Google forces developers to use SSL with its APIs

SOFTWARE DEVELOPER Google is forcing the use of SSL in some of its application programming interfaces (APIs) as it tries to improve security.

Google already uses SSL with several of its applications including Gmail and Google Docs, but now the firm has turned its attention to developer APIs. The firm will require all users of its Documents List, Spreadsheet and Sites APIs to use SSL after 15 September.

Google added that developers using its existing Oauth authentication API will continue to work with HTTPS URLs. For users of Google's services, the changes should be almost transparent. Aside from a change in the URL prefix from "http://" to "https://", the decision to drop clear-text HTTP requests should help decrease the chances of users falling victim to man-in-the-middle attacks.

Recently a number of popular web services have been implementing SSL security protection. Last year Microsoft's Hotmail brought in SSL, while Facebook is slowly rolling out support for SSL as well. Micro-blogging and social messaging service Twitter has also offered its users the option of using SSL to protect the integrity of their messages.

While Google is forcing developers use SSL with some of its APIs, the firm strongly recommends the use of SSL, urging that this move will help protect users' data.

Developers will have until 15 September to get their code in order before Google waves goodbye to plain text Internet transactions, hopefully signalling other web-based services to do the same. µ