Differences between api2.anaplan.com and api.anaplan.com

Hi,

Documentstion is not clear...

What are the differences between api and api2?

Our client tool works with api2 but it doesn’t with api

Thanks for any clarification

Accepted answers

All comments

ben_speight

I think the difference is that api2.anaplan.com doesn't support TLSv1.1 whereas api.anaplan.com does. This may change in the future as TLSv1.1 support may be removed; api2 is set up for customers to test future configuration changes. This should not prevent your client from working with api.anaplan.com, one would usually expect the reverse. One possibility is a firewall detecting this protocol version and closing the connection. I recall IBM's Java runtime having some issues with TLSv1.2 but both these servers support that version. Perhaps the client doesn't deal well with the choice at the negotiation stage. What client are you using? And what is the error?

famores

Hi,

Our client is using Java 1.6 and we can’t upgrade to 1.7.
However we updated to 1.6.191 Which supports TLSv1.x

The weird thing is that api2 works fine again but api raises a handshake exception

jesse_wilson

Hello,

It's possible to have multiple instances of Java installed, for use by other applications. You can install Java 8 (the most current, tested version to work with Anaplan Connect), and update the AnaplanClient file to point to the installation location so you're using the latest version of TLS to communicate with Anaplan.

If this isn't an acceptable solution to the client, you can use the OpenSSL tool to query our API server for the allowed cipher suites to ensure that you're using one that we accept. If there's a handshake error, this could be the cause. That said, I would strongly advise against using Java 6 wherever possible. There are a large number of security vulnerabilities in that version, and exposing it to the internet is very risky.

Thanks

ben_speight

JDK 6 will reach the end of extended support in December 2018. I'd suggest skipping Java 7 and moving straight to 8. JDK6u141 onwards adds TLS v1.1 and v1.2 to the client list of default-enabled protocols, so it should just work out of the box. If your tool (which I don't know anything about unless it's Anaplan Connect) is insisting on a specific TLS version when setting up a connection, that could be a problem. Another thing to look at is changes to the lib/security/java.security file from the defaults. If it is a TLS handshake problem, then specifying -Djavax.net.debug=ssl:handshake may provide more information. All of this assumes that your tool is using the JRE's built-in JSSE provider to implement TLS - I'd need more information to confirm this.

Quick Links

Can you help?

Unanswered questions

Workaround for Formula & Closing Balance summary methods together in Polaris
Hello folks, Does anyone know how to work around the Polaris limitation of using the Formula or Ratio summary method alongside the Closing Balance within the same line item? I have a Business Unit list where the total (All BUs) must display the Corporate (1 of 20 leaf items under All BUs total) number of Unique Customers.…
Anaplan Report page issue in the UX
Hello community, I have an issue with anaplan report (functionality). The issue I have is within couple of slides. The data in that report is scrolling into a new page. There is a hierarchy in the rows and line items and time in the columns. My problem is, the hierarchy is getting broken in the second page. One of the node…
ADO - S3 incremental load vs. full replace
I want to create an S3 connection that will have monthly data stored in individual csv files that is connected to ADO. Around month end, data will be uploaded multiple times, replacing existing csvs. When this happens I want to replace the existing data for that month with the new file. I don't want to have to create a…