We have released API client libraries for the Marketing and Transactional APIs, supporting PHP, Node.js, Ruby, and Python.

We wanted to make it easier for developers to integrate their applications with both of our APIs in the language of their choice. The new libraries are generated from publicly available API specs and published on the respective package managers for each supported language.

It was possible to force multiple confirmation emails to be sent to a member when using identical PATCH or PUT requests to the Members resource. We’ve corrected this behavior by preventing the duplicate confirmation emails from being sent.

Before this change, multiple confirmation emails would be sent to a member’s inbox, which could potentially be used for abuse.

The security team has implemented stricter rules around redirect URL matching in our OAuth 2 implementation. We now only support exact matching on the redirect URI to adhere to the OAuth 2 spec.

Before this change, our redirect URL matching didn’t conform to the OAuth 2 spec. Strictly adhering to the spec results in more predictable behavior and fewer surprises.

We changed the behavior of the unsubscribe merge tag to obfuscate the email address of the person who clicked the link. Instead of showing the entire address, the md_email parameter now displays the address as something like x****@x***.*** .

Previously, if a customer clicked an unsubscribe link, their email address was displayed on the Unsubscribe page in full. By obfuscating the email address, this change provides better security.

Previously, if an object was passed as the value of the email field in a POST to the Lists/members endpoint, the server would return a 500 error. Now we return a 400 error with a clear error message.

We saw multiple occurrences of these errors in our logs. Ideally, badly formed requests shouldn’t return 500 errors, and we should give more information to callers when errors do occur.

We’ve updated our Swagger file to make it OAS 2-compliant. Our API Reference documentation is generated from our Swagger file. Before this change, we used a number of non-standard field names to control formatting in those docs. We cleaned those fields up and added testing to prevent drift in the future.

We’d heard from developers that an OAS 2-compliant Swagger would greatly improve the developer experience for the Marketing API. This update makes it possible, for example, to directly use our Swagger file in Postman to more easily make requests to our API endpoints, in addition to better integration with many other OAS-friendly tools.

Previously, null-valued entries in the properties object passed to the Events endpoint would cause a server error, returning a 500 to the client. With this change, we treat null property values as empty strings.

This change gives clients a little more flexibility with how they format the properties parameter, and it cleans up our server logs.