Error 400 in api requests
Incident Report for Evidos trust services
Resolved
This incident has been resolved.
Posted Nov 04, 2019 - 17:56 CET
Monitoring
We released an update to our API which started to enforce stricter validation of incoming requests. In the past we were rather tolerant on the requests we were accepting, even requests which did not conform to our documentation or conform to the HTTP standards. We are in the process of being stricter on what we accept. This is *not* a breaking change or an API upgrade as we will still accept the requests as were documented but we will start rejecting invalid requests.

However we have seen some customers being impacted by this change, what we have seen happening is customers using undocumented features such as:
- for an `application/json` request, the body included an UTF-8 BOM header
- sending a Content-Type HTTP header for GET requests
- including fields or properties with an explicit "null" as a value, if you want a field or property to use the default value, you should just omit the field.

For now we have temporarily rolled back this change.
We will be releasing this change again, and will communicate the new date on status.signhost.com.
If you are conforming the our and the HTTP specifications you should not be impacted. If you have seen problems today you are impacted and need to make sure you comply to the specifications.
Posted Nov 04, 2019 - 11:53 CET
This incident affected: API.