Developers: Upcoming SSL Certificate Change

On March 1, 2014, the SSL certificates for https://api.pushover.net/ and https://pushover.net/ will be changing to a new wildcard certificate covering *.pushover.net.

For most of our end-users, and developers accessing our API, this change will be transparent and nothing is required on your part. Your web browsers already support wildcard certificates, as do our iOS and Android device clients.

While the CA chain remains the same for the new certificate, some developers or users of our API may be using older SSL libraries that do not support wildcard certificates when doing SSL hostname verification. This may cause SSL validation errors and prevent your scripts and applications from properly accessing our API. Most modern SSL libraries like OpenSSL, as well as any clients that use it like curl, do support wildcard certificates.

In order to test your applications with our new certificate, we have setup https://newapi.pushover.net/ with the new wildcard certificate. All existing API endpoints are the same at the new host:

https://api.pushover.net/1/messages.json

becomes:

https://newapi.pushover.net/1/messages.json

Note: This new hostname is for short-term testing only, and should not be used in your production environment. On March 1, 2014, we will switch to the new wildcard SSL certificate everywhere and the newapi.pushover.net DNS record will be removed.

If you have any questions about this change, please feel free to contact us.

API Change: Application Token Required for Sounds Request

Note: This does not affect most Pushover users, only developers that have integrated Pushover into their applications or created Pushover libraries.

Starting April 15, 2013, our API will require a valid application token to be passed to our /1/sounds.json (or .xml) endpoint, similar to our messages and receipts endpoints. Requests without a valid application token will be rejected after April 15. Application and Pushover library authors are encouraged to take this change into consideration as soon as possible.

As a reminder, the results of this API endpoint should be cached for a reasonable length of time, such as 24 hours. Our sounds list does not change very often and calling it every time your application needs to present the list of sounds to your users is wasteful.