Google Mandates SSL For Developer APIs - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Mobile // Mobile Applications

Google Mandates SSL For Developer APIs

API requests for Google Documents List, Google Spreadsheets, and Google Sites will be required to use secure sockets layer connections.

Top 15 Google Apps For Business
Slideshow: Top 15 Google Apps For Business
(click image for larger view and for full slideshow)
Google this week announced that it will soon begin requiring secure sockets layer (SSL) encryption to use more of its products, and in particular for the APIs that developers call to access Google's products and services.

Starting on September 15, "Google will require that all users of Google Documents List API, Google Spreadsheets API, and Google Sites API use SSL connections for all API requests," said Adam Feldman, who's part of the Google developer team, in a blog post. In other words, all calls will have to be made to an HTTPS address. Any HTTP requests will be rejected.

"We strongly recommend that you convert all your API clients as soon as possible to help protect your users' data," said Feldman. That's because using SSL prevents attackers from being able to intercept Google users' communications with the site.

Wireless eavesdropping has long been possible using off-the-shelf tools. But last year's release of Firesheep -- a free tool to automatically intercept people's communications with sites such as Google, Facebook, and Twitter, when browsed via unsecured WiFi connections -- brought widespread attention to the problem.

Most Google APIs already support SSL, and the Google Maps API this week began offering SSL to all developers. Previously, that feature was reserved for premium customers. Expect future APIs to be SSL-only. From a user standpoint, meanwhile, Gmail already defaults to SSL, Google Docs requires it, and Google now encrypts Web searches.

Google's new SSL requirements continue to place it well ahead on the encryption adoption curve. Starting in January 2010, for example, Google made HTTPS the default for accessing Gmail. For comparison, Facebook didn't begin rolling out HTTPS until January 2011.

Also this week, Twitter announced that it's added a persistent HTTPS feature to its site. The feature is available as the "Always use HTTPS" setting at the bottom of a user's settings page. Previously, users needed to browse to to use SSL. Mobile users, however, must still log in using to use SSL.

For now, HTTPS remains an optional feature for Twitter users, and isn't yet available via all third-party Twitter applications. "In the future, we hope to make HTTPS the default setting, " said Carolyn Penner, who handles communications for Twitter, in a blog post.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

Pandemic Responses Make Room for More Data Opportunities
Jessica Davis, Senior Editor, Enterprise Apps,  5/4/2021
10 Things Your Artificial Intelligence Initiative Needs to Succeed
Lisa Morgan, Freelance Writer,  4/20/2021
Transformation, Disruption, and Gender Diversity in Tech
Joao-Pierre S. Ruth, Senior Writer,  5/6/2021
White Papers
Register for InformationWeek Newsletters
Current Issue
Planning Your Digital Transformation Roadmap
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
Flash Poll