Wistia Deprecation Schedule

Sometimes, we need to remove functionality from our website due to safety concerns or for code health purposes. See below for a list of notable feature deprecations and removals.

Aug 21st, 2023: Heatmaps removed from Private User Sessions

What is it?

Heatmaps will no longer be visible within Private User Sessions under the Viewed Media event as of August 21st, 2023. The Viewed Media event will still show up in session logs, however it will no longer contain a heatmap.

Private User Sessions provide a log of manager, collaborator, and user activity within an account, and despite the inclusion of Heatmaps they were never intended for use as an analytics tool. Additionally, as this page has become outdated relative to other pages in the app we have run into certain issues with loading these Heatmaps consistently. As a result of these concerns, and future data retention considerations, we have chosen to remove them from Private User Session logs altogether.

When is it happening?

A week before the removal, we will put a deprecation notice on the Private User Sessions page to inform users that Heatmaps are being removed from these logs.

On August 21st, Heatmaps will be officially removed from Private User Sessions.

Who is affected?

This change primarily affects anyone using Private User Sessions to look at Heatmaps for viewing sessions by logged-in users. Any user on the account who logs in with email or SSO has their activity excluded from public stats pages and collected in Private User Sessions instead.

Heatmaps will no longer be available for viewing sessions by:

  • Account Owners
  • Managers
  • Collaborators
  • Users

If you are using Locked Projects to share videos privately and need to see Heatmaps for these viewers, we recommend looking into the Password Protection feature, which lets you gate videos with a password and enable private sharing without needing to invite a viewer by email. Alternatively you can embed the videos on a gated site instead.

July 30, 2022: Authentication in query parameters

What is it?

Passing authentication tokens or passwords via query parameters is unsafe - from malicious actors and from passwords being exposed in logs. Wistia will be deprecating this functionality in favor of bearer tokens or other authentication schemes. Please see the docs for more info on how to query the API.

When is it happening?

We will deprecate this functionality on July 30th, 2022

Please note, we will be performing brownouts on June 30th, 2022 and July 14th, 2022. Brownouts will disable query param auth functionality for a period of time so that our customers may test their new authentication and any customers unaware of the deprecation can be notified before the deprecation fully comes into effect.

On June 30, 2022 we will be browning out query param auth for 24 hours, starting at 9am ET.

On July 14th, 2022 we will be browning out query param auth for 24 hours, starting at 9am ET.

Who is affected?

We will anonymously audit our API logs and reach out to customers who recently used our API with query param auth. In the meantime if you find you are passing authentication by query param, don't wait for us! Please switch to using bearer tokens or any other form of authentication as soon as possible.

March 7th, 2022: Rate limiting status code change

What is it?

Our rate limiting code currently throws a 503 status code when an account has reached its rate limit. There is a code specific to rate limiting - 429 - that we should be using instead.

When is it happening?

We will Deprecate this functionality on March 7th, 2022

Who is affected?

A code audit will be needed to see if your API code is affected by this code change.

February 18th, 2022: TLS Deprecation

What is it?

TLS stands for Transport Layer Security and is the protocol used for securing HTTPS pages. The IETF has deprecated TLS 1.0 and 1.1 as they are vulnerable to attacks that can recover potentially sensitive information.

When is it happening?

We plan to deprecate the ability to request information from any Wistia webpage by Febuary 18th, 2022.

Who is affected?

Wistia has anonymously gathered log information and will be contacting account owners if they have accessed the API recently with a TLS 1.0 or 1.1 connection.

Otherwise, if you are using a modern browser you should be unaffected by this deprecation.