We’re Going HTTPS: Here Is What You Need to Know

Posted: July 21st, 2016Author:

We want to let you know that after September 15, 2016 we will be moving the Appery.io platform to HTTPS protocol. This blog post explains everything that you need to know about this update.

Why the switch to HTTPS? Going to an HTTPS page (instead, of HTTP page) protects you against malicious activities, such as site forgery, content alteration, and others.

 Backend Services

All Appery.io Backend Services already use HTTPS protocol so there is nothing you need to do here. This means that when you invoke an Appery.io backend service from an app such API Express, database, or Server Code script, the REST API URL uses HTTPS. This has been supported from the very beginning of our platform.

Screen Shot 2016-07-20 at 11.54.33 AM

Secured API Express service.

  App Builder

The Appery.io App Builder will be switched to HTTPS (currently, HTTP is used). Again, nothing to do here. When you launch the App Builder you will see a secure icon in the address bar.

secure_appbuilder_url

App Builder secure domain.

 

  Running/Testing an App in the Browser

When you launch your app in the browser, the app URL (with frame and without) will be switched to using HTTPS protocol. Besides securing the data between the app and the server, this switch will resolve the problem running an unsecured Geolocation lookup in Chrome browser.

  Invoking Unsecured REST API

Most 3rd party REST APIs support HTTPS. In case a service you are using works with HTTP — you will need to switch it to HTTPS or the service will fail to invoke from a secure page. In other words, browsers don’t allow invoking a service running on HTTP when the page is loaded from HTTPS. We recommend the following two approaches to updating your service:

  1. Invoke the REST API from the server using API Express or Server Code. We recommend this approach as it provides additional benefits such as more API security and the option to change app logic without impacting the app (client). Learn more about this approach.
  2. If supported by the provider, switch the service to use HTTPS.

You will see an error when running/testing an app in a browser. This is not a problem when an API is invoked from a hybrid app.

  Publishing as Mobile Web App

Appery.io has supported publishing an app as a mobile web app since the beginning. When publishing to an Appery.io domain (name.app.appery.io) HTTS is supported. Later in the fall (after the September update) we will also support HTTPS for custom domains.

  What You Need to Do

You probably don’t need to do anything unless your app uses HTTP REST API. If your app does use HTTP REST API there are two approaches we recommend in this blog post. If you don’t switch to HTTPS or to a server-side approach, the service will not work.

If you have any questions about this, please reach to our support team.