Change base URLs for NCBI services to use https instead of http
Closed this issue · 6 comments
To improve end user security and privacy, and by Federal government mandate OMB memo M-08-023, NCBI will be moving all web services to HTTPS-only by September 30, 2016.
Looking over the biojava source code, I notice that the eutilities base URL starts with http://
https://github.com/biojava/biojava/blob/master/biojava-core/src/main/java/org/biojava/nbio/core/sequence/loader/GenbankProxySequenceReader.java#L59
It needs to be updated to use https:// URLs instead. While we intend to provide redirects for GET and HEAD, POST and other non-safe methods will likely not be redirected; in particular, epost will cease to function over http when we move to https.
For more information:
http://www.ncbi.nlm.nih.gov/news/06-10-2016-ncbi-https/
https://https.cio.gov/
subscribe to the utilities-announce mailing list at https://www.ncbi.nlm.nih.gov/mailman/listinfo/utilities-announce
Thank you! Is there a release number for biogo that I can point people to?
There is no release number, just a promise of API stability. The most recent HEAD should be what people use, This is what go get github.com/biogo/ncbi/... will pull.
On API stability, what is the situation with the v2 BLAST and eutils APIs?
We have no planned changes to any APIs relative to the http-to-https transition, other than the change in service URL. If your service points to https on the NCBI site, the services should work as before. When NCBI's http servers begin redirecting requests to https (or rejecting them, as for POST) , services based on your library will be unaffected, because they will already be using https.
Please email info@ncbi.nlm.nih.gov if you encounter problems with NCBI services after updating to https. Thanks for your prompt communication.
@elucify I was wondering about XML2/JSON2 in BLAST and the version=2 in the e-utilities. I've looked into the BLAST changes yesterday and was wondering if there is any good documentation and whether there will be a mandated shift. Unless there is, the work deciphering the documentation that does exist and the API breakage here, it is not worth the effort. Similarly for the eutilities version 2 extension.