We've added functionality to allow you to rotate any client secrets you may have generated for your applications.

We added this functionality to make it easier to keep your applications secure. For more details, see Access Data on Behalf of Other Users with OAuth 2.

We’ve recently updated how we encode email headers, so that Subject Lines and the recipient headers (like TO, CC, etc) no longer require users to encode non-ASCII characters.

We made this change to make it easier for users to send emoji or non-standard text in the Subject, To Address, and To Name. Now, you can pass in those characters directly instead of having to encode them in your email.

We’re now enforcing the message search rate limit described in the Search messages by date endpoint. If you exceed the limit of 20 searches per minute, we’ll now return a 429 Too Many Requests response code. You can retry your request 60 seconds after you sent the first of the original 20 requests.

You may want to monitor your responses for an increase in 429 codes so that you can change your request system to submit no more than 20 searches per minute if necessary.

We’re enforcing the search request limit to increase system efficiency and minimize overall response time.

We’re now supporting the 401 Unauthorized response code. When a customer makes a request using any invalid or revoked API Key, we’ll respond with 401 Unauthorized. If you’re specifically targeting HTTP response codes other than 200, you may need to update your code.

Previously, we responded to requests made with an invalid or revoked API key with a 500 Server Error status code. We updated this to bring our response in line with proper semantics and allow more efficient status monitoring.

Export notification emails now include a link that prompts you to login to your Mailchimp account before you can download your report from the Exports page.

Previously, our export emails contained a direct link to download the report. We’ve updated our security to require login before you can access the report on the Exports page.

We added an empty alt tag to the pixel that is included in your emails when you’ve enabled open tracking.

Many spam filters like to see alt tags included for all images, but we’re leaving the one associated with the open tracking pixel empty so that screen readers won’t see it. This helps keep your email from being marked as spam while not creating a poor user experience for your customers who use screen readers.

We’re now checking the fields ip_signup and ip_opt for valid IPv4 and IPv6 addresses when you’re using the Add or Update List Member endpoint.

We added IP validation to the contact importer and we are updating the API to maintain feature parity.