Can I call an API on an ssl-encrypted page?
July 7, 2008 6:20 PM   Subscribe

Can an ssl-encrypted page call data from another site/domain via an API without compromising its encryption? I want to add a cool feature, but I don't want customers to encounter a warning that the page asking for their credit card info "contains both secure and non-secure items."
posted by subpixel to Technology (5 answers total) 1 user marked this as a favorite
 
Best answer: What kind of API? If it's something like AJAX that's embedded in the page and calls a cross-site script, then, no. If it's an API called by your server side technology (such as a SOAP service), then yes.
posted by justkevin at 6:35 PM on July 7, 2008


e.g. as far as the client's browser is concerned, all data must source from the same SSL server.
posted by judge.mentok.the.mindtaker at 6:56 PM on July 7, 2008


The simpler a page asking for my credit card number is, the more likely I am to trust it. Save cool for the rest of your site.
posted by orthogonality at 7:37 PM on July 7, 2008


>e.g. as far as the client's browser is concerned, all data must source from the same SSL server.

Incorrect. You can have content one one secured page from multiple sources, but all sources must be secured by an SSL themselves and all links/embeds must utilize the https protocol.
posted by phredgreen at 5:01 PM on July 13, 2008


...content on one...
posted by phredgreen at 5:01 PM on July 13, 2008


« Older Stuck between Rev and a hard place   |   Create local finder links for mail.app Newer »
This thread is closed to new comments.


Tags

Share