To further improve the security and resilience of Memsource services, access to Memsource through the HTTP protocol will be disabled and access will only be available through the HTTPS protocol. Secure HTTPS has been supported in Memsource APIs and UI for many years but there are still a few customers using the insecure HTTP protocol. The use of HTTPS ensures all data transferred between Memsource and clients is encrypted during transit, using TLS 1.2 or 1.3 protocols. Use of HTTPS when accessing APIs and the UI is a crucial element guaranteeing data confidentiality and integrity.
Timeline:
-
September 2020
Initial warning to Memsource customers and users
-
November 2020
Secondary warning to customers still accessing Memsource through HTTP
-
December 10, 2020
HTTP access deprecated
To prepare for deprecation:
-
Memsource Editor for Desktop
From the menu, select and . Enter https://cloud.memsource.com in the field.
-
APIs
Replace http:// with https:// in all the URL paths of Memsource API calls.
Ensure that used libraries support TLS 1.2 or TLS 1.3 protocol and the SNI (Server Name Indication) extension of the TLS protocol. SNI was added to the TLS standard in 2003 and thus all but very old implementations should support it.
-
Custom domains
If you have a custom domain set up without an HTTPS certificate, please get in touch with Memsource support or use the standard https://cloud.memsource.com domain.