I have a whole shop set up under https (unsecure and secure URL set to https), because 1) I do not see why not and 2) I use a theme from themeforest which has problems with mixing http and https (exclamation mark in the address bar because of mixed secure and unsecure content, and ugly security warning when putting stuff into the shopping cart).
Unfortunately, the shop POS system can ONLY use the API via http (yes, seems out of date and risky, but they won't change it).
I tried playing around with the .htaccess and rewrite everything under /api from https to http, but did not find a solution, the whole system goes into a redirect loop. I guess the problem lies between the htaccess redirect and the Magento internal redirection system.
Since this is a very specific problem, I did not really find a solution, even after googling for hours.
Can anybody give me pointers on what possibilities I have in order to achieve a complete https setup with just the API URLs unsecure?
Best Answer
Ok, didn't test this but should work. Since the API doesn't work on a store level (it uses 0) you could set the base urls to
httpson all websites but leave it ashttpon global scope.Please find attached some amazing artwork that explains what I mean.