Wistia Deprecation Schedule

Sometimes, we need to remove functionality from our website due to safety concerns or for code health purposes. See below for a list of notable feature deprecations and removals.

June 14th, 2024: Upcoming API token security improvements

Who is affected?

All users of Wistia's APIs. If you’re not using Wistia APIs, no action is required and you can happily ignore this update.

What is it?

For our API users and developers, here’s what is changing:

  • New API tokens created on or after today will be generated using a randomized hashing layer
  • API tokens will no longer be stored in plain text within your account

This means you’ll only be able to access and copy an API token from your account when the token is first created. After you leave or refresh the page, the token will no longer be copyable.

In most cases, API keys are already saved within your application or your code and no additional action is required. However, you may want to adjust your workflow to save copies of new API tokens moving forward. If an API token is lost, you will need to create a new token and replace the old one.

Will this affect my existing API tokens?

No, existing API tokens will remain active and unchanged. However, we will update legacy tokens to the new system by June 14, 2024 and they will no longer be copyable once that change has taken place.

As a result, please save a copy of your existing tokens so you can access them in the future if needed.

Will I still be able to edit API token permissions after creation?

Yes, API token permissions will still be editable after creation, for both old tokens and new.

Feel free to reach out to our Support team with any questions!

March 29th, 2024: Channels as Projects deprecation

Who is affected?

If you are using the project API endpoints to retrieve channel information for your legacy channels (created before October 21 2021), you may need to update your API code.
If you do not use the API for channels, you do not need to take any action.

What is it?

Currently, if a media is in a channel, we return channel information from the API as if it were that media's project. After March 29, 2024, this will no longer be the case, and project data will be returned for all media.
If you specifically use the API to query and utilize project information for media that also reside in a channel, you can continue using the project endpoints but may want to update the project IDs used after March 29, 2024 due to a data migration taking place.
If you specifically use the API to query and utilize channel information, you may want to use the Channels#list and Channels#show endpoints moving forward. For more information, please refer to the documentation, or get in touch with our support team and we can assist you in the transition.

When is it happening?

We will deprecate this functionality on March 29th, 2024.

Aug 21st, 2023: Heatmaps removed from Private User Sessions

What is it?

Heatmaps will no longer be visible within Private User Sessions under the Viewed Media event as of August 21st, 2023. The Viewed Media event will still show up in session logs, however it will no longer contain a heatmap.

Private User Sessions provide a log of manager, collaborator, and user activity within an account, and despite the inclusion of Heatmaps they were never intended for use as an analytics tool. Additionally, as this page has become outdated relative to other pages in the app we have run into certain issues with loading these Heatmaps consistently. As a result of these concerns, and future data retention considerations, we have chosen to remove them from Private User Session logs altogether.

When is it happening?

A week before the removal, we will put a deprecation notice on the Private User Sessions page to inform users that Heatmaps are being removed from these logs.

On August 21st, Heatmaps will be officially removed from Private User Sessions.

Who is affected?

This change primarily affects anyone using Private User Sessions to look at Heatmaps for viewing sessions by logged-in users. Any user on the account who logs in with email or SSO has their activity excluded from public stats pages and collected in Private User Sessions instead.

Heatmaps will no longer be available for viewing sessions by:

  • Account Owners
  • Managers
  • Collaborators
  • Users

If you are using Locked Projects to share videos privately and need to see Heatmaps for these viewers, we recommend looking into the Password Protection feature, which lets you gate videos with a password and enable private sharing without needing to invite a viewer by email. Alternatively you can embed the videos on a gated site instead.

July 30, 2022: Authentication in query parameters

What is it?

Passing authentication tokens or passwords via query parameters is unsafe - from malicious actors and from passwords being exposed in logs. Wistia will be deprecating this functionality in favor of bearer tokens or other authentication schemes. Please see the docs for more info on how to query the API.

When is it happening?

We will deprecate this functionality on July 30th, 2022

Please note, we will be performing brownouts on June 30th, 2022 and July 14th, 2022. Brownouts will disable query param auth functionality for a period of time so that our customers may test their new authentication and any customers unaware of the deprecation can be notified before the deprecation fully comes into effect.

On June 30, 2022 we will be browning out query param auth for 24 hours, starting at 9am ET.

On July 14th, 2022 we will be browning out query param auth for 24 hours, starting at 9am ET.

Who is affected?

We will anonymously audit our API logs and reach out to customers who recently used our API with query param auth. In the meantime if you find you are passing authentication by query param, don't wait for us! Please switch to using bearer tokens or any other form of authentication as soon as possible.

March 7th, 2022: Rate limiting status code change

What is it?

Our rate limiting code currently throws a 503 status code when an account has reached its rate limit. There is a code specific to rate limiting - 429 - that we should be using instead.

When is it happening?

We will Deprecate this functionality on March 7th, 2022

Who is affected?

A code audit will be needed to see if your API code is affected by this code change.

February 18th, 2022: TLS Deprecation

What is it?

TLS stands for Transport Layer Security and is the protocol used for securing HTTPS pages. The IETF has deprecated TLS 1.0 and 1.1 as they are vulnerable to attacks that can recover potentially sensitive information.

When is it happening?

We plan to deprecate the ability to request information from any Wistia webpage by Febuary 18th, 2022.

Who is affected?

Wistia has anonymously gathered log information and will be contacting account owners if they have accessed the API recently with a TLS 1.0 or 1.1 connection.

Otherwise, if you are using a modern browser you should be unaffected by this deprecation.