Security Update – Disablement of Users APIs on API v1

/in

The Marketplace team has rolled out an important security update – Disabling Users APIs on API v1.

Why is this security update important?

The Modus Operandi of most hackers who attack our platform include creating an unauthorised user using compromised API v1 keys. They later log in to the app and take control of the account to execute their unlawful agenda.

What is the new security update?

  • API v1 (legacy API version) endpoints for creating, updating, and deleting Users have been disabled.
  • Agencies that want to continue using the legacy and insecure APIs for themselves or their sub-accounts can disable the Enhanced Account Security setting in Company settings. This is not recommended and must only be used temporarily while you migrate your automation/integrations to the new API v2 endpoints.

Book a demo
See Clixio working
for your business, live.

30 minute call with our team. Personalised to your industry, no hard sell.

Book your free demo
14 day free trial · Cancel anytime

What is the roll-out plan?

We identified a few entities (agencies and sub-accounts) that used the legacy and insecure User v1 APIs in the last 30 days. To avoid disruption to these customers, we have automatically disabled “Enhanced Account Security” on the agencies’ profiles and emailed the parent impacted agencies with further details. (Subject: Important security update regarding legacy User APIs)

image