UPDATE: Emma API no longer supporting TLS 1.0 as of August 15th, 2017

  • 1
  • Announcement
  • Updated 8 months ago
  • (Edited)
UPDATE:  We've decided to extend our TLS 1.0 support and testing ground for the new protocol until August 15th, 2017.  

Hi there Emma users!   Specifically those of you out there using our API... and even more specifically, those of you who are using the TLS 1.0 protocol with our API. 

In order to align with industry best practices for security and data integrity, we are requiring an upgrade to TLS 1.1 or higher by August 15th, 2017.   We will be disabling the TLS 1.0 protocol on that day. If you have not verified that your application is connecting using TLS 1.1+ by that time, your use of the API may break. We recommend using TLS 1.2.  

To avoid service disruption, you will need to ensure that you’re connecting via an updated version of TLS.  

We have set up a testing endpoint for you where we have already disabled TLS 1.0.  This will allow you to make sure you are ready to go for the August 15th transition. 

API Endpoint - https://api.e2ma.net - TLS1.0, TLS1.1 and TLS1.2 are currently available for use. TLS1.0 will be disabled on August 15th 2017

Temporary Testing Endpoint - https://apitmp.e2ma.net - TLS1.1 and TLS1.2 only are enabled. TLS1.0 is disabled. You can use this endpoint to validate that your application is successfully using TLS1.1+.

The API answer from both endpoints will be identical - this is only affecting the connection security layer to the endpoint. The temporary API endpoint will also be disabled August 15th as it will no longer be needed.

Please do let me know if you have any questions on this!  

-- Grey
Photo of Grey Stepp

Grey Stepp, Support Team Manager

  • 1671 Posts
  • 133 Reply Likes

Posted 10 months ago

  • 1
Photo of Benton Cummings

Benton Cummings, Senior Manager, Customer Support

  • 491 Posts
  • 52 Reply Likes
Official Response
Hi all- So sorry for the confusion on this! TLS is a security protocol that's used when communicating to and from Emma via our API.

We sent an email out to some of our customers this morning, and we found a mistake in that list so you may have received that email in error. We've sent a follow up to notify users who received the message in error, so if you received that feel free to disregard those emails and ignore this post.

For everyone else, please read on!

The API: So for example, if you're using a custom signup form that was built outside of Emma and those contacts are automatically being added to your Emma audience list when they sign up, you'd be using Emma's API as the communication pathway to let those new sign ups into your account. Think of the API as the gateway that allows communication to happen between Emma and some other outside application, form, or website.

The same would be true if you're using an integration to connect audience lists between Emma and, say, your CRM or customer database. That API key you had to generate in Emma to make the connection? That's our API too!

TLS: TLS is a security protocol used to make sure data communication between software is nice and secure. The security protocols used for data transfers will go through updates just like versions of software. So, TLS 1.0 has been found to be insecure, and we require updating any custom written software integrations to ensure secure communications with Emma. TLS 1.2 is the latest version of this security protocol. This is what would be set up on your end by your IT team or developer to ensure your data transfers are secure.

So what does all of this have to do with me? With all of the above in mind, here is who is applicable to the notification... customers who are:
•Using custom software integrations
•Connecting that custom software to your Emma account via our API
•Using TLS 1.0 as your security protocol.

Some of our customers meet these criteria and are still using TLS 1.0 and we're actually disabling that because it's old and outdated, and we don't want to support outdated security protocols. 

We don't expect everyone to know how to update their TLS version, but it'd be a good idea to check in with your IT team or developers to make sure they update to at least TLS 1.1 (we actually recommend TLS 1.2), not only for good data transfer security, but to make sure your use of our API is still going to work!
(Edited)
Photo of Grey Stepp

Grey Stepp, Support Team Manager

  • 1671 Posts
  • 133 Reply Likes
Official Response
Hi folks!   I just wanted to drop a line in here to let you know that we've decided to extend this transition time out to August 15th.  

The testing endpoint will remain active until August 15th.  

We'll post back here with any additional updates as we get them.  

Please let me know if you have any questions!

Thanks so much!

-G
Photo of Grey Stepp

Grey Stepp, Support Team Manager

  • 1671 Posts
  • 133 Reply Likes
Official Response
Hi folks!  

A quick update here to let you know that we've officially turned off accessibility for TLS 1.0 as of 8/16/2017.  

Please let me know if you have any additional questions! 

- Grey