It came to our attention recently that certain developers have started to use our REST API over the non-secure HTTP protocol (e.g. not HTTPS). The HTTP access to our REST API was meant for sandboxing and testing purposes only — we have never promoted or encouraged using API endpoints starting with the non-secure http:// protocol.
However, since some integrations and calls do happen on the HTTP protocol without encryption this has become a concern for us. The main reason this approach is not secure and highly discouraged is that it exposes the API tokens (and user credentials, if authorization requests are performed) in transit which in turn could compromise account security.
To address this issue, we are going to drop HTTP (non-secure, e.g. http://) access to our REST API from May 11, 2015 12:00 PM UTC (1 PM in London; 5 AM in San Francisco). This is in the interest of keeping your data secure in Pipedrive. (more…)