The Register® — Biting the hand that feeds IT

Feeds

Google to enforce SSL encryption on developer APIs

September 15: HTTPS or nothing

By Cade Metz, 18th March 2011
  • print
  • alert

Cloud storage: Lower cost and increase uptime

Google will soon require the use of SSL encryption with three of its developer-facing APIs.

Beginning September 15, Google will require all developers to use SSL connections for all requests through its Google Documents List, Google Spreadsheet, and Google Sites APIs. In other words, these APIs will only accept requests via HTTPS. If you make a request to an old HTTP address, such as http://docs.google.com/feeds/default/private/full, it will no longer work. You must use https://docs.google.com/feeds/default/private/full.

If you're using the latest version of the Google Data Client libraries, Google says, you needn't change anything. Those libraries already use SSL across the board. If you're not using those libraries, you must change all HTTP URLs in your code to HTTPS.

Google is not requiring SSL on all its APIs, but it "strongly recommends" that you use such encryption with all your Google API clients. The company has started with the Document List, Spreadsheet, and Sites API because most traffic to these APIs is already encrypted with SSL.

Mountain View has led the web in the gradual migration to SSL encryption: Gmail now defaults to SSL, it's an option with Google web search, and Google Docs – the company's online word processor – requires SSL. But other big names, including Facebook, have followed suit.

With most Google APIs, SSL is used with technical documentation, client libraries, and code samples already use SSL. This week, the company also announced that the Google Maps API is now offering SSL to all developers. Previously, it only offered SSL to "Premier" customers. ®

Customer Success Testimonial: Recovery is Everything

COMMENTS

House Rules Send Corrections
All Reader Comments (2)
Latest Comments
Elex

I would if I could.

I'd like to use https for the Google Maps API, but it's not possible. Hopefually that will happen soon so I won't have to choose beween having some pages HTTP and having certificate warnings.

0
0
Anonymous Coward

Ironic

Google enforcing SSL is somewhat ironic when Android doesn't even support client certificates and Google have been avoiding the problem forever. Upshot is that clients can't authenticate themselves and I can't connect to my IMAP server with my Android phone.

0
1

More from The Register

Interwebs taunt Sir Jony over Apple eye candy makeover
Hey Ive, Ive... add more unicorns, willya?
79
Apple: iOS7 dayglo Barbie makeover is UNFINISHED - report
Plus: You don't like the icons? Blame marketing
104
Red Hat to ditch MySQL for MariaDB in RHEL 7
So long, Oracle! Don't let the door hit you on the way out
61
Java EE 7 melds HTML5 with enterprise apps
New release arrives with GlassFish, NetBeans support
12
breaking news
'Office Facebook' firm Tibbr wants you to PAY for mobe-meetings app
Great idea. Punters won't cough for it though
9
SCO vs. IBM battle resumes over ownership of Unix
Zombie lawsuit back and wants to suck the brains out of Linux
97
breaking news
The only Waze is Google: Ad giant tipped to gobble map app 'for $1.3bn'
Pac-Man-satnav-ish upstart in bidding war with Apple, Facebook
16
breaking news
PM Cameron calls for modern, programmable computers! (We think)
IT education musings to G8 chiefs to mystify IT industry
105
Apple at WWDC: Sleek new iOS, death of the big cats, pint-sized Mac Pro
CEO Cook: 'The biggest change to iOS since the introduction of the iPhone'
151
Chrome and Firefox are planet-wreckers, IE cuddles dolphins
Microsoft-commissioned study finds IE sucks less power than rival browsers
98