SSL
Since business-sensitive information can be exchanged via the services of 2BA, we have decided to only make these services accessible via HTTPS. This is now the usual route and is seen as desirable by external services. As of 2018-01-09, the following sites have moved to strict-SSL::
Redirect service
HTTP requests are, if possible, automatically forwarded (via a redirect) to HTTPS. It is ultimately the intention and faster to access our services directly via HTTPS. If you (unexpectedly) still wish to use this redirect service, it is important to test this properly. We expect most implementations to handle this inappropriately, see below for more information.
Testen
The planned changes and automatic redirect have already been implemented on our beta environment. In this environment you have the opportunity to test how your implementation handles the automatic redirect.
Unifeed
The official URL for Unifeed is https://unifeed.2ba.nl.
For customers who still work with an old, non-HTTPS URL, there is a good chance that this will not work. We don’t expect any problems because this will be solved via the redirect service.
Webservice API
The official URL for the webservice API is https://api.2ba.nl
For customers who still work with an old, non-HTTPS URL, there is a good chance that this will not work. The background to this is that in most cases authentication is done via the “Authorization” http header (standard route OAuth2 protocol). Most libraries/functions will follow our proposed redirect (status code 301), but the “Authorization header” will not be placed again during the redirect.
For .NET framework, see for example::: http://stackoverflow.com/questions/13159589/how-to-handle-authenticatication-with-httpwebrequest-allowautoredirect
