APIs and SSL

Remain calm and do not panic. We're switching to a more secure Google-wide account system. What does this mean? Basically, it means that our APIs are all going to be available over SSL. We're not turning off the old API endpoints, but tools not using SSL won't be able to send usernames and passwords over the clear. Which pretty much means they will seem broken.



The good news is, we're not just gonna leave you hanging. We're building a special PIN system for use with non SSL tools. Blogger 1.0, 2.0, and Atom 0.3 are all going to be available over SSL. Since our Atom 0.3 support is still beta, we will switch to only support HTTP Basic Authentication over SSL. As our Blogger API support is considered stable, we will support both regular passwords over SSL and a new PIN system over non-SSL connections.



So users of non SSL tools will be able to visit Blogger.com and get a special password but you'll agree this is not optimal. What we recommend and encourage is that you, gentle Blogger developer, switch to an XML-RPC toolkit that can do SSL and make the appropriate changes to your fine offerings.



We're planning on initiating this move in a few weeks and we'll work to make sure our user base understands what's going on as well. We'll keep you updated on the BDN blog with any significant news. Please accept our apologies if this switch messes up your weekend or causes you any trouble but ultimately, it's for the best--think of the

possibilities!



[originally posted by Shellen]
Previous
Next Post »