Differences between api2.anaplan.com and api.anaplan.com

Hi,

Documentstion is not clear...

What are the differences between api and api2?

Our client tool works with api2 but it doesn’t with api

Thanks for any clarification

Accepted answers

All comments

ben_speight

I think the difference is that api2.anaplan.com doesn't support TLSv1.1 whereas api.anaplan.com does. This may change in the future as TLSv1.1 support may be removed; api2 is set up for customers to test future configuration changes. This should not prevent your client from working with api.anaplan.com, one would usually expect the reverse. One possibility is a firewall detecting this protocol version and closing the connection. I recall IBM's Java runtime having some issues with TLSv1.2 but both these servers support that version. Perhaps the client doesn't deal well with the choice at the negotiation stage. What client are you using? And what is the error?

famores

Hi,

Our client is using Java 1.6 and we can’t upgrade to 1.7.
However we updated to 1.6.191 Which supports TLSv1.x

The weird thing is that api2 works fine again but api raises a handshake exception

jesse_wilson

Hello,

It's possible to have multiple instances of Java installed, for use by other applications. You can install Java 8 (the most current, tested version to work with Anaplan Connect), and update the AnaplanClient file to point to the installation location so you're using the latest version of TLS to communicate with Anaplan.

If this isn't an acceptable solution to the client, you can use the OpenSSL tool to query our API server for the allowed cipher suites to ensure that you're using one that we accept. If there's a handshake error, this could be the cause. That said, I would strongly advise against using Java 6 wherever possible. There are a large number of security vulnerabilities in that version, and exposing it to the internet is very risky.

Thanks

ben_speight

JDK 6 will reach the end of extended support in December 2018. I'd suggest skipping Java 7 and moving straight to 8. JDK6u141 onwards adds TLS v1.1 and v1.2 to the client list of default-enabled protocols, so it should just work out of the box. If your tool (which I don't know anything about unless it's Anaplan Connect) is insisting on a specific TLS version when setting up a connection, that could be a problem. Another thing to look at is changes to the lib/security/java.security file from the defaults. If it is a TLS handshake problem, then specifying -Djavax.net.debug=ssl:handshake may provide more information. All of this assumes that your tool is using the JRE's built-in JSSE provider to implement TLS - I'd need more information to confirm this.

Quick Links

Can you help?

Unanswered questions

A reminder of Bulk Copy - Current year to Prior year version for YoY analysis
A quick reminder of the Bulk Copy functionality. Bulk Copy allows you copy large volumes of data from one slice of a model to another in a single, optimised operation, instead of using formulas or imports. Use case: copy a version (RF1) into a prior year version (PY RF1) using a versions list to allow for year-on-year…
Looking for Anaplan End-Users to take a short survey!
We are looking for Anaplan end-users to provide feedback on their experiences with the Excel add-in. Interested individuals will respond to this 5-minute survey to help us understand personal needs and behavior when using the add-in. The feedback provided by survey takers is essential to the roadmap of Anaplan's products.…
CERTIFICATION BADGES - ANNOUNCEMENT
Anaplan Champions! The Community team just posted this announcement that certification badges may not be showing up on your profile probably until next year. Rest assured, you will get credit once you complete and pass the exams. https://community.anaplan.com/t5/Blog/Badges-Back-Soon/ba-p/123385