login screen that requires User ID, Password, And Store ID.

I was under the impression that Shipworks could be directly integrated with Shopsite. If I am incorrect, than I'll need to find another shipping program that has direct integration with Shopsite. I don't think that to download orders several times a day and then upload into Shipworks would not be a good solution timewise.

Any help you can provide would be greatly appreciated.

Thanks,
Bob

[Jim]

So you are using the new ShopSite login method if are prompted for UserID, Password and Store ID.
With this login method it requires special credentials to access the database for your store. These need to be configured under Utilities > Applications. The application you are using must be able to use these credentials for communicating with the store's database.
Using the older method it just required the application to authenticate with the server using your store username and password.. This method would not pass the PCI certification that we had to pass so the new method was implemented.

Not all applications have updated to use the new method so they probably won't work with the ShopSite login method enabled. At the time ShopSite 11 was released none of the 3rd party applications which had previously integrated with ShopSite had certified that their application would work with the latest version of ShopSite. Here is a link to the page where applications will be listed when they certify. http://www.shopsite.com/help/app-compat.html

I am not familiar with Shipworks so can't say if they are working on integration or not. You could contact them and see if they are or not. To switch back to the old login method might make it work but I don't know for sure. It is a complicated process to switch back to the old method (since it is a security feature) and would require access to the server to be able to do it. (NOTE: It would affect your PCI certification if you do it.) You would need to have your host contact ShopSite for assistance in doing that if you want to try and see if it will get ShipWorks to work for you.

[IrongateE]

For anyone else looking for a solution to this problem, I was able to successfully circumnavigate the issue using a combination of a server config file (could also be done with a .htaccess file) and ShopSite 11's Utilities > Applications setup. The steps went as follows:

1) Create application keys for your ShipWorks integration in Utilities > Applications
2) Create a new folder with IP access limited to your ShipWorks computer's public IP via .htaccess for security (you'll need a dedicated IP to do this, or change it every time your IP changes)
3) Make an empty file called db_xml.cgi in that folder to satisfy ShipWork's requirement for a filepath that includes 'db_xml.cgi' when you add your ShopSite store
4) Create an .htaccess rewrite rule that redirects all requests to the db_xml.cgi file you just made to a custom script written in your favorite language. This script needs to utilize ShopSite's OAuth framework and the applications keys generated in step 1 above
5) Build your custom script so it grabs any parameters received from ShipWorks and sends them off to ShopSite
6) Have your script print the response from the oAuth request
7) ShipWorks will read the response and fetch orders from it

Note: If you don't create the IP restriction then anyone who hits the URL of your script will see all the orders in your store, so make sure this is set up properly. Obscurity is no replacement for security. Also, this directory should only be accessed from ShipWorks via SSL (https://...../db_xml.cgi) to prevent eavesdropping on the data transfer.

I omitted sending the 'pay' param from ShipWorks to ShopSite, as I have no reason for ShipWorks to get that data, and I didn't want any unnecessary and sensitive data being transmitted. In fact, I set up the application in ShopSite to not grant access to that data either, so there would be no way that could get intercepted.

Hope that helps anyone attempting a ShipWorks-ShopSite integration. Honestly, I don't know why ShipWorks hasn't fixed this issue, as it doesn't seem very difficult to implement.

-Glen

References ------------------------------
.htacces starting point: http://httpd.apache.org/docs/current/howto/htaccess.html
ShopSite OAuth: http://www.shopsite.com/help/11.2/en-US/sc/pro/index.htm?page=/help/11.2/en-US/sc/pro/orders.download.format.xml-auto.html

[robm]

Glen,

Very nice solution to the issue! Could be applied to any 3rd party module that doesn't support oAuth.

Rob

[b0mbardo]

So basically if your not a code writer Shipworks is off the table! Damn it! Is there anyway to not log in with the new process, meaning log it say the old way?

[robm]

Your web host should be able to help you set up the old login system if you're already using the new login system. Then ShipWorks should work fine.

Rob

[b0mbardo]

Your web host should be able to help you set up the old login system if you're already using the new login system. Then ShipWorks should work fine.

Rob

Sorry for being an ign-ora-moose! but what does this have to do with my web host...would that be a shopsite thing?

[robm]

The process requires re-setting up .htaccess protection, adjusting tokens, etc... Many hosts that offer ShopSite also provide support for it and can help you make this change. We do this for our hosted ShopSite clients all the time.

If your host does not support ShopSite, you could purchase support directly from ShopSite to help you switch the login system.

Rob