We will be making two important changes to the CentralNic Toolkit. Both of these changes will be introduced at the same time, at 1200hrs UTC on Monday, October 5th:

1. As of the above date, all authenticated Toolkit transactions (ie all transactions for which you need to supply a username and password) MUST be performed using HTTPS rather than plain HTTP. If you use our Perl or PHP client libraries, then you can ensure that you satisfy this requirement by upgrading to the latest version (0.30 for WWW::CNic, and 0.0.30 for CNic_Toolkit), which enforces this rule for you. For Perl, you will need to install either Crypt::SSLeay or IO::Socket::SSL from CPAN; for PHP, you need to have SSL stream support compiled into PHP. Non-authenticated transactions such as availability checks will continue to be available over plain HTTP.
2. All registrars wishing to use the Toolkit MUST supply at least one IP address (or IP network) from which they will submit requests. As of the above date, all Toolkit transactions that originate from IP addresses not on your access list will be rejected. You may already have supplied us with a list of IP addresses: you can review your access list from the Registrar Console. We will send a further reminder to those registrars who haven't set up an access list closer to the above date.

If you have any questions regarding these changes, please get in touch.