Zipy
  • Welcome to Zipy ai
  • Getting Started
    • Install Zipy
    • Installing with Google Tag Manager
    • Supported frameworks
    • Security Overview
    • Sensitive User Data
    • SOC2 Type II
  • Zipy For Mobile
    • React Native Setup
      • Install React Native
      • Input Masking
      • Session Replay
      • Screen Transition Capture
      • Gesture Capturing
      • Unhandled Exception Capture
      • Custom Logging
      • Fetch and XHR Network Calls
      • Profiling
      • Device Information Capture
      • Session URL Retrieval
      • Identify Users
      • Firebase Integration
    • Flutter Setup
      • Install Flutter
      • Session Replay
      • Input Masking & Custom Masking
      • Screen Transition Capture
      • Gesture Capturing
      • Unhandled Exception Capture
      • Custom Logging
      • Http Network Calls
      • Dio Network Calls
      • Profiling
      • Device Information Capture
      • Session URL Retrieval
      • Identify Users
      • Firebase Integration
      • Session Recording Control
      • Data Sanitization
  • iOS Setup
    • Install in an iOS app
    • Identify Users
    • Screen Tracking & Tagging
    • Custom Logging
    • Session URL Retrieval
    • Session Recording Control
    • Input Masking & Custom Masking
  • Chrome Extension
    • Zipy Plug and Play Support
  • Configure
    • Zipy Recording Control
    • Release Version
    • Identifying Users
    • Adding Custom Identifiers
    • Anonymize Users
    • Source Maps
    • Blocking PII data
    • Ignoring Errors/Noise
    • npm Update
    • Support Integration
    • Session Stitching (rootDomain)
  • Product Features
    • Custom Events
    • Session Replay
    • Errors
    • Analytics
    • Time Filters
    • Multiple Filters
    • Clicked Element Filters
    • Manage Teams
    • Stack Trace
    • Console Logs
    • Network Requests
    • Network Headers and Payload
    • Custom Logs
    • Live Users
    • Alerts
      • Slack Alerts
      • Email Alerts
      • Live Alerts
      • Custom Alerts
    • Auto Resolve Errors
    • Zipy Labels Plugin
    • iFrame Support
    • API Performance
    • Heatmaps
    • Page Performance
    • Seen/Unseen Sessions
    • Public Session URL
  • FAQs
    • Install Zipy
    • Session Replay Definition
    • Error Tracking
    • Error Classification
    • Environment Support
    • Impact on your App
    • Performance Impact
    • Mobile Support
    • Network Data Capture
    • API Performance Diagnostic Help
      • High DNS Time
      • High SSL Connection Time
      • High Connection Setup Time
      • Large API Response Size
      • High Response Time
      • Compression Not Enabled
      • Server side API Failures
      • Client side API Failures
      • Insecure Connections
  • Troubleshooting
    • Errors in npm
    • Network header missing in Zipy
    • Can't see user data in sessions
    • No recordings or errors visible
    • No network timing split available
  • Product Videos
    • Ask AI
    • Getting Started
    • Session Replay
    • Multiple Project Creation
    • Team Management
    • Alerting on Slack
    • Time Filters and Daily Alerts
    • Custom Identifiers
    • Ignore Errors
    • Identify Users
    • Dashboard
    • Resolve Errors
    • New Error Digest
    • Jira and Slack
    • Online/Offline Network Status
    • Zipy on Zipy
      • Zipy Product Roadmap
  • Whats new
    • Product Updates
  • Legal & Policy
    • Terms of Service
    • Privacy Policy
    • Fulfillment Policy
    • Cookie Policy
    • Acceptable Usage Policy
    • Zipy Sub Processor List
  • Integration
    • Azure DevOps
    • Factors
    • RB2B
    • Webflow
    • WordPress
    • Amplitude
    • Coralogix
    • DevRev
    • Drift
    • Errorception
    • Freshchat
    • Google Analytics
    • Heap
    • HelpScout
    • Honeybadger
    • Hubspot
    • Intercom
    • Mixpanel
    • New Relic
    • Pendo
    • Raygun
    • Rollbar
    • Segment
    • Sentry
    • Shopify
    • Sumo Logic
    • TrackJS
    • Zendesk
Powered by GitBook
On this page
  • Why am I seeing this diagnostic?
  • How do I fix this?
  1. FAQs
  2. API Performance Diagnostic Help

Insecure Connections

Why am I seeing this diagnostic?

Secure API connections refer to the use of encryption mechanisms to protect the confidentiality and integrity of data transmitted between your web application and the API servers. It typically involves using protocols such as HTTPS (HTTP over SSL/TLS) to establish an encrypted connection.

If your APIs are not over a secure connection, it can have several implications for you as a webapp developer:

  1. Data Privacy: Without a secure connection, the data transmitted between your web application and the API servers can be intercepted or tampered with by malicious actors. This puts sensitive user information, such as login credentials or personal data, at risk of being compromised.

  2. Data Integrity: Insecure connections can allow for unauthorized modifications to the data being transmitted. This can result in the injection of malicious content or alteration of the API responses, potentially leading to incorrect or manipulated data being processed by your web application.

  3. Compliance and Trust: Many regulations and industry standards (e.g., GDPR, PCI DSS) require the use of secure connections to protect user data. Failure to comply with these requirements may result in legal or reputational consequences for your web application.

  4. MitM Attacks: Insecure connections are susceptible to Man-in-the-Middle (MitM) attacks, where an attacker intercepts the communication between your web application and the API server, potentially gaining unauthorized access to sensitive information or injecting malicious code.

How do I fix this?

To address the lack of secure API connections, consider the following steps:

  1. Implement HTTPS: Ensure that your API calls are made over HTTPS, which provides encryption and authentication. This involves obtaining an SSL/TLS certificate for your web application's domain and configuring your server to use HTTPS.

  2. SSL/TLS Configuration: Make sure that the SSL/TLS configuration on your server is up to date and follows best practices. This includes using strong cipher suites, enforcing secure protocols (e.g., TLS 1.2 or higher), and properly configuring certificate validation.

  3. Verify Server Authenticity: Validate the authenticity of the API server's SSL/TLS certificate during the connection establishment process to prevent potential MitM attacks.

  4. Mixed Content: Check for any mixed content issues where your web application is loaded over HTTPS, but some API requests are made over insecure HTTP. Ensure that all resources, including API calls, are served over secure connections to avoid security warnings and vulnerabilities.

PreviousClient side API FailuresNextErrors in npm

Last updated 1 year ago