POST to https://onlinetools.ups.com/security/v1/oauth/token with grant_type=client_credentials and your UPS Developer Portal client_id and client_secret
POST to /api/shipments/v2403/ship with the Bearer token; include Shipper, ShipTo, ShipFrom address objects, PackageWeight, and Service (e.g., '03' for UPS Ground)
In the LabelSpecification object set 'LabelImageFormat' to 'ZPL' or 'PDF' and 'LabelStockSize' to '4x6'
The response returns a 'ShipmentIdentificationNumber' and base64-encoded label in 'GraphicImage'; decode and print the label
Store the ShipmentIdentificationNumber as the tracking number for subsequent tracking API calls
Known gotchas
UPS permanently retired legacy access-key authentication in June 2024; only OAuth 2.0 from the Developer Portal works for all UPS REST API calls
UPS service codes are numeric strings (e.g., '01' for Next Day Air, '03' for Ground, '12' for 3 Day Select); use the wrong code and the label will be rated at the wrong service
UPS sandbox credentials are separate from production credentials; test labels generated in sandbox cannot be tendered to UPS for pickup
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp