We were born as a service for SAP customers, and as a SAP service having the default SSL port 443 with a self encrypted certificate makes a lot of sense because it removes the friction of rolling certificates but still gives the end to end encryption needed.
But we are growing, and growth means making our service fit for new market – a service that suits our system for a wider spectrum of clients from all kind of sources. So we had to take a strong but needed decision: Starting today our API servers setup is like the following:
https://api.sanctions.io for services that connect with normal requirements using a certificate by an External Certificate Authority and https://api.sanctions.io:8443 for services that require safest encryption but don’t want to have extra configuration issues when rolling the certificates, in this case with a self signed certificate
With this change, the new servers include a lot of internal performance upgrades. One of the top changes is that we expect the API token to be received in the header, so its not plain in the URL. This is not a backward incompatible change, so you can still send your API token in the url like before but for security we recommend sending it in the header now.