Ok, so do you know why we received an email from NewRelic support stating that they were still seeing traffic over http and this was the 2nd notice to make the change to https?
See email content below:
Dear customer,
This is a second notice on this issue as we are still seeing activity from your account to the endpoints we will soon be deprecating.
In order to better protect the security of your data, New Relic is updating our REST API to require HTTPS, specifically Transport Layer Security (TLS), for every API endpoint. All API endpoints are currently available through HTTPS, but we will be requiring it by April 30, 2017.
Why are we making this change?
Every incoming API request requires your API key, which helps to prevent other users from being able to see your data. Most of the API requests we serve are made over HTTPS, meaning that the transmission of the API key is encrypted.
A few requests, however, arrive over plain HTTP. When using HTTP, there is some risk that your transmission, including API key, could be intercepted between your network and ours, enabling someone else to make API requests on your behalf. While the risks of such an interception are limited, it is important to protect your key.
In order to help ensure your transmission is protected, we are ending support for all use of unsecured HTTP in New Relic APM, both in our user interface and in our API. Most of our API was already restricted to HTTPS-only, and we are now moving to restrict the few remaining endpoints.
What do you need to do?
To see a list of unsecured URLs that your account has visited recently, go to https://rpm.newrelic.com/https_upgrade. For any unsecured URLs listed, you will need to update your system to request this data via HTTPS instead (by April 30, 2017).
For instance, the following URL:
http://api.newrelic.com/api/v1/accounts.xml
...would need to be converted to its HTTPS version:
https://api.newrelic.com/api/v1/accounts.xml.
If you need help tracking down where these requests are coming from, or have any questions about this transition, please visit our online technical community at https://discuss.newrelic.com/t/rest-api-to-require-https-by-april-30-2017/42672. We can provide diagnostic information that will help you track down this usage.
When do you need to make a change?
We will be permanently discontinuing all non-HTTPS access to New Relic APM on May 1, 2017. Your systems will need to be making all of their API calls via HTTPS only by 11:59 PM UTC on April 30, 2017 to avoid any interruption in your data retrieval.
We understand that it will take time and effort to make this change, and we appreciate your help keeping your data secure.
Sincerely,
New Relic
New Relic, Inc. 188 Spear Street San Francisco, CA 94105