<?xml version="1.0" encoding="UTF-8"?>
<reference anchor="I-D.ietf-httpapi-privacy" target="https://datatracker.ietf.org/doc/html/draft-ietf-httpapi-privacy-04">
   <front>
      <title>API Keys and Privacy</title>
      <author initials="R." surname="Salz" fullname="Rich Salz">
         <organization>Akamai Technologies</organization>
      </author>
      <author initials="M." surname="Bishop" fullname="Mike Bishop">
         <organization>Akamai Technologies</organization>
      </author>
      <author initials="M." surname="Kleidl" fullname="Marius Kleidl">
         <organization>Transloadit</organization>
      </author>
      <date month="February" day="25" year="2026" />
      <abstract>
	 <t>   Redirecting HTTP requests to HTTPS, a common pattern for human-facing
   web resources, can be an anti-pattern for authenticated HTTP API
   traffic.  This document discusses the pitfalls and makes deployment
   recommendations for authenticated HTTP APIs.  It does not specify a
   protocol.

	 </t>
      </abstract>
   </front>
   <seriesInfo name="Internet-Draft" value="draft-ietf-httpapi-privacy-04" />
   
</reference>
