Security Enhancement for APIs!
Hello fellow geeks!
We’re making some security enhancements to the API framework.
On Apr 8, 2017, we made an announcement regarding this enhancement and gave users a specific time frame to modify any existing APIs by encoding all the characters in question. To ensure that unsafe characters used in API calls don't result in any security issues, we required users to encode some characters of a parameter value.
This year during our security audit, we found additional characters that users will need to encode to prevent further issues.
You can find the details of the encoding procedures, as well as some additional recommendations, in the link below. Please note that the link serves as a repository for any further updates regarding this enhancement.
Following is a list of unsafe characters and you need to encode them:
ASCII Control characters:
ISO-8859-1 (ISO-Latin) character ranges 00-1F hex (0-31 decimal) and 7F (127 decimal.)
Non-ASCII characters:
Entire “top half” of the ISO-Latin set 80-FF hex (128-255 decimal.)
Unsafe characters
Blank/empty space and " < > # % { } | \ ^ ~ [ ] `
- Reservedcharacters when NOT USED for their reserved or defined purposes.
Encoding needs to be done by Sept 23, 2018, but we recommend modifying your code as soon as possible to avoid any issues.