We’ve enforced HTTPS for Content Delivery API. HTTP requests are no longer served directly. They now receive an HTTP 301 (Moved Permanently) and a Location header with the equivalent HTTPS URL.

This aligns with our documented security posture (Transport Layer Security for all API traffic) and reduces the risk of insecure traffic being used in production integrations.

What you need to do:

• Ensure your Content Delivery API base URL is set to HTTPS.
• If you observe unexpected 301 responses, update the client to follow redirects or switch to HTTPS directly.