Techly NewsGet the app

Get the latest tech news

API Shouldn't Redirect HTTP to HTTPS


Instead of redirecting API calls from HTTP to HTTPS, make the failure visible. Either return a clear HTTP error response or disable the HTTP interface altogether. Unfortunately, many well-known API providers don't currently do so.

When an user directs their web browser to an HTTP URL, it's a common practice for the service to redirect the request to a corresponding HTTPS page. A great solution for failing fast would be to disable the API server's HTTP interface altogether and not even answer to connections attempts to port 80. Let's adopt a fail-fast approach and disable the HTTP interface entirely or return clear error responses for unencrypted requests.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of API

API

Photo of HTTPS

HTTPS

Related news:

News photo

Mediocre Engineer's Guide to HTTPS

News photo

RAG, fine-tuning, API calling and gptscript for Llama 3 running locally

News photo

Bing’s API was down, taking Microsoft Copilot, DuckDuckGo and ChatGPT’s web search feature down too

« Galaxy Ring's stop at the FCC spoils a charging 'cradle' and confirms specs
Former FTX Executive Ryan Salame Sentenced to 90 Months in Prison »