Important API Security Updates

	ON THIS PAGE ShowHide Summary of Changes For AP Media API Customers Making Direct API Requests For AP Media Agent Users API Security Requirements HTTPS Access API Key in the Request Header Example

To safeguard AP systems and strengthen the security of AP Media API, the AP has deprecated two optional access features and will require more secure protocols by June 25, 2024. We are doing this proactively and as a preventive measure, following best practices, to keep our data and systems secure.

Important
You MUST review your API implementation to determine if you need to make changes before the deprecated methods are completely blocked on June 25, 2024.

Summary of Changes

Stop unencrypted HTTP access. All requests must use the more secure, encrypted HTTPS protocol.
Stop accepting the API key in a URL query parameter. The API key must be supplied in the HTTP request header.

For AP Media API Customers Making Direct API Requests

If you are making direct requests to AP Media API, you MUST update your API requests per the API Security Requirements. You can start making these changes immediately. Please make sure to complete them by June 24, 2024, so that your API calls will not fail once we perform the security updates on June 25.

AP Media API has always supported these recommended access methods, so customers already using them will require no changes. Make sure to verify and if necessary, update your API usage to avoid losing access on June 25, 2024.

For AP Media Agent Users

If you are using AP Media Agent, please note that a new agent version has become available. We strongly recommend that you upgrade to this version, Agent 11.x, as soon as possible, to avoid content interruption when we perform the security updates on June 25.

For customers who do not complete the upgrade by June 1, we will begin auto-upgrading customer agents to the latest version starting between June 1 and June 24. We highly encourage customers to upgrade on their own. All agents prior to the upcoming Agent 11.x will become inoperable on June 25, 2024.

API Security Requirements

HTTPS Access

Use HTTPS with TLS 1.2 or 1.3 for all API requests to api.ap.org.

API Key in the Request Header

To authorize each request, supply the API key in the x-api-key HTTP request header.

Note
The x-apikey header is also currently supported.

Example

Before:

Request URL

http://api.ap.org/media/v/content/feed?q=productid:41664&apikey=abcdef12345

After:

Request URL

https://api.ap.org/media/v/content/feed?q=productid:41664

Request Header

x-api-key: abcdef12345

If you still require additional assistance, please contact AP Customer Support.

For current system status or system maintenance information for our AP Media API platform, please visit the AP Customer Zone website.

THE ASSOCIATED PRESS