Hello,
Thanks for your continued interest and use of the PagerDuty API.
We're writing to let you know that as of November 4th, 2015, we will be discontinuing the ability to authenticate against the API using HTTP Basic Authentication (PagerDuty username and password), which has been deprecated since mid-2014.
We are doing this to improve security of PagerDuty accounts by limiting the spread of PagerDuty user passwords, which are difficult to audit and revoke should they become compromised.
Additionally, the need to authenticate a user via HTTP Basic Authentication imposes a performance penalty on every API request due to the robust hashing techniques we use to store and validate user passwords. This is done by design to make brute forcing passwords computationally infeasbile.
Switching away from basic authentication will improve the security of your users' passwords and make your API requests faster.
We've identified your PagerDuty account as one that is likely using HTTP Basic Authentication for automated HTTP requests against our API. The following PagerDuty users on your account are making recurring Basic Authentication requests: ${USER_NAME} ${USER_EMAIL}
If you don't recognize any of these users as being used with a PagerDuty integration or don't believe you are using HTTP Basic Authentication, please let us know and we can investigate further to help identify your integration.
If you are using a third-party client, tool, or library to connect to PagerDuty, check with the vendor/maintainer for an updated version that supports API Token Authentication. If you maintain such an integration internally, your development team can refer to our authentication documentation at https://developer.pagerduty.com/documentation/rest/authentication to learn more about using API Tokens.
Should you have any questions, don't hesitate to reach out. We recommend making the necessary changes well in advance of the November 4th deadline to provide ample time for testing and prevent any interruption in service.