Category: Infrastructure, API, Informational
Summary: HTTP Strict Transport Security (HSTS) is an optional response header that enhances the security of web applications by requesting that all traffic be sent over HTTPS for a period of time. Supported by most modern web browsers (Google Chrome, Firefox, Safari, IE, etc.), standard HTTP requests will automatically be redirected to HTTPS, assuming an HTTPS connection has previously been created.
https://www.owasp.org/index.php/HTTP_Strict_Transport_Security_Cheat_Sheet
Context: Because the Platform API does not support unsecure HTTP requests, this will ensure that uninteneded HTTP requests are automatically redirected to HTTPS by the browser. This will reduce the liklihood of clients becoming the victim of man-in-the-middle attacks.
Impact: When this enhancement has been enabled, you can expect to see a response header resembling "Strict-Transport-Security: max-age=xxx; includeSubDomains" for all HTTP requests. No action is required by you, the customer, and also no behavior change other than outlined above should be seen.
Date of Change: The PureCloud Platform API will enable this security enhancement sometime within the next 30 days.
Impacted APIs: Indirectly, all APIs will be affected.