To ensure the continued security of our systems, we wanted to let you know about an upcoming change to our API access. In short, we want to ensure Postmark—and your account—is as secure as possible, and we've found that there is a small portion of our traffic that is using HTTP rather than HTTPS.
Starting on November 30th (10 am EST), we will no longer be supporting HTTP connections to our API. That's three months away, but we want to give any affected customers—yourself included—a good bit of time to prepare for this change.
What you need to do
To avoid any disruptions with your email processing, please update any HTTP connections to our API to the secure version (HTTPS). For most scenarios, this is as simple as finding any place in your application/service where you call an API URL for Postmark starting with HTTP. Like this…
http://api.postmarkapp.com/server
And change it to this:
https://api.postmarkapp.com/server
That's it. However, if you have any further questions or find a configuration where you aren't sure what to change, reach out to our support team and we'll do everything we can to help out and give you any necessary instructions.
The timeline
We want to make this as easy as possible for all customers, so we'll do the following:
Sept. 1st, 2022 (today): Communicate the plan to make these changes (via email and here, on our updates page)
Sept 12, 2022: Reminder announcement
Sept. 21st, 2022: Reminder announcement
Oct. 4th, 2022: Reminder announcement
Oct. 13th, 2022: First blackout period. We'll reject access to API endpoints using HTTP for a 60 minute period
Oct. 27th, 2022: Second blackout period (8 hour period from 11 am to 7 pm EDT)
Nov. 16th, 2022: Third and final blackout period (1:00 pm EST Nov. 16th to 12:59 pm EST Nov. 17th)
Nov. 28th, 2022: Final reminder announcement
Nov. 30, 2022: Final cutover date (10 am EST)
We understand these kinds of changes can be inconvenient, but it's a step that benefits everyone. And we appreciate your cooperation on this—thanks so much!
