October 19, 2020

Internal infrastructure improvements

Tagged: Marketing, Update

What

We rewrote large parts of the API internals. There should be little to no external impact on API behavior, besides slight performance fluctuations.

Why

The internals of the API had accumulated a fair bit of kludge over the past 5-10 years, so we rewrote a good portion of them and have identified several discrepancies in behavior across endpoints. During the rewrite, we learned about and ironed out many of the discrepancies that were causing friction internally — and in the process, we identified further changes that we’ll implement in the future to make behaviors across the APIs more consistent.

    October 13, 2020

    Assorted spec and documentation fixes

    Tagged: Marketing, Update

    What

    We made a variety of fixes to our Swagger spec to improve the documentation.

    Why

    There were endpoints included in the documentation that have no function except to organize the path hierarchy. For example: /reporting. We removed them since they’re not useful on their own. Additionally, there were some body parameters included incorrectly, for properties that are read-only and can’t be passed in as a parameter

    October 1, 2020

    Ensuring codegen references latest Swagger spec

    Tagged: Marketing, Update

    What

    We updated our Swagger spec to make it match the spec used in the codegen repo.

    Why

    We use a Swagger spec to produce API client libraries from the codegen repo. Doing this required tweaking the Swagger spec that’s automatically produced by our internal API definitions, so there was some drift between the spec in the codegen repo and the one we produce automatically. We backported the changes, so our automatically-produced spec matched the one in the codegen repo. Now that this work is done, we can rely on the automatically produced spec for client libraries.

    August 27, 2020

    Deprecated fields in the Growth History endpoint

    Tagged: Marketing, Deprecation

    What

    We’ve stopped calculating the (deprecated) existing, options, and imports fields for the Growth History endpoint, and API responses will have a value of zero for these fields.

    Why

    The data in these fields can be accessed in a more understandable way in other fields, and returning the data in these fields was slow and added infrastructure load when these endpoints were requested.

    August 24, 2020

    New client libraries for Marketing and Transactional APIs

    Tagged: Marketing, Transactional, New

    What

    We have released API client libraries for the Marketing and Transactional APIs, supporting PHP, Node.js, Ruby, and Python.

    Why

    We wanted to make it easier for developers to integrate their applications with both of our APIs in the language of their choice. The new libraries are generated from publicly available API specs and published on the respective package managers for each supported language.

    August 19, 2020

    Preventing multiple confirmation emails on PATCH or PUT to Lists/Member endpoint

    Tagged: Marketing, Update

    What

    It was possible to force multiple confirmation emails to be sent to a member when using identical PATCH or PUT requests to the Members resource. We’ve corrected this behavior by preventing the duplicate confirmation emails from being sent.

    Why

    Before this change, multiple confirmation emails would be sent to a member’s inbox, which could potentially be used for abuse.

    August 11, 2020Action Required

    Stricter rules for URL matching in OAuth 2

    Tagged: Marketing, Update, Action Required

    What

    The security team has implemented stricter rules around redirect URL matching in our OAuth 2 implementation. We now only support exact matching on the redirect URI to adhere to the OAuth 2 spec.

    Why

    Before this change, our redirect URL matching didn’t conform to the OAuth 2 spec. Strictly adhering to the spec results in more predictable behavior and fewer surprises.

    May 4, 2020

    Obfuscated emails on the Unsubscribe page

    Tagged: Transactional, Update

    What

    We changed the behavior of the unsubscribe merge tag to obfuscate the email address of the person who clicked the link. Instead of showing the entire address, the md_email parameter now displays the address as something like x****@x***.*** .

    Why

    Previously, if a customer clicked an unsubscribe link, their email address was displayed on the Unsubscribe page in full. By obfuscating the email address, this change provides better security.

    April 18, 2020

    Improved error messaging on malformed requests to the Members endpoint

    Tagged: Marketing, Update

    What

    Previously, if an object was passed as the value of the email field in a POST to the Lists/members endpoint, the server would return a 500 error. Now we return a 400 error with a clear error message.

    Why

    We saw multiple occurrences of these errors in our logs. Ideally, badly formed requests shouldn’t return 500 errors, and we should give more information to callers when errors do occur.

    March 13, 2020

    API Swagger spec now OAS 2-compliant

    Tagged: Marketing, Update

    What

    We’ve updated our Swagger file to make it OAS 2-compliant. Our API Reference documentation is generated from our Swagger file. Before this change, we used a number of non-standard field names to control formatting in those docs. We cleaned those fields up and added testing to prevent drift in the future.

    Why

    We’d heard from developers that an OAS 2-compliant Swagger would greatly improve the developer experience for the Marketing API. This update makes it possible, for example, to directly use our Swagger file in Postman to more easily make requests to our API endpoints, in addition to better integration with many other OAS-friendly tools.

    February 26, 2020

    Minor improvement to parameter handling in the Events endpoint

    Tagged: Marketing, Update

    What

    Previously, null-valued entries in the properties object passed to the Events endpoint would cause a server error, returning a 500 to the client. With this change, we treat null property values as empty strings.

    Why

    This change gives clients a little more flexibility with how they format the properties parameter, and it cleans up our server logs.