APIs Probably Shouldn't Redirect HTTP to HTTPS

I was suddenly much more afraid of widespread router takeover botnets with DNS MITMs re-emerging after stumbling on this. Started thinking about the cheer number of API traffic today combined with the realisation that some of it may be using plain text by mistake because of this redirect practice. :(