Home
Documentation
Resources
Partners
Community

Resources

Check for updates on our solutions and system performance, or request technical support.

Partners

Discover our program for agencies or developers that offer integration services and sellers who want to hire them.

Community

Get the latest news, ask others for help and share your knowledge.

post cover image

Blocking HTTP URLs in the Preference API

To prevent any vulnerabilities, starting from March 29, 2025, we will block all Preferences that use the HTTP protocol by returning a 400 error invalid_back_urls, as described in the documentation.

This new validation will be applied to both back URLs and URLs provided for receiving notifications, so you should pay attention to the following fields in the contract (JSON):

  • back_urls
  • notification_url

In cases where the notification_url has been configured before creating the preference through the Developer Panel, you must also update it to ensure it is not affected and to keep receiving notifications normally.

Don’t forget: the deadline for updates is until March 28, 2025. After this date, the general blocking of HTTP usage will be implemented.

Important: the blocking will only apply to URLs that use HTTP; other protocols such as HTTPS, FTP, and others will continue to function normally.

Don't wait until the last minute. Update your application as soon as possible to make it even more secure!