I've got a client that is requesting that all their contact forms transmit data securely over SSL. We're currently using the Campaign Monitor / Mail Build API as a reference in a .NET project and passing the data from the forms using the API to MailBuild. Personally I was fairly happy that this was a secure enough way to pass the data but can anyone offer a fuller explanation that I might be able to convince our client?
Thanks in advance for any help.
In actual fact, the soap request will actually get posted as a normal POST payload would, so theoretically it could be sniffed as per your standard POSTs might. However, if you change your service endpoint to https://secure.campaignmonitor.com/api/api.asmx, you will then be making the request using SSL, and you should be able to keep your client satisfied!
I was doing my first tests with the API using https://api.createsend.com/api/api.asmx as this just worked... however, HTTPS on the standard API URI stopped working last night (CET) and is now working again. Searching the forums I found this thread and tried the URL given above, which does not work at all (it consistently times out).
Can you give us an update on using the API through HTTPS?