Differences between api2.anaplan.com and api.anaplan.com

Hi,

Documentstion is not clear...

What are the differences between api and api2?

Our client tool works with api2 but it doesn’t with api

Thanks for any clarification

Accepted answers

All comments

ben_speight

I think the difference is that api2.anaplan.com doesn't support TLSv1.1 whereas api.anaplan.com does. This may change in the future as TLSv1.1 support may be removed; api2 is set up for customers to test future configuration changes. This should not prevent your client from working with api.anaplan.com, one would usually expect the reverse. One possibility is a firewall detecting this protocol version and closing the connection. I recall IBM's Java runtime having some issues with TLSv1.2 but both these servers support that version. Perhaps the client doesn't deal well with the choice at the negotiation stage. What client are you using? And what is the error?

famores

Hi,

Our client is using Java 1.6 and we can’t upgrade to 1.7.
However we updated to 1.6.191 Which supports TLSv1.x

The weird thing is that api2 works fine again but api raises a handshake exception

jesse_wilson

Hello,

It's possible to have multiple instances of Java installed, for use by other applications. You can install Java 8 (the most current, tested version to work with Anaplan Connect), and update the AnaplanClient file to point to the installation location so you're using the latest version of TLS to communicate with Anaplan.

If this isn't an acceptable solution to the client, you can use the OpenSSL tool to query our API server for the allowed cipher suites to ensure that you're using one that we accept. If there's a handshake error, this could be the cause. That said, I would strongly advise against using Java 6 wherever possible. There are a large number of security vulnerabilities in that version, and exposing it to the internet is very risky.

Thanks

ben_speight

JDK 6 will reach the end of extended support in December 2018. I'd suggest skipping Java 7 and moving straight to 8. JDK6u141 onwards adds TLS v1.1 and v1.2 to the client list of default-enabled protocols, so it should just work out of the box. If your tool (which I don't know anything about unless it's Anaplan Connect) is insisting on a specific TLS version when setting up a connection, that could be a problem. Another thing to look at is changes to the lib/security/java.security file from the defaults. If it is a TLS handshake problem, then specifying -Djavax.net.debug=ssl:handshake may provide more information. All of this assumes that your tool is using the JRE's built-in JSSE provider to implement TLS - I'd need more information to confirm this.

Quick Links

Can you help?

Unanswered questions

How can I Delete Users in Administration
Now I faced below warning But I cannot find any delete action for those users I don't need anymore Can I have any action to solve this warning?
Different Subsets of Parent Lists in Input & Output Modules
I have 2 lists used in modelling, In Input module I'm using subset of territories from Country List and subset of Regions from Flat list. But in Output module,Its reversed, I'm using subset of regions from Country list and subset of territories from flat list.How to derive the numbers from input to output module. I do have…
Is there a way to turn off the Show Comments Summary panel in UX pages with Comments?
This shows all comments across all data to all users with access to the UX page. This is not appropriate for any UX which might contain security access sensitive data. Comments on grids and cards ARE security dependent. That works fine. But anyone with access to the page can open this Summary Panel and see ALL comments…