I received this email yesterday from PayPal. Will I need to make any changes besides API?

To avoid service interruptions, please ensure that your systems are upgraded and compatible as testing will occur between now and September 30, 2016.

At PayPal, data security and safety are our top priorities, and as a result we’re implementing a series of security upgrades throughout 2016 and 2017.

To comply with industry standards, we’re moving the SSL certificates on our endpoints to stronger encryption known as SHA-256 starting after September 30, 2016. Compatibility with SHA-256 will help strengthen your protection and ensure that your business systems are up to date with the latest security measures.

If your systems aren’t SHA-256 compatible, your business will be unable to accept payments with PayPal until changes are made. For more details on our transition to SHA-256, please visit our SSL Certificate Upgrade Microsite.

How to Prepare

To prepare for the full cutover starting after September 30, 2016, we’ll be performing a series of tests on our endpoints starting in July 2016. The purpose for the testing is to ensure we’ve helped our merchants prepare for the full transition to SHA-256 happening after September 30, 2016. For a complete list of testing dates and times, please go to SSL Certificate Upgrade Microsite for the details. We’ll follow up with you with a separate email, if you’re impacted during our testing.

Security Upgrades Coming in June 2017

We also wanted to remind you that we’ve rescheduled several of our upgrades to accommodate merchants who couldn’t meet our original timelines. The following schedule shows details of whether your business is already compatible or doesn't use the functionality. If you do need to make security upgrades, the schedule will identify what changes need to be made.

Change
(click hyperlinks for more details) Change required? NEW DEADLINES Complexity
TLS 1.2 AND HTTP/1.1 Upgrade
Yes June 30, 2017 High
IPN Verification Postback to HTTPS
No June 30, 2017 Low
Discontinue Use of GET Method of Classic NVP/SOAP
No June 30, 2017 Low
Merchant API Certificate Credential Upgrade
No Act between January 31, 2016 and January 1, 2018 (depending on your certificate expiry date) Medium

The details on the required changes and how to action them, can be found on our 2016-2017 Merchant Security Roadmap Microsite.

We encourage you to contact your web hosting company, e-commerce software provider, in-house web programmer, or system administrator for assistance with these changes. If you have any questions, please visit our Help pages by clicking Help & Contact at the bottom of any PayPal page. If you have any questions, please go to Contact Us at any www.paypal.com page or Technical Support Portal to submit a ticket. Select “Security Changes (TLS/Certificate)” within the Product drop-down.

Thank you for your support of our commitment to maintain high security standards for all our global customers.
Was this email helpful? Please click here to let us know how we're doing at keeping you informed.

This will not apply to our software as PayPal directly handles the checkout process.

Good
Thanks