Help & Support
Follow

Action Required: Changes to LeanKit APIs

To ensure that all API usage of LeanKit is up to date with our security standards, two changes will come into effect on August 1st 2016:

  • We will no longer support non-secure access to our APIs

  • We are deprecating the use of the LeanKitKanban.com domain

So, all future API calls need to use the following format: https://{hostname}.leankit.com

If your project is using LeanKit APIs with one or both of the following:

  • plain, non-SSL HTTP protocol (e.g. http://{hostname}.leankit.com )

  • the legacy URL leankitkanban.com, (with or without HTTPS, e.g. http://{hostname}.leankitkanban.com or https://{hostname}. leankitkanban.com ).

it will need to be updated in order to continue to function as expected.

What you need to do

To ensure a smooth transition, please update your code as soon as possible. Any use of plain HTTP or of leankitkanban.com will need to be changed. If you do not make these changes, all API calls from your application will fail.

In the following examples substitute your LeanKit account's hostname for {hostname} , i.e. If your LeanKit account is at acmecorp.leankit.com , then acmecorp is the hostname.

  • example one:

    http://{hostname}.leankit.com

    becomes

    https://{hostname}.leankit.com

  • example two:

    https://{hostname}.leankitkanban.com/kanban/api/boards

    becomes

    https://{hostname}.leankit.com/kanban/api/boards

Black Out Tests

To prepare for the August 1st cut-off date, we will run two “blackout” tests, each for 2 hours, so that you can ensure that API calls in your app no longer use non-secure HTTP or reference leankitkanban.com. If you have changed your code as described above, your app should function normally during the blackout window. If you have not updated your code, then during the 2-hr blackout window all API calls from your application will fail.

Dates and Times

  • First blackout window: 7 July 2016, 13:00-15:00 U.S. Central Daylight Time (CDT) / 18:00-20:00 UTC

  • Second blackout window: 21 July 2016, 09:00-11:00 (CDT) / 14:00-16:00 UTC

  • Non-SSL calls deprecated: 1 August 2016, 10:00 (CDT) / 15:00 UTC

We recommend that you make the switch before the first blackout to avoid disruption. Our support team is available to help make this transition as smooth as we can for you.

 

Our Support team is reachable at support@leankit.com or at support.leankit.com

Have more questions? Submit a request