Wistia Deprecation Schedule
Sometimes, we need to remove functionality from our website due to safety concerns or for code health purposes. Any forthcoming deprecatons will be listed below.
Passing authentication tokens or passwords via query parameters is unsafe - from malicious actors and from passwords being exposed in logs. Wistia will be deprecating this functionality in favor of bearer tokens or other authentication schemes. please see the docs for more info on how to query the API.
We will deprecate this functionality on July 5th, 2022
Please note, we will be performing brownouts on May 16th, 2022 and June 1st, 2022. Brownouts will disable query param auth functionality for a period of time so that our customers may test their new authentication and any customers unaware of the deprecation can be notified before the deprecation fully comes into effect.
On May 16th, 2022 we will be browning out query param auth for one hour during normal business hours.
On June 1st, 2022 we will be browning out query param auth for one business day.
We will anonymously audit our API logs and reach out to customers who recently used our API with query param auth. In the meantime if you find you are passing authentication by query param, don’t wait for us! Please switch to using bearer tokens or any other form of authentication as soon as possible.
Our rate limiting code currently throws a 503 status code when an account has reached its rate limit. There is a code specific to rate limiting - 429 - that we should be using instead.
We will Deprecate this functionality on March 7th, 2022
A code audit will be needed to see if your API code is affected by this code change.
TLS stands for Transport Layer Security and is the protocol used for securing HTTPS pages. The IETF has deprecated TLS 1.0 and 1.1 as they are vulnerable to attacks that can recover potentially sensitive information.
We plan to deprecate the ability to request information from any Wistia webpage by Febuary 18th, 2022.
Wistia has anonymously gathered log information and will be contacting account owners if they have accessed the API recently with a TLS 1.0 or 1.1 connection.
Otherwise, if you are using a modern browser you should be unaffected by this deprecation.