Google Apps administrators now have the ability to enforce SSL connections on the Contacts APIs through a setting in the control panel. This setting provides added security against session hijacking and user impersonation. It affects these APIs:
– Contacts API
– Domain Shared Contacts API
– Google Apps Profiles API
Note that this setting will be OFF by default because some widely used legacy contacts applications do not support SSL. Early next year, we will set the Enforce SSL option to ON for all new domains and all existing domains where we do not detect a contacts API request from one of these legacy applications within the previous week.
Google Apps for Business, Education and Government
For more information: