Important Changes to the Envato Market API
As you may be aware, earlier in the year we launched our new API site, build.envato.com.
Along with this we provided an improved mechanism for authentication using OAuth 2, paving the way for richer integrations with the Envato Market API. Since the launch, we’ve seen a great take up of the new API, with over 500 applications registered.
We’d like to extend a huge thankyou to everybody who has created applications, provided feedback, and helped us test our new API. You are all awesome!
The time has now come for us to start winding down access to the older API, and today is the first day of a 2 month retirement period. At the end of this period, we will be turning off access to the old Market API.
This means if you have applications which are integrated into the market API and use the market.envato.com API domain, you’ll need to start transitioning over to using the model described at build.envato.com.
Why we’re shutting down the old API
The way the old API was accessed was via API keys. This meant that if you wanted to write an application using our API and share it with other people, your users would need to work out how to get into their admin area, then generate an API key, and then copy and paste it into your app. If you’re on a mobile device, this is quite cumbersome!
Additionally, we didn’t have any way to provide more focussed security around what an application has access to, meaning that if you had somebody’s API key, then you could access everything.
The new API solves both these problems: We’re able to provide a familiar method for authentication that our users are already used to, and we’re able to inform users exactly what information they will be granting an application access to, as well as being able to revoke this permission at any time.
It also gives us a better way to deliver documentation, as well as a much more direct way to inform application writers about important changes to the API which might affect them.
Most importantly, the stronger authentication model will enable us to start exploring how we will bring richer functionality to the new API.
How do I start using the new API?
Over on build.envato.com, we have described the overall process of using our API, as well as how to integrate with OAuth specifically. We’ve also provided a playground area built into the documentation, so you can try out each API call live using your own account.
Many of the endpoints you’ve used in the past are the same in the new API as they were in the old API, so the transition shouldn’t be much more complex than updating your authentication model and changing the domain.
Going forward any breaking changes will be added under a new version, and we’ll slowly deprecate the older versions of the endpoints, so you’re not continually updating your applications. We also have some newer endpoints coming up in the future, and will be transitioning the API to a more REST-like URL structure under new versioned endpoints.
What if I don’t update to the new API?
The sunset period is 2 months from today. On that day, we will be blocking access to the API endpoints, so all your requests to our old API will return HTTP 404.
One month before we shutdown access to the old API, we will start to severely reduce the rate limits of the old API. It’s not something we want to do, but we know that not everybody reads or participates in these forums, so they won’t see this announcement. When we rate limit, we will be including a link to this post in the hope that we can get the message out as much as possible.