Your browser is no longer supported! Please upgrade your web browser now.

Secure Connection for All Accounts

Last year, we activated SSL on all Solo, Basic, and Business accounts.  As we continue to ensure the highest standards of security, we will now automatically enforce SSL on all plans, starting September 1st.  This means all trial and free accounts, as well as paid plans that previously did not take advantage of it, will now have SSL enabled by default. We want to share how this will affect you, your Harvest account, and any Harvest add-ons you may rely on.

For the non-technically inclined, HTTPS (SSL) is a security layer which ensures that the server your browser is communicating with belongs to Harvest (and is not an impostor) and also encrypts your communication with Harvest servers, to prevent eavesdropping.

What does this mean for you?

For the majority of Harvest customers who access Harvest using a modern web browser (Mozilla Firefox, Internet Explorer 7 and above, Chrome, Safari, etc) this change should be totally seamless and you’ll not need to do anything.  Depending on which browser you use, you might notice a new hint in your address bar that your connection to Harvest is now secure.

Firefox HTTPS hint display

Here is an example of an HTTPS hint in Firefox 3

Do you use one of our Harvest widgets?

  • If you use the Mac widget, you don’t need to do anything differently, it’ll work the same as it does now.
  • If you use the Yahoo widget, you’ll need to check the “SSL” checkbox on the widget options after we make the change September 1st.
  • If you use the Vista gadget, you may actually need to re-install the Vista gadget after we make the change September 1st.

Have further questions?  Feel free to contact us.

Technical Information for Harvest API integrators and authors of Harvest API clients

For Harvest customers who have integrated Harvest into other systems using an API client we need to make sure that your integration continues to function properly. We’ve begun reaching out to authors of popular Harvest API clients already. Many thanks to Zach Moazeni, Brian Glass and Matthew Denton for helping test their Harvest API clients so far. We will update this post with any update news on these clients.

If your Harvest API integration has in the past communicated over HTTP (ie: not HTTPS) with Harvest, from September 1st onwards these requests will be met with an HTTP 302 redirect to the HTTPS location of your Harvest subdomain. Your API client will need to support SSL as well as follow these HTTP 302 redirects, to continue to communicate with Harvest. Please open a support ticket if you need any help with this, or have any questions about supporting SSL.

Technical note: Why are we using an HTTP 302 redirect and not an HTTP 301 or an HTTP 303? We suspect there may be API clients which will follow a 302 and may not follow a 301 or 303. An API client which will obey any redirect on the 3xx class is a good idea. Please contact us for more details on this issue.

Developers, have any further any questions? Please visit the Harvest forum.

Thoughts or questions about this post? Need some help?
Get in touch →

This was posted in Product News.
  • This is a good start, however you need to mark your cookies as ‘Secure’. Currently if someone types “companyname.harvestapp.com” into their browser, their session cookie is sent in the clear before they are redirected to the secure site, defeating the purpose.

  • Warwick Poole on September 16, 2010

    Hi Eric

    Thanks, yes, we are working on adapting the entire codebase over to 100% SSL and that will include secure cookies.

    Warwick

  • Thank You! Definitely a feature I’ve wanted for a while. And thanks for the Mac OSX Widget!

  • I’m Zach the maintainer of Harvested ( http://connectionrequired.com/blog/2010/04/harvested-a-new-ruby-api-wrapper/ ) and I just wanted to mention that the fact that Harvest reached out to me and the other maintainers on this change is pretty awesome.

    It shows that they’re not only placing importance on improving their product, but also helping the community around their product which isn’t very common among businesses these days.

    As a Harvest user and advocate, I was impressed.

Comments have been closed for this post.
Still have questions? Contact our support team →