Sometime in the last few months, we went and updated our API SSL endpoints. Shame on us for not making a bigger deal about it!
In the past, to access the Flickr API via SSL you needed to use the “secure.flickr.com” subdomain… Not anymore!
Now calling the API via SSL is as easy as updating your code to call:
In fact, it’s so easy that we want everyone to use it.
You’ll notice in the API documentation that all of the endpoints have been updated to https. While OAuth adds security by removing the need to authenticate by username and password, sending all traffic over SSL will further protect our users’ data while in transit.
The SSL endpoints for the Flickr API are:
https://api.flickr.com/services/rest/ https://api.flickr.com/services/soap/ https://api.flickr.com/services/xmlrpc/
And for uploads:
Later this year we will be migrating the Flickr API to SSL access only. We’ll let you know the exact date in advance, and will run a blackout test before the big day. For applications that use well established HTTP client libraries, this should only require updating the protocol and (maybe) some updated configuration. We’ll also be working with API kit developers, so updating many apps will be a git pull away.
Of course we realize that this change might be more difficult for some. We’ll be following the Developer Support Group closely, so please let us hear your questions, comments, and concerns.
This is the first step of many improvements that we’ll be making to the API and our developer tools this year, and we’ll post additional details and timelines as we go. Want to help? We’re hiring!