HTTPS Guidance for Users

To improve security and privacy, we are moving our web pages and services from HTTP to HTTPS.

The HTTP protocol does not provide encryption - anyone who can see web traffic between a client (e.g. a web browser) and a server can intercept potentially sensitive information and/or inject malware into users' browsers or operating systems.
HTTPS solves this problem by encrypting web traffic between a client and a server in both directions, so that observers cannot intercept or tamper with the client's requests or the server's responses. It also provides authentication, ensuring that the client is communicating with the intended server given by the hostname, and not some impostor.

Timeline

We will support separate HTTP and HTTPS services until February 28th, 2018. From March 1st, 2018 the HTTP traffic will be automatically redirected to HTTPS. We intend to maintain these redirects indefinitely, but it is to your advantage to update your applications to use HTTPS as soon as possible, both for performance and security reasons.

Interactive users

If you access our pages only through a Web browser (like Chrome, Firefox, Safari, Internet Explorer, Opera, etc.), the only change after the switchover date is that a green lock icon should appear inside the URL box of your browser, and the web addresses of the pages you visit will start with https://. If you are concerned about the warnings that some recent versions of Web browsers display for HTTP sites, you can already start using our HTTPS URLs now and update your bookmarks and links accordingly.

Programmatic users

If you maintain software that uses our REST APIs (webservices), you should act before the switchover date to ensure uninterrupted service. Applications that access web servers using http:// URLs instead of https:// URLs may fail after a switch to HTTPS for the following reasons:

After the switchover date, our servers will:

To ensure that your applications work before and after the switchover, update them as soon as possible so that URLs for all requests to our servers start with https:// instead of http://.