Security of the API is accomplished by only accepting connections over the HTTPS protocol. This ensures that all data flow is encrypted in both ways.
In the past, we have recommended checking the certificate fingerprint for an additional layer of security. However, for practical reasons, this is no longer recommended, since the fingerprint will change everytime the certificate is renewed. Additionally, the added security benefit is limited, since our certificates are issued by a globally trusted provider.
How to disable fingerprint checking
If you are using our PHP client, an update to the latest version (v1.9.1+) will disable fingerprint checking.
If you are using your own client, you may not even have implemented fingerprint checking. But if you have, please find the fingerprint checking code and remove or disable it.