[Action Required] API Security Upgrade Test

As part of ongoing efforts to upgrade security, Qualtrics is deprecating users’ ability to access their accounts over unsecured HTTP connections.

This is a notification regarding upcoming deprecation HTTP endpoints of Qualtrics public APIs.

This email details the steps necessary to move over to the secure HTTPS endpoints and the timeline.

What is HTTPS?

HTTPS (Secure HTTP) denotes the use of HTTP with encryption protocols to create a secure connection between two machines. This encryption prevents attackers from intercepting sensitive information passed as part of a request from a website or API. This encryption is enabled when connecting to a secure part of a website or API indicated by an HTTPS URL, that is, a URL with the prefix https://.

What Action Needs to be Taken?

Version 2 API users must update the base URL of their API calls to begin with ‘https’ instead of ‘http’. This would be a simple string change in applications that call Qualtrics APIs. No additional code changes are necessary.

The base URL for the version 2 API is: https://survey.qualtrics.com/WRAPI/ControlPanel/api.php

Users that are using the API without the ‘s’ in the ‘https’ portion of the URL can search for ‘WRAPI/ControlPanel/api.php’ in their applications in order to find where it must be updated.

The deadline for switching version to API usage to HTTPS is June 15th, 2017.

After June 15th 2017, HTTP endpoint will be deprecated – which means applications that continue to call the HTTP endpoints will stop working.

Also note that API users may take this opportunity to transition to the newer version 3 API. Version 3 API  is fully RESTful and more state-of-the-art. Version 3 API documentation can be found at api.qualtrics.com.