HTTPS and Certificates

The Ackroo API is accessible via HTTPS. This is because the communication between an Ackroo application and the API has to be encrypted. Otherwise, the data communicated between the client and server can be compromised and used maliciously. The OAuth token that is described in OAuth section in guideline is just the authentication/authorization part. The data itself, such as the OAuth token, still needs to be encrypted on HTTPS for it to be secure. 

You can see examples of how our client API libraries setup ssl properly over http. Failing to use SSL Verify Peer option can compromise your application data, so it is important to use it.