OverDrive Developers

Support for SSLv3 Discontinued - 09-February-2015

Tags: sslv3, tls, https, http, authentication, poodle

OverDrive API Partners,

On 09-February-2015, the OverDrive APIs will discontinue support for SSLv3 for OverDrive Client Authentication, Patron Authentication, and Granted (3-Legged OAuth) Authorization. After that date, connections made using SSLv3 will no longer work. Customers with clients that only support SSLv3 are encouraged to switch to TLS (Transport Layer Security) as soon as possible to avoid any potential service interruptions using the OverDrive APIs. Clients that currently support TLS should continue to work.

In an effort to ensure that our partners have an opportunity to confirm their implementations, we have created unique test endpoints for all three authentication APIs. These test APIs will only receive requests and issue production credentials under our new HTTPS communication protocol (TLS), so you will be able to confirm any part of your integration with credentials (tokens) from them. And you will be able to use these authentication endpoints for testing your services prior to 09-February-2015 when support for SSLv3 will be discontinued. 

For Client Authentication and Granted (3-Legged OAuth) Authorization, the new test API is available at https://integration-oauth.overdrive.com.

For Patron Authentication, the new test API is available at https://integration-oauth-patron.overdrive.com.

Documentation for the authentication APIs can be found at http://developer.overdrive.com/authentication.

Please look to this notices board for additional details and announcements about this event.

As always, thanks for your continued partnership.

-The OverDrive API Team