The transactional API consists of just three HTTPS endpoints (see, we said it was easy!). You GET or POST (as form data) the parameters (in UTF-8); we do the work and send you some XML indicating what went on.
For best results we suggest you always provide the following HTTP headers:
The X-Forwarded-For header in particular helps FeedBlitz determine the IP and other characteristics of the client. In a solution where the request chain is something like this:
Browser -> Your End User's Site -> Your Servers -> FeedBlitz
Then we ideally want to know the IP address of the host at the very far end, the browser. This is what x-forwarded-for delivers, and it is very good practice when interacting with APIs to provide / extend it as early as possible.
The API requires SSL. As vulnerabilities to SSL become known, some versions of SSL / TLS / ciphers may be deemed insecure. To protect system integrity, FeedBlitz may elect to terminate use of vulnerable SSL protocols and ciphers at any time. In general, we expect you to use modern cryptography. SSL negotiation errors typically manifest as server closed the connection, or unable to connect errors.
From time to time FeedBlitz may elect to migrate end points. As such, we will issue 301 or 302 redirects for GET methods, and 308 redirects for all others (notably, POST). Not all standard HTTP libraries will follow the Location: header in a 308 response; we recommend that you validate whether your language / library handles 308 appropriately, and if it doesn’t extend your implementation to extract the Location and re-POST to it if you get a 308 back.