Try 30 days of free premium.

HTTPS now enabled on the API

When TVmaze launched in 2014, we didn't include support for HTTPS. Back then, adding HTTPS to your site was costly and required a lot of effort - especially if you wanted to properly automate the process. Since 99% of the data on TVmaze is public anyway, adding encryption wasn't a priority.

But much has changed since then. With the launch of Let's Encrypt, supporting HTTPS was suddenly free and very easy to integrate. With Let's Encrypt removing any excuses, browsers and app stores have started pushing websites towards HTTPS. Rightfully so, because it brings a lot of benefits, even when your data isn't highly confidential.

So when we had a major revision of our server infrastructure last year, we naturally included HTTPS from the ground up. Since then, all sensitive pages like login, register, profile settings and the Premium user-level API have supported HTTPS. For our public API we had to be a bit more careful. We process many tens of millions of API requests every day but operate on a shoestring budget, so we had to make sure not to introduce a lot of extra load to our servers.

After careful testing and tweaking in the past weeks, we're now confident enough. As of right now, our entire API is accessible over HTTPS, for example: Links within the API response (to other API endpoints or to image downloads) are still declared as HTTP for now, but can be requested using HTTPS as well. Note that for optimal performance we only support modern SSL configurations, so try upgrading your client if you're getting errors.

The only thing left now is to support HTTPS on the entire site itself, instead of only on a select few sensitive pages. There are a few hurdles to overcome before we can flip that switch, but we'll be working on it in 2017.

If this helped you out, please consider supporting us with a Premium subscription (enabling API access to your followed shows, watched episodes and votes) and/or supporting Let's Encrypt with a donation. Let us know if you have any questions or feedback!

Written by david at Jan 4, 2017


Login to leave a comment on this blog.
Try 30 days of free premium.