Blue Tracker
World of Warcraft Blue Posts
Diablo II: Resurrected Blue Posts
Diablo III Blue Posts
Hearthstone Blue Posts
Overwatch Blue Posts
Heroes of the Storm Blue Posts
Diablo IV Blue Posts
BlizzCon Blue Posts
Warcraft Rumble Blue Posts

HTTP access

Forum Avatar
poke.3712
#1 - May 20, 2013, 2:55 p.m.
Blizzard Post

Hey, I’m working on integrating some API information on the official wiki, but there is something that prevents me from doing so: The APIs are served via HTTPS, making AJAX requests from the wiki (served via HTTP) impossible.

Would it be possible to also serve the API over HTTP (at least the ones you have right now; I understand that more special ones that might come would somewhat need a secure connection)? Otherwise I will have to create some dummy server that prepares the data, or need to do some server-side wiki stuff.

Forum Avatar
Cliff Spradlin
#2 - May 20, 2013, 2:57 p.m.
Blizzard Post

It seems to me like a better option would be to convert the wiki over to HTTPS.

We want HTTPS Everywhere!

Forum Avatar
Cliff Spradlin
#11 - May 20, 2013, 3:59 p.m.
Blizzard Post

We’ve added support for CORS to solve this problem. Please refer to the API Changes thread for more information. We don’t plan to add support for JSONP at this time — we consider it obsolete now that CORS exists.

Forum Avatar
Cliff Spradlin
#23 - May 21, 2013, 9:35 a.m.
Blizzard Post

We’re not planning to allow HTTP access to the API. This is for both practical and philosophical reasons.

Yes, the APIs available now are freely accessible, but authenticated APIs in the future will require encryption as part of their security architecture. All of our current web sites and web services require HTTPS, and this API will be no different.

Please do not disable HTTPS certificate validation to work around certificate errors.

It sounds like Oracle is not including our certificate issuer’s root certificate into Java by default. We’re talking to our issuer to see if we have any options.

The right solution for now for Java programmers is probably to embed the root certificate for api.guildwars2.com into Java applications dynamically.

I’d appreciate it if a Java developer here could post steps on how to do that so that others can work around this issue safely for now.

Forum Avatar
Cliff Spradlin
#26 - June 18, 2013, 4:30 p.m.
Blizzard Post

Hi,

We’re rolling out an experimental new SSL certificate for api.guildwars2.com. Hopefully the new certificate will resolve the certificate verification issues that developers have been experiencing on some platforms.

There’s a DNS change involved, so it unfortunately won’t be an instant transition.

Please reply if you have any trouble with or comments about the new certificate.

Thanks!

Forum Avatar
Cliff Spradlin
#31 - June 19, 2013, 8:42 a.m.
Blizzard Post
Rurik Telmonkin.3648:

Can someone inform those of us less intelligible about SSL certs how to get the new certificate that we need for this? Java users especially will be having lots of trouble now due to Java not automatically including startcom’s certificates.

Hi,

I wasn’t very clear about this earlier. The new certificate has a different root (GeoTrust) which is included by default in Java’s certificate store. With the new certificate, you should be able to remove all the weird manual cert stuff you’re doing in java, because a normal connection to the API should just work.