Security-related changes to the authorization method on Consumer API
The Consumer API has historically received the client's API key as a parameter in the query string of the request URL. To enhance security of the service, we are removing this ability to pass the API in the query string. Going forward, the only supported method to provide the API key will be as a Bearer token in an Authorization HTTP header. The new process for sending the API key is documented in the API user guides that can be downloaded from the Consumer API URL (e.g. https://api.ihsmarkit.com). Log in to the API URL in a Web browser and you will find the user guides listed under downloads on the right-hand side of the main landing page.
It is important to migrate to the new HTTP Authorization header method as soon as possible, and no later than September 6, 2024 in Production, at which point the legacy method based on a query string parameter will be permanently disabled. The full dates for each Consumer API environment are as follows: