No longer redirecting HTTP requests
Currently, when an HTTP request is sent to the Marketing API, we redirect it to HTTPS. Starting in July, we’ll stop redirecting these requests and instead return an HTTP 426 error code indicating the request needs to use HTTPS.
Users with affected API keys or Authorized Apps received an email about the upcoming change.
Although the Marketing API only accepts HTTPS requests, providing a redirect means it still supports sending an initial HTTP request that transmits a user’s sensitive information in plaintext. Returning a 426 error with the appropriate message helps ensure integrations are sending their requests securely.
July 13, 2021