File Conversion API rate limits

Gauge on bright blue backgroundIn the coming months we’ll be rolling out a new rate limiting feature for the Zamzar Developer API.

If you’re new to the concept, rate-limiting is a mechanism which allows service providers to keep track of the number of requests from users, and to place limits on those requests if there is a sudden influx, above what might be considered “normal” traffic levels.

This is beneficial for cloud services such as ours, as it enables our engineers to continue running a stable service for everyone, even if one user has code that is going haywire (this happens more than you might think!*). It also helps to protect services against Denial of Service (DoS) attacks, since the system can take steps to automatically protect itself.

We have been successfully applying rate limits to the Zamzar API sandbox environment (https://sandbox.zamzar.com) since August 2018 and will be extending this feature to users of the production API endpoint (https://api.zamzar.com) over the coming months.

We have put together a FAQ below to help you prepare for this change. For most customers nothing will change – 95% of you are well below any limits that will be put in place, and for customers that may be affected we’ll be emailing each of you individually over the coming weeks to give you a heads-up.

1. What’s changing?

In the coming months we’ll be applying rate limits to the https://api.zamzar.com endpoint. If your client code exceeds those limits you will receive an HTTP 429 “Too Many Requests” HTTP Header and JSON response with details on when you can retry your request:

JSON sample

2. What do I need to do?

Nothing immediately – we’ll be emailing customers likely to be affected by this change over the coming weeks (see the “timeline” below). For any customers likely to breach the new limits:

  1. If you have large numbers of files to convert, consider submitting new jobs in batches, or queue them up rather than submitting all at once.
  2. Consider polling the /jobs endpoint less aggressively (for example by using a constant sleep or an exponential backoff algorithm).
  3. If you are downloading a file with multiple output files download the ZIP of all those files rather than each file individually
  4. Make your code “rate limit” aware by checking for the HTTP 429 status and backing off requests if you receive this status.

3. Where can I read more?

We have a dedicated area in our documentation covering rate limits and how our API behaves if you hit those limits. Check it out at https://developers.zamzar.com/docs#section-Rate_Limits

4. What limits are already in place?

The following rate limits apply to the sandbox.zamzar.com endpoint. If you exceed these limits you will receive an HTTP 429 response from the API.

sandbox-ratelimits

5. What are the new rate limits?

We will be introducing the following rate limits to the production API endpoint (https://api.zamzar.com):

production-ratelimits.png

6. How can I test?

If you would like to test your code with rate limits send a quick fire burst of HTTP GET requests (over 3 per second) to an API endpoint such as https://sandbox.zamzar.com/formats/gif – this will trigger the HTTP 429 “Too Many Requests” rate limit response from the Zamzar API.

7. What is the timeline?

1st Oct – 31st Oct 2018: Customers likely to be affected will be emailed.
1st Oct – 30th Nov 2018: Affected customers can take remediation steps.
1st Dec 2018: Rate limit changes launched.

8. Who can I contact if I have questions?

If you would like any further information about this feature or need to chat to someone within the team just email us at api-accounts@zamzar.com – we are happy to help.

Happy Converting!
The Zamzar Team.

*Tight “for loops” with no sleeps anyone?

Advertisements

Better security – dropping support for TLS 1.0

This change has been completed as of 14th August 2018.

Security Shield with Lock Icon Encrypted Data
In line with many other online services
Zamzar is announcing the end of support for TLS 1.0, a cryptographic protocol used to secure communications between your web browser (or API client) and our systems.

From August 8th 2018 August 14th 2018 the main Zamzar website and the Zamzar Developer API will no longer support secure connections using the outdated TLS 1.0 protocol, so you will need to plan accordingly. Read on for more information …

Why are you ending support?

In short – to make your use of our services more secure. Transport Layer Security (TLS) was originally developed by Netscape in the early 1990s and has undergone several revisions since then. TLS 1.1 was introduced in 2006, and TLS 1.2 in 2008, and both provide safer, more modern alternatives for connecting securely to web services. There are many serious vulnerabilities in TLS 1.0 which mean that is no longer safe to use reliably. The Payment Card Industry (PCI) Security Standards Council is also recommending that websites drop support for TLS 1.0.

What does this mean if I use the Zamzar website?

If you want to use the main Zamzar website at https://www.zamzar.com you will need to ensure you are using a modern web browser capable of using up-to-date security protocols – in practice this means using one of:

  • Chrome v22 or later
  • Firefox v27 or later
  • Safari v7 or later
  • Opera v12.18 or later
  • Internet Explorer 11 or later (or Edge)

Since the Zamzar website will no longer work with older web browsers we strongly recommend upgrading your browser before 8th August 2018 14th August 2018 in order to ensure you can continue using our services. After this date we cannot guarantee that you will be able to convert files via the website when using older browsers.

What does this mean if I use the Developer API?

If you use the Zamzar Developer API at https://developers.zamzar.com/ (and associated endpoints at sandbox.zamzar.com and api.zamzar.com) you should ensure that any client code that you use to connect to the API is not using TLS 1.0 to connect to our services.

We provide some guidance below on checking your TLS usage in popular languages, but you should also consult the “How can I test this?” section below to verify any updates or changes you make:

  • C# – Make sure that your client code is configured to use a modern TLS version for your System.Net.Http.HttpClient (see here for more info).
  • Curl – Supports TLS1.2 starting from v7.34, so ensure you are using this version or higher (download updates here).
  • Java – TLS 1.2 support was added to the JRE in 1.7.0_131-b12, so API calls made using older versions of Java may fail.
  • Node.js – Check the version of TLS that your “requests” package is using (see here for more info).
  • PHP – Uses the system-supplied cURL library, which requires OpenSSL. Ensure this version of OpenSSL is at v1.0.1 or later.
  • Python – Also uses the system OpenSSL so you should check this is later than v0.9.8. OpenSSL v1.0.1 supports TLS 1.1 and TLS 1.2 by default.
  • Ruby – Also uses the system OpenSSL. OpenSSL v0.9.8 will no longer work, but OpenSSL v1.0.1 or later will work since it adds support for TLS 1.1 and TLS 1.2.

How can I test this?

If you want to verify that your browser or client code is ok you can connect to https://www.zamzar.com/ to verify that you can still use Zamzar services.

If your connection is successful you should see the Zamzar website displayed.

For example in a web browser that works you will see:
zamzar-web-app

If using client code (for example cURL) you would see:
zamzar-web-app-curl

Further Questions

If you have any further questions on this topic or need any advice from our engineering team please get in touch with us at support@zamzar.com.

Happy secure converting!
The Zamzar Team.

Announcing Zamzar’s GDPR compliance

GDPR General Data Protection RegulationThe General Data Protection Regulation (GDPR) is upon us! Hopefully this spells the last of companies you have never heard of desperately trying to get you to click a button in an email!

At Zamzar we aren’t interested in using your data as a marketing commodity, and we never have been. We wrote last month about the hard work we have been doing to extend the data protection measures we already take to add extra safeguards for your data.

Today we are pleased to announce that we have completed the steps necessary for full GDPR compliance.

What steps has Zamzar taken?

We have taken a number of measures to increase protection for your data – here’s a summary of the key points:

> Strengthened security for your data
We have taken a number of steps to further improve how we secure your data. At the start of the year we turned on secure HTTPS encryption for all users of the main Zamzar website, and more recently we have switched many of our internal services to encrypt your data when it is “at rest” (i.e. stored) within our infrastructure.

> Rigorously reviewed our 3rd party vendors
We use a number of third party services to convert your files and have taken the opportunity to review each of their data practices to ensure they provide contractual guarantees for keeping your data safe.

> Dropped personalised advertising in the EU
We have taken the decision to stop serving personalised advertising to anyone using Zamzar’s main website from the EU. Ads will still be served, but no personalised data will be shared with 3rd party advertisers.

> Updated Policies
We have updated our Terms of Service and Privacy Policies to provide detailed information on how we access, process and handle your data, who we share it with it and what steps we take to secure it. We have also made our Cookie Policies clearer (see our Web and API versions).

> Made available a Data Processing Agreement (DPA)
We have put together a standard “Data Processing Agreement” (DPA) which you can sign if you use Zamzar’s services to process data for your own customers. Email us at dpa@zamzar.com if you’d like a copy of this agreement.

What does this mean for YOU?

The steps we have taken will ensure that when you use our services you will have even stronger guarantees that your data is protected. You can check to see what data we store, how long we store it for, who we share it with and crucially what your rights are in relation to it.

We have pro-actively applied most of these measures to all customers (not just EU citizens).

What do you need to do?

You don’t need to take any explicit actions to carry on using Zamzar, but should review our new Terms and Privacy policies so that you are aware of how we handle your data.

If you use our website (at https://www.zamzar.com)
You should review our new Terms of Service and Privacy Policy to make sure you are happy with the contents before using our services.

If you use our Developer API (at https://developers.zamzar.com)
Check out our updated Terms or Service and Privacy Policy to ensure you understand how we handle your data.

If you use Zamzar as a “Data Processor”
If you use our services to process your own customer data the GDPR requires you to sign a “Data Processing Agreement” with us. If you signed up for an account to use our services before 25th May we provide a standard Addendum that you can sign – just email us at dpa@zamzar.com to request a copy. If you signed up after that date check out our standard DPA agreements for the Web App and API.

Still have questions?

If you have any questions about Zamzar and GDPR do let us know by emailing us at info@zamzar.com and we’ll get back to you.

This is just the beginning …

Protecting your data is a journey and it doesn’t end with an arbitrary deadline. Tomorrow we’ll be back working hard to provide you with amazing file conversion services and taking steps to continue keeping your data safe and secure.

Happy converting!
The Zamzar Team.

 

Zamzar and GDPR

GDPR General Data Protection RegulatioHas your email inbox been flooded with dozens of notices about “privacy policy updates” recently?

If so, this is likely the result of the forthcoming General Data Protection Regulation (GDPR), which comes into force in less than four weeks time on 25th May 2018.

It provides long overdue protections for the data of EU citizens and places legally-enforceable responsibilities on businesses that process this data. Zamzar strongly supports this new regulation since it will provide better transparency and protection for your data, values that are already at the centre of what we do.

What is GDPR?

Much ink has been spilled attempting to explain GDPR, but at a high-level:

  • GDPR is a new EU regulation that replaces national-level EU privacy and security laws with a single, all-encompassing EU-wide law. It regulates how businesses like ours gather, use, share and transfer personal data.
  • It is likely to affect most companies (hence your bulging inbox). The regulation is not limited to companies based in the EU, since it is concerned with where personal data comes from – if it originates from within the EU it is covered.
  • Crucially it strengthens protections for you as an end user of Internet services. It means Facebook can’t absent-mindedly lose control of the data for 87 million users, and Eldon Insurance can’t use your car insurance data for political advertising without consequences.

If you’d like to read more about the technicalities of GDPR there are handy overviews from both BBC news and Wired. The UK Information Commissioners Office (ICO) provides a meaty 162-page guide to GDPR and if you want to go direct to source you can read all 99 Articles of the GDPR directly on the main EU legal site.

What is Zamzar doing about GDPR?

Along with many other companies we are putting the finishing touches to our GDPR compliance, and will be publishing more information over the coming weeks.

In the meantime here is an overview of our plans:

  1. We will be fully GDPR compliant by the implementation deadline of 24th May 2018.
  2. We are currently working on updates to our terms and privacy policies which will be made available to users for review in the coming weeks.
  3. We are reviewing relationships with 3rd party vendors to ensure that any Data Processors we use are fully GDPR compliant.
  4. On our main file conversion website we are reviewing relationships with 3rd party advertisers to offer stronger protections for user data when serving advertising.
  5. We are taking steps to further enhance internal security measures to provide even stronger protection for your data. For example we recently rolled out “at rest” encryption for files processed through our Developer API. We will be posting updates about these measures in coming weeks too.
  6. Where a customer deems us to act as a “Data Processor” for their data we will be providing an extra “Data Processing Agreement/Addendum (DPA)” to ensure customers can meet their own GDPR commitments. If you would like to be provided with this agreement please contact us at info@zamzar.com.

In short, GDPR helps us to build on top of practices that have been at the core of what we do since we started Zamzar over 10 years ago. Our business prospers when we can competently, securely, quickly and professionally assist with your file conversion needs. We don’t need or want to trade your personal data to stay in business, nor have we ever sought to do so.

When will I hear more from Zamzar?

We will be posting further updates here on our blog and our Twitter and Facebook pages over the coming 4 weeks. In the meantime if you have any further questions related to our GDPR compliance please do get in touch with us at info@zamzar.com.

Happy secure converting!
The Zamzar Team.

Announcing HTTPS – secure file conversion for everyone

A nefarious spy. Probably from the government. Likely trying to crack your files.We’re pleased to announce that we just launched support across the entire Zamzar website for HTTPS for all users.

Effective immediately this means that the entire site is now secured with the familiar green padlock:

secure-https-zamzar.png

All files uploaded to or downloaded from the website will automatically be protected from prying eyes, enabling you to be safe in the knowledge that your file conversions are being protected by industry standard secure encryption.

In June 2013 Edward Snowden first revealed the full extent of government spying on their citizens via the Internet and the extent to which Internet connections were actively mined for data. HTTPS helps to protect against this snooping and gives you assurances that your data cannot be seen or tampered with. It does this by scrambling the data sent between your computer and the secured website into indecipherable characters, so that it is not possible to snoop on it.

Here at Zamzar we have long been supporters of efforts by the Electronic Frontier Foundation to fight for privacy protection online, and we’re proud to continue supporting the efforts being made to make the web a more secure place to be.

Happy secure converting!
The Zamzar Team.

New on the API – import & export files

You can now use the Zamzar file conversion API to import files for conversion from Amazon S3, HTTP / HTTPS URLs and FTP / SFTP servers. You can also export converted files back out again too.

transfers-overview

This opens up some interesting possibilities:

  • Convert files that aren’t on your servers
  • Import files from one location and export elsewhere
  • Grab files from password-protected URLs / FTP servers
  • Use AWS credentials for access to Amazon S3

To test this out, first make sure you are signed up for a an API account, then check out our docs on:

For example, here’s one single cURL command which will grab the Twitter logo, convert it from PNG to JPG and upload the  JPG file to a public Amazon S3 bucket:

curl https://api.zamzar.com/v1/jobs -u GiVUYsF4A8ssq93FR48H: \
-X POST \
-d "source_file=https://developers.zamzar.com/assets/app/img/social-twitter.png" \
-d "target_format=jpg" \
-d "export_url=s3://zamzar-public/"

We’d love to hear your feedback on these features – please let us know what you think! We’re also here to work with you on any issues you hit getting up and running, so do get in touch.

Happy Converting!
The Zamzar Team.

Zamzar is 10 Years Young

We’re celebrating our birthday here at Zamzar HQ – ten years ago today we launched the Zamzar website with a simple mission:

convert all the files.png

Things were very different ten years ago. In Internet years that’s like 8 centuries …

A potted history of 2006

Cast your mind back to 2006 …

  • The INTERWEBS™ was a small and barren wasteland with *only* 75 million websites online (there are 1.4 billion now)

We were about here on this graph:

netcraft

  • Twttr was 1 Tweet strong:

 

  • The iPhone didn’t exist yet (WAT!) – all the cool kids were using Motorola Razr’s. The, er, not-so-cool ones had Palm Treo 700’s.

     

  • Dropbox was about to get flamed on Hacker News as “not very viral or income-generating” and Facebook’s only users were Mark and his mum [1].
  • ICanHasCheezburger hadn’t been invented (NO LOLCATS !), and the most popular meme of the year was a sneezing panda:

Launching Zamzar

It was into this primordial Internet soup that Zamzar was born. Most of the 9 months of intensive development time for such a key pillar of the Internet was spent on logo design
logo-drawings(obviously the key facet for any budding “web 2.0” service).

We’ve included the best of the bunch for your delectation – extra marks for spotting the malformed sheep motif. Graphic design was not our strongest asset at the time.

Despite the shameful attempts at back-of-a-beermat logo design Michael Arrington covered the launch at TechCrunch, Wired and Lifehacker both jumped onboard with very positive articles, the BBC gave Zamzar glowing reviews and Robert Scoble (he of Google Glass fame) liked what he saw.

The vogue for launching “web 2.0” applications into (seemingly perperobert_scoble_quotetual) beta at the time led Zamzar to be included in the Museum of Modern Betas a fascinating historical record of every-man-and-his-dog’s attempt to jump on the web 2.0 bandwagon.

The “museum” is still charting new beta launches to this day, and Zamzar has the privilege of rating as number 2 on the list of most popular betas of all time (just behind Flickr).

Launching Zamzar was primarily an exercise in “scratching our own itch” in developing software which allowed us to view, edit and save files in as wide a variety of formats as possible, without needing to have every version of every application ever made. We’re thrilled that this turned out to be a useful solution for others too.

Running Zamzar

We’re proud to have run Zamzar as a bootstrapped and profitable web business for 10 years now. If time on the Internet was calculated in dog years (which it should be) we’d be 65 years old.

During that time we’ve:

The fact that we’vemake-something-people-want never taken VC-funding (despite being courted on numerous occasions), allows us to keep focussed squarely on making our products better for our customers.

This is our number one goal, one which is shamelessly stolen from Paul Graham & Y-Combinator – Make something people want.

The Future

Our plan is to keep building products and services which you will love. Products that make handling and using file formats easier for everyone, whether they are new to the world of computers or a seasoned developer.

City urban street art, Shoreditch, East London.We recently launched a file conversion API capable of converting thousands of different file formats right from the command line or inside your own mobile or web application.

We’ll be making this service even better, improving the design and features on our main file conversion website, integrating with a whole bunch of other file-related services, building out some exciting new products (including a self-driving car powered by Word Doc macros) and much more.

If you’ve used Zamzar over these last 10 years then *thankyou*. It has been an honour and a privilege to convert your files.

Here’s to the next 10 years!

Chris & Mike Whyley,
Co-Founders @ Zamzar.


[1] Almost. Actually Facebook had 12 million users, but most were probably Mark’s shell accounts.