I'm going to Migrate whole site from HTTP to HTTPS -- What could be a impact from API users?? if necessary, construct comm to notify all existing API users?? is there way I can redirect them?
Here is my infrastructure
Thanks in advance. Neal.
As for impacts there is an overhead for the https handshake. This means for any new connection it can take up to an additional second to connect. If the connection is long, reused, or you have multiple connections close together then the impact will be less. If you you have infrequent and short connections it will have a bigger impact. Overall I still think it is worth the extra security. Http is only good for public items.
You can have apache auto redirect traffic to htts using rewrites. Here is a post on the subject
The redirect will slow things down as well so it makes sense to update the API as soon as possible to directly use https.
One final note the ELB can handle https and forward on the traffic to your system on http. I would recommend this. Supporting https on your web server is extra load and headache that you not need. The ELB does a great job of handling this.
