Enforce SSL on the contacts APIs

posted Dec 27, 2012, 1:33 AM by Unknown user
Google Apps administrators now have the ability to enforce SSL connections on the Contacts APIs through a setting in the control panel. This setting provides added security against session hijacking and user impersonation. It affects these APIs:

- Contacts API
- Domain Shared Contacts API
- Google Apps Profiles API

Note that this setting will be OFF by default because some widely used legacy contacts applications do not support SSL. Early next year, [Google] will set the Enforce SSL option to ON for all new domains and all existing domains where [Google does] not detect a contacts API request from one of these legacy applications within the previous week.

For more information: