This article answers the most common questions we receive about our 2021 Security Initiative.
What is 3PL Central's 2021 Security Initiative?
To comply with security best practices, we are discontinuing our support for HTTP protocol on June 30, 2021. To that end, we are requiring that all of our customers migrate to and utilize the HTTPS encrypted communication protocol for all communication with our systems. In most cases, the changes required will be minimal.
On June 9, we are also introducing a new email model for event notification configurations that requires your attention—read more here.
What is the difference between HTTP and HTTPS?
HTTP lacks the security mechanism to encrypt your data, whereas HTTPS provides TLS or SSL Digital Certificates to secure the communication between your web server and client. Using HTTPS (note the “S”, which stands for “secure”) ensures a more secure transfer of data.
It may also be helpful to think of it as an analogy—think of your web server as your own home and HTTP as the standard lock on your front door. What’s stopping an ill-intended individual from bypassing the lock on your front door and entering your home through your side door or through an unlocked window? Upgrading your home security to use deadbolt locks and a basic security system is similar to boosting your cybersecurity by directing your web server to utilize HTTPS when communicating with other systems.
What's happening with event notifications?
To increase email delivery rates and comply with email security best practices, we are implementing a new email model for sending event notifications. The new event notification fields were released on May 19 and were pre-filled using your existing settings, and the new email model will go into effect after our June 9 release.
If you are not currently using the Customer Notifies functionality but have recipients defined for event notifications, please remove these recipients to prevent unintended notifications from sending on June 10.
How can I tell if this security change requires action on my part?
If any of the below statements apply to you, you must check with your IT administrator to see if your communication protocols are set to HTTP or HTTPS.
- You and/or your customer utilizes an API integration that was not built or deployed by 3PL Central
- Your warehouse leverages our QuickBooks integration for accounting purposes and uses a Desktop version (not QuickBooks Online)
- Your customer leverages our legacy QuickBooks integration for order imports
- Your warehouse uses our classic mobile scanning solution (not SmartScan)
If these statements do not apply to you, other than auditing your event notification settings, no further action is required on your part at this time.
What steps do I need to take if I believe this change requires action on my part?
If one or more of your communication protocols are set to HTTP, the process varies depending on which of your products are using HTTP.
If you have email recipients defined under Customers > Customer Notifies, regardless of whether event notifications are currently enabled, you must audit your settings before the new email model goes into effect after our June 9 release.
To help you better understand what your next steps are, we’ve created the following help articles:
- Preparing for Event Notification Updates
- Updating Custom API Integrations to Use HTTPS
- Updating QuickBooks Desktop to Use HTTPS
- Updating Classic Mobile to Use HTTPS
What if I don’t know how to make these changes or it’s not working?
We highly recommend consulting with an IT professional to ensure all your systems are utilizing HTTPS in a timely and efficient manner.
- In the case of custom-built API integrations, you’ll want to work with the entity that built the connection. This may be your IT team or a contracted API developer.
- In the case of QuickBooks Desktop, please feel free to reach out to our Technical Support team if you are having trouble locating this file to update.
- In the case of classic mobile, we recommend working directly with the party responsible for configuring your devices. If you are unsure who that is, you can work with our recommended hardware provider Emkat by reaching out to firstname.lastname@example.org.
What happens on July 1st if I still haven’t taken action?
If you haven’t taken action in updating your communication protocols, you’ll likely experience a number of errors indicating that the server could not be reached. Any conversations these integrations attempt to have with the WMS will not be successful until you update your scanning devices and integrations to comply with our security standards.
What if my question isn't answered here?
If you have a question related to this security initiative that is not answered in this FAQ article or in our email communications, please reach out directly to your Customer Success Manager or reach out to email@example.com.