Http Vs. Https
Https is secure way of communicating over the internet. All GET / POST method transaction done using Https protocol
are secure, meaning is no one can decrypt the packet at any node coming across the network.
Packets can only be decrypted at destination.
You can investigate what is being requested to the server using Tools like Fiddler. Try this tool to investigate HTTP and HTTPS GET method request to the server.
For HTTP request you can see all parameters passed to the server but for HTTPS you will see Forbidden message.
Client side integration:
Browser keeps repository of certificates. You can find the Lock Symbol and View the certificate. It contains Validity of it and for which domain it is generated.
You can store this certificates in to local drive by exporting option for future use.
If Client (e.g windows service) other than browser is requesting the server via Https, client needs to pass these certificates along with the request.
Who provides security certifictes:
Follow the installation instruction provided with certificate to get it installed properly.
Certificates are domain specific and not specific to IP. If you purchase the certificate for domain www.yourdomain.com, that would be valid to www.yourdomain.com and not for subdomains coming under http://yourdomain.com.
If I want to access data using HttpS protocol do I need to purchase security certificate?
No, You need to install the certificates provided by API at your end and send it along with the request.