Security Update – Disablement of Users APIs on API v1

The Marketplace team has rolled out an important security update – Disabling Users APIs on API v1.

The Modus Operandi of most hackers who attack our platform include creating an unauthorised user using compromised API v1 keys. They later log in to the app and take control of the account to execute their unlawful agenda.

• API v1 (legacy API version) endpoints for creating, updating, and deleting Users have been disabled.
• Agencies that want to continue using the legacy and insecure APIs for themselves or their sub-accounts can disable the Enhanced Account Security setting in Company settings. This is not recommended and must only be used temporarily while you migrate your automation/integrations to the new API v2 endpoints.

–

We identified a few entities (agencies and sub-accounts) that used the legacy and insecure User v1 APIs in the last 30 days. To avoid disruption to these customers, we have automatically disabled “Enhanced Account Security” on the agencies’ profiles and emailed the parent impacted agencies with further details. (Subject: Important security update regarding legacy User APIs)