Skip to content

Skip to looking for section

Moving From HTTP to HTTPS

Component ID: #ti464599868

What is happening?


To improve security and privacy, and by federal government mandate, the U.S. Census Bureau will stop receiving Application Programming Interface (API) calls at http://api.census.gov/data on August 28, 2017 and will instead use HTTPS.

If you use the Census Data API only through a web browser (like Safari, Firefox, Chrome, Internet Explorer, Opera, etc.), this change will not affect you. The only noticeable changes after the deadline will be a green lock icon appearing inside the search box and the web addresses of the Census Data API pages you visit will start with https://.

If you maintain software that uses the Census Data APIs, please take action before the deadline to ensure uninterrupted service.

Applications that access the Census Data API web servers using http:// Uniform Resource Locators (URLs), instead of https:// URLs, may fail partially or completely after the U.S. Census Bureau switches to the HTTPS-only standard.

Component ID: #ti1350997726

Update Your Applications As Soon As Possible

The Census Data APIs are all available now on HTTPS, so you can update your software immediately.

To ensure that your applications work before and after the switch, update them so that URLs for all requests to the Census Data API start with https:// instead of http://. For example, if your application searches the American Community Survey using
<http://api.census.gov/data/2014/acs/flows.html>, update it to
<https://api.census.gov/data/2014/acs/flows.html>. Please report any problems you encounter to <cnmp.developers.list@census.gov>.

Once you have updated and tested your application, it will continue to work as before and no other action is required. This is the best option for scripts, Common Gateway Interface (CGIs), and other web client software for which you have the source code and the ability to update it and deploy a new release before the deadline.

Component ID: #ti217817704

After Deadline, Applications That Access Census Data APIs Using HTTP May Fail

After the switch, applications that still try to access the Census Data API via HTTP (i.e., on port 80) may fail for a few possible reasons:

  1. Your programming environment's HTTP facility does not automatically follow redirects from HTTP to HTTPS. Some libraries follow redirections from HTTP to HTTPS; others do not. Java's URLConnection, for example, does not automatically follow HTTP-to-HTTPS redirects by design, even for safe methods like GET and HEAD.
  2. Your application uses HTTP verbs other than GET. All other HTTP requests to HTTP URLs at the Census Data API will fail unconditionally (with HTTP 403 Forbidden) after the switch.
  3. Your application accesses the Census Data API resources through a proxy. Some organizations use proxy servers to access the Census Data API. These proxy servers must communicate with the Census Data API using HTTPS, which means they need valid certificates. If your application accesses the Census Data API through a proxy, check with the proxy vendor about HTTPS support and how to add or update certificates.
  4. Your programming environment does not support HTTPS.

In any of these cases, if the application does not work with HTTPS, the only solution is to update all your Census Data API URLs to use HTTPS exclusively.

X
  Is this page helpful?
Thumbs Up Image Yes    Thumbs Down Image No
X
No, thanks
255 characters remaining
X
Thank you for your feedback.
Comments or suggestions?