We get a lot of visitors to the OneMusicAPI blog looking for tips working with Discogs' API. Our tips on better Discogs searching article is one of the most visited on the site.
Discogs is a great resource and contains a wealth of musical metadata. However, they are known for making breaking changes to their API, and they've recently announced a new one: going forward, all queries to Discogs should be made over HTTPS.
As a result, app developers need to update their own apps so they work with the new changes. That can be a pain for certain types of apps, because the cost of getting the new versions of the apps to their users is high (not just financial cost; I'm talking about the effort and time it takes to announce new versions etc). This is why OneMusicAPI exists of course!
Discogs made the announcement on their blog a few weeks ago. While there are no dates announced, a recent announcement on the engineering blog shows further work on switching all pages to HTTPS is complete.
It seems only a matter of time before this change is made permanent and HTTPS-only access is on us, so developers of apps integrating with Discogs need to take action now!
What do you need to do? In many cases, assuming the programming APIs you use have full HTTPS support, it
may be as simple as changing the protocol in the URLs you are forming from
However, inevitably nothing is ever that straightforward for everybody and a few issues have arisen.
One is that old HTTPS clients may use legacy ciphers. The fix there is to upgrade to a newer client, or upgrade the cipher. Discogs supports TLS 1.2 and the cipher suites listed here.
For OneMusicAPI users, nothing happened. We have already updated our service to ensure HTTPS is used, and as OneMusicAPI users retrieve OneMusicAPI URLs, you can go on using those URLs and there won't apppear to be any difference.
Thanks to ThomasKohler who made the the image above available for sharing.