HTTP is abandoned again! WeChat Official Account API only supports HTTPS calls

In September, the WeChat public platform issued an announcement requiring developers to switch existing services called via HTTP to HTTPS calls as soon as possible. The platform will stop supporting HTTP calls on December 30, 2017. There are 3 months left until the deadline required by WeChat, how can developers quickly upgrade the relevant servers to HTTPS encryption within 3 months?




WeChat Official Account API Stops Supporting HTTP Calls

WeChat Announcement Text: To ensure data transmission security and improve business security, the official platform will no longer support HTTP calls. To avoid affecting services that contain HTTP calls in normal use, developers are requested to adjust as soon as possible, and switch existing HTTP calls to HTTPS calls. The platform will stop supporting HTTP calls on December 30, 2017. Suggestions for switching the interface calling method to HTTPS calling: 1. The background program calls the interface of api.weixin.qq.com, using the HTTPS method, and connecting to port 443. For the modification method, please check the support of HTTPS in various programming languages. 2. If the HTML page accesses the URL of api.weixin.qq.com, if it is HTTP, please specify HTTPS directly. 3. For URL access to api.weixin.qq.com from programming languages ​​such as javascript, please change from HTTP to HTTPS. Taking H5 as an example, when we first logged in to the H5 page, it would display "This page is developed by XXX, please confirm the authorization of the following information", which means that the H5 is accessing the WeChat server, and the individual of the WeChat user needs to be called from the WeChat server. Basic information, such as nickname, avatar, gender, city area, etc. It can be successfully called whether using http or https before. But starting from December 30 this year, only the more secure HTTPS can call the interface, thus ensuring the security of users' personal information. Why does the WeChat interface have to use HTTPS?













 







In recent years, WeChat has continuously opened up various interface capabilities and data capabilities of the platform to third parties, allowing third parties to help the official account meet vertical industry needs. Nowadays, more and more WeChat official accounts are empowered, and functions such as login authorization, obtaining basic user information, and obtaining user geographic location are gradually opened to WeChat authentication accounts.



Guangdong Unicom, China Merchants Bank Credit Card Center, China Southern Airlines and other companies have begun to provide services based on the official account; the "Shenzhen Traffic Police" official account uses WeChat as the entrance, allowing users to enjoy scan code payment, face authentication to bind vehicles and driver's licenses, WeChat payment electronic Receipt and other functions; WeChat's new function "WeChat Payment Merchant Assistant" applet, which can obtain recent customer consumption data and other content; Hundreds of millions of people use various services such as appointment registration and takeaway orders on the official account. These functions make the WeChat official account a big data center, and at the same time make everyone have higher expectations for information security.



The HTTP protocol sends content in clear text and does not provide any data encryption. An attacker can easily intercept the clear text data transmitted between the client and the website server through data packet capture, and directly obtain important information. Therefore, the HTTP protocol is not applicable. For the transmission of some sensitive information, such as credit card numbers, passwords, etc.



The HTTPS encryption protocol can establish an SSL encrypted channel between the client and the WeChat server to ensure that user data is securely transmitted through encryption and sent to the correct client and server, preventing data from being hijacked or illegally tampered with during transmission, protecting The confidentiality and integrity of data can effectively prevent data leakage, traffic hijacking, man-in-the-middle attacks or phishing attacks. In the future, it will gradually replace HTTP and be widely used on the Internet.



Wotong SSL certificate helps developers to quickly upgrade HTTPS

Wotong SSL certificate new products, the world's top-level root of trust, supports all browsers and mobile terminals, and can be used to implement HTTPS applications required by public platforms such as WeChat interface calls and WeChat mini programs. During the National Day, Wotong CA launched the most powerful SSL certificate promotion in history, providing users with a variety of affordable SSL certificates, and sharing discounts for multi-year, multi-domain and wildcard domain name certificates. Wotong CA's professional customer service and technical support team responds to user needs 7×24 hours, helps WeChat developers properly deploy HTTPS encryption, and quickly upgrade HTTPS encryption in the next 3 months.