The API is now HTTPS-only. If you go to http://api.hubski.com it will either give you the main page, or the 404 page. Only https://api.hubski.com will work. Going to http will very intentionally not redirect to https, for security reasons. When I get around to to it, I'll make http://api.hubski.com return a true 404 or 5xx code.
This will let us do simple token authentication.
And yes, the cert is presently invalid. I'll fix that soon.
So, my next steps are to fix the cert, move user data into SQL, and add a mechanism to login in via the API and get a token, which you can then pass to get private data like mail.
Then, we can make endpoints for all data, including private data. Then, once endpoints exist for all data, we can make things like static sites and mobile apps.
I'm still really busy, so this is all going slower than I'd like. Such is life.