As public WiFi becomes increasingly ubiquitous, Google today announced improved support for SSL (Secure Sockets Layer) across many APIs, and recommending that any application that manages user data switch to using SSL. Requiring SSL improves security by encrypting data communications between users and Google, better protecting it from being intercepted by a malicious third party.
Starting September 9, 2011, Google will require that all users of Google Documents List API, Google Spreadsheets API, and Google Sites API use SSL connections for all API requests. Specifically, this change will disallow all HTTP requests, responding with an HTTP 400 Bad Request response. API requests will only be accepted via HTTPS. For e.g., a request to http://docs.google.com/feeds/default/private/full will no longer pull a list of a user's documents. Instead, a request must be made to https://docs.google.com/feeds/default/private/full.
"Although we're initially requiring SSL for only a few APIs (those whose traffic was already mostly over SSL), it's strongly recommend that you convert all your API clients asap to help protect your users' data. Check the documentation for each API for more info about that API's SSL support, including the updated Google Documents List API documentation, Google Spreadsheets API documentation, and Google Sites API documentation."
Further, the Google Maps API, which previously offered SSL only to Premier customers, is offering SSL to all developers starting today.
"In addition to offering access over HTTPS, all of the Maps APIs (with the continuing exception of the Places API) will continue to be accessible over HTTP, and we recommend that sites using the API purely to display public data, such as store locations, continue to use HTTP for optimal performance," stated Google.
"We want to ensure that applications using the Google Maps API are free to follow this recommendation. As such we're happy to offer free access to Maps API v3, Static Maps API, and Maps API Web Services over HTTPS to all developers from today. To load the Maps API v3 over HTTPS, the API must be loaded from the hostname maps-api-ssl.google.com. For the Static Maps API and Web Services, please use maps.googleapis.com."
Please note: that although SSL access is now available to all developers, the terms of the Maps API haven't changed. If your site uses SSL because you charge for access to your app, or because your app isn't publicly accessible to all users, you must still purchase a Maps API Premier license.